Privacy Policy
Effective Date: August 12, 2024 This Privacy Policy describes how Johnson Law Group (“JLG,” “we,” “our,” or “us”) collects, uses, and discloses information about you as well as your rights and choices about such use and disclosure, and applies to your use of www.johnsonlawgroup.com and any online service location that posts a link to this Privacy Policy and all features, content, and other services that we own, control, and make available through such online service location (collectively, the “Service”). This Privacy Policy applies only to information collected through our Service and not to information collected offline, except as indicated below, at the time of collection, or where an offline location makes this Privacy Policy available to you. By using our Service, you consent to our collection, use, and disclosure practices, and other activities as described in this Privacy Policy. If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section below. If you are a resident of Nevada, California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, Virginia, or a data subject in Europe, please see the additional disclosures at the end of the Privacy Policy. For personal data transferred from the United Kingdom, the European Union, and Switzerland, we will provide appropriate safeguards, such as through use of standard contractual clauses. What Information Do We Collect? Information on Behalf of our Clients We provide legal services to our clients and collect and process information at their direction (“Client Data”). Client Data has historically included client contact details, case matter information, including official documents, and internal communications, among other information. This data is used to provide legal services to our clients, maintain internal business records, manage client relationships, host events, administer client facing applications, maintain internal operating processes, and fulfill regulatory, legal or ethical requirements, among other things as permitted by our client agreements. Such Client Data may be collected via our online client portal (“Client Portal”) where we may receive Client Data and provide case updates or other internal communications. Client Data, including Client Data collected through the Client Portal, may be shared with service providers and law enforcement (as necessary), among other parties as permitted by our client agreements. Our processing of Client Data is governed by our agreements with our clients, and not this Privacy Policy. Information You Provide through the Service We collect information you provide directly via the Service, such as when you request a free case evaluation or speak with us through a live chat. We may use Service Providers (defined below) to collect this information. The information we collect includes information that identifies you personally (whether alone or in combination). Some examples of information we collect include the following: You may choose to voluntarily submit other information to us through the Service that we do not request, and, in such instances, you are solely responsible for such information. Information Collected Automatically through the Service In addition, we automatically collect information when you use the Service. We may use Service Providers to collect this information. Some examples of information we automatically collect include Service use data, including data about the pages you visit, the emails you view, the time of day you browse, and your referring and exiting pages; device connectivity and configuration data, including data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address; and location data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level). This information is collected through cookies and other tracking technologies incorporated into our Service, including the following: For further details on your choices around cookies and other tracking technologies, see the “Your Privacy Choices” section below. Information from Other Sources We also collect information from other sources. The categories of sources vary over time, but have included: Information We Infer We infer new information from other information we collect to generate information about your likely preferences or other characteristics. Sensitive Information To the extent any categories of information we collect are sensitive categories of information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of information for purposes of targeted advertising or to make inferences. What Do We Use Your Information For? We collect and use information for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our purposes for collecting and using information include the following: Notwithstanding the above, we may use information from the Service that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Privacy Choices” section below. Disclosure of Information We disclose information we collect in accordance with the practices described in this Privacy Policy. The categories of parties to whom we disclose information include the following: Notwithstanding the above, we may disclose information from the Service that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Privacy Choices” section below. Your information, including your mobile information will NEVER be shared with third parties for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Other Parties We may link to or offer parts of our Service through websites and services controlled by third parties. In addition, we may integrate technologies, including those disclosed in the What Information Do We Collect? section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use. Some examples of where you may interact with a third party include hyperlinks to third party websites and services. Analytics Our Service contains Tracking Technologies owned and operated by other parties. For example, we use Tracking Technologies from analytics providers, such as Google Analytics, to help us analyze your use of the Service, compile statistic reports on the Service’s activity, and provide us with other services relating to Service activity and internet usage. For further information on Tracking Technologies and your rights and choices regarding them, please see the “Information Collected Automatically” and “Your Privacy Choices” sections. Your Privacy Choices We provide a variety of ways for you to exercise choice, as described below. Region Specific Rights Some regions provide additional rights by law, as described in our region-specific terms. This subsection details how you may exercise some of those rights to the extent they apply to you. Communications Please note that your opt-out is limited to the email address and phone number used and will not affect subsequent subscriptions. Browser and Device Controls Children Our Service, products and services are all directed to people who are at least 13 years old or older, and we do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) from children under 13 years of age. If you are a parent or guardian and believe JLG has collected children’s personal information in violation of COPPA, please contact us as set out in the “Contact Us” section below. How Do We Protect Your Information? We implement a variety of reasonable administrative, physical, and technical security measures to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. Retention We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. International Transfer We are based in the U.S. and the information we collect is governed by U.S. law. If you are located outside of the U.S., please be aware that the information we collect may be transferred to, stored, used, and otherwise processed in the U.S. and other jurisdictions in accordance with this Privacy Policy, and you agree to such processing. Data protection laws in the U.S. and other jurisdictions may differ from those of your country of residence. If your data is transferred to us from Europe, the United Kingdom, or Switzerland, we will process your personal data subject to appropriate safeguards, such as through the use of standard contractual clauses or the Data Privacy Framework. For additional details on how we process such data. please see the Additional Disclosures for Data Subjects in Europe and Data Privacy Framework section below. Changes to our Privacy Policy We reserve the right to revise and reissue this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes on this page. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice on the Service or to your email address. Contact Us If you have any questions regarding this Privacy Policy or our data practices, you may contact us using the information below. By email: privacyofficer@johnsonlawgroup.com By web form: https://www.johnsonlawgroup.com/contact/ By mail: This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at privacyofficer@johnsonlawgroup.com. Additional Disclosures for Nevada Residents If you are a Nevada consumer, you have the right to direct us not to sell certain information that we have collected or will collect about you. To exercise this right, please email us at privacyofficer@johnsonlawgroup.com. Additional Disclosures for California Residents These additional disclosures apply only to California residents. Terms have the meaning ascribed to them in the California Consumer Protection Act as amended by the California Privacy Rights Act (“CPRA”), unless otherwise stated. Notice of Collection For the categories of personal information we have collected in the past 12 months, see the What Information Do We Collect? section above, which we have further set out below using California-specific terms: For the categories of sources from which personal information is collected, see the “What Information Do We Collect?” section above. For the specific business and commercial purposes for collecting and using personal information, see the “What Do We Use Your Personal Information For?” section above. For the categories of third parties to whom information is disclosed, see the “Disclosure of Information” section above. For the criteria used to determine the period of time information will be retained, see the Retention section above. We do not sell your personal information as those terms are defined by the CPRA. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents. Some of the personal information we collect may be considered sensitive personal information under the CPRA. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information. Right to Know, Correct, and Delete You have the following rights under the CPRA: To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request. Authorized Agent You can designate an authorized agent to submit requests on your behalf. Except for opt-out requests, we will require written proof of the agent’s permission to do so and verify your identity directly. Right to Non-Discrimination You have the right not to receive discriminatory treatment by us for the exercise of any of your rights. Shine the Light California’s “Shine the Light” law permits customers who reside in California to request, once per year, disclosure regarding how we share certain of their information with third parties and affiliates for those third parties’ and affiliates’ own direct marketing purposes. If this law applies to you and you wish to obtain further information about our sharing, please contact us as set out in the “Contact Us” section above. Requests must state “California Privacy Rights Request” in the subject line or first line of the description and include your name, street address, city, state, and ZIP code. We are not required to respond to requests made by means other than through the provided email or mail addresses. Additional Disclosures for Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia These additional rights and disclosures apply only to residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia. Terms have the meaning ascribed to them in each respective law, as applicable. Data Subject Requests You may have the following rights under applicable law: If you are an Oregon resident, you also have the right to: To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We will respond to your request within 45 days. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers. Authorized Agent. You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly. Consent. You have the right to revoke consent previously given to us for the processing of your personal data. To revoke consent, write us at the email or postal address set out in the Contact Us section (specifying the consent you wish to withdraw). If you withdraw consent, you may not be able to receive certain services related to that consent. Appeals. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacyofficer@johnsonlawgroup.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Additional Disclosures for Data Subjects in Europe and Data Privacy Framework These additional disclosures and rights apply only to personal data we receive from individuals located in the European Economic Area, Switzerland, or the United Kingdom (collectively, “Europe”). Terms have the meaning ascribed to them in the General Data Protection Regulation (“GDPR”). Data Controller Data protection laws in Europe make a distinction between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). JLG acts as a controller with respect to personal data collected as you interact with our Service. Lawful Basis for Processing Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us, our Service Providers, our partners, or our clients; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests. Your European Privacy Rights If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us. To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request. For details on our retention practices for personal data, see the Retention section above. JLG complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (together, the “DPF”) as set forth by the U.S. Department of Commerce. JLG has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. JLG has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. The Federal Trade Commission has jurisdiction over JLG’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. JLG’s responsibility for personal data it receives in reliance on the DPF and subsequent transfers of personal data to third parties is detailed in the DPF Principles. Where JLG relies on the DPF Principles for onward transfers from the EU, UK, and Switzerland, including the onward transfer liability provisions, JLG remains responsible under the DPF Principles for third-party agents processing personal data on its behalf. In the event that you have any inquiry, dispute, or claim arising out of or relating to our reliance on the DPF, please contact us as set out in the “Contact Us” section below. If we are unable to resolve your complaint regarding personal data transferred in reliance on the DPF directly, you may submit your complaint at no cost to you to JAMS at https://www.jamsadr.com/DPF-Dispute-Resolution. In the event there are residual complaints regarding personal data transferred in reliance on the DPF that have not been resolved by JAMS, or any other means, you may seek a non-monetary remedy through binding arbitration to be provided to you in accordance with the DPF. To learn more about the DPF, and to view JLG’s certification, please visit https://www.dataprivacyframework.gov/. Complaints If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the data protection regulator in your jurisdiction. In addition to the contact information above, please contact our: European Representative: or Data Protection Officer: Privacy Policy
Johnson Law Group
Attention: Data Privacy
2925 Richmond Avenue
Suite 1700
Houston, Texas 77098
United States
EUrepresentative@johnsonlawgroup.com
privacyofficer@johnsonlawgroup.com