Introduction

Schmidt and Clark LLP is committed to protecting the privacy and security of personal data. This GDPR Privacy Policy outlines how we collect, use, disclose, and safeguard personal data in compliance with the General Data Protection Regulation (GDPR).

Data Controller Information

The Data Controller responsible for processing personal data is:

Schmidt & Clark, LLP

1455 Pennsylvania Avenue,

NW, Suite 400

Washington, DC 20004

Personal Data We Collect

We may collect the following categories of personal data:

  • Identification Information: Such as name, address, email, and phone number.
  • Legal Information: Related to legal cases, claims, and other legal matters.
  • Technical Information: Such as IP address, browser type, and device information.
  • Financial Information: Payment details related to our services.
  • Special Categories of Data: Health information or other sensitive data if relevant to the legal matters we handle.

How We Use Personal Data

We use personal data for the following purposes:

  • Providing Legal Services: To provide and manage legal services related to personal injury lawsuits, medical malpractice, car accidents, etc.
  • Compliance and Legal Obligations: To comply with regulatory requirements and legal obligations.
  • Marketing and Communication: To provide updates and marketing communications, where consent has been given.

Legal Basis for Processing

We process personal data on the following legal bases:

  • Consent: Where you have provided explicit consent.
  • Contractual Obligation: To fulfill a contract with you.
  • Legal Obligation: To comply with legal requirements.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party.

Data Sharing and Transfers

We may share personal data with:

  • Legal Partners and Consultants: To assist in legal matters.
  • Regulatory Authorities: As required by law.
  • Service Providers: Such as IT service providers and payment processors.

We do not transfer personal data outside the European Economic Area (EEA) unless adequate protections are in place.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

Your Rights

Under GDPR, you have the following rights:

  • Access: To request access to your personal data.
  • Rectification: To correct any inaccurate data.
  • Erasure: To request deletion of data (the "right to be forgotten").
  • Restriction: To restrict processing.
  • Portability: To request a copy of your data in a usable format.
  • Objection: To object to processing where applicable.

How to Exercise Your Rights

To exercise any of your rights, please contact our Data Protection Officer at collen.a.clark@schmidtandclark.com

Data Security

We have implemented appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those sites.

Changes to This Policy

We may update this GDPR Privacy Policy. Any changes will be posted on this page, and we encourage you to review it regularly.

Contact Us

For any questions or concerns about this GDPR Privacy Policy, please contact:clmikeschmidt@schmidtandclark.com or (866) 588-0600 at any time.

FAQs:

1. What Rights Do Individuals Have Under GDPR Regarding Their Personal Information?

Individuals have rights including access, rectification, erasure, data portability, and the ability to restrict or object to processing. They can also withdraw consent and lodge complaints with supervisory authorities.

2. How Can I Ensure My Company’s Privacy Policy Complies With GDPR Regulations?

Ensure transparency, clearly outline data processing activities, obtain explicit consent, provide mechanisms for data access and deletion, and regularly update your privacy policy to reflect GDPR requirements.

3. What Are the Potential Penalties for Non-compliance With GDPR?

Non-compliance with GDPR can result in fines up to €20 million or 4% of annual global turnover, whichever is higher, along with reputational damage and legal consequences.