(A) Who we are: We are Global Immigration Associates P.C., a law firm offering immigration services. If you need it, our registered office is 230 W Monroe, Suite 2800, Chicago, Illinois, 60606, USA. Global Immigration Associates P.C. is the controller of your personal information, and is responsible for your personal information. All references in this policy to “Global Immigration Associates P.C.”, “GIA” “our”, “us” or “we” refer to Global Immigration Associates P.C. All references in this policy to “our website”, refer to the website provided by GIA at https://giafirm.com/. The “Services” refer to both our website and the legal services that we provide.
(B) Our values and what this policy is for: We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information. We also want you to know your rights in relation to your information which you can find further detail on here.
(C) Who this policy applies to: This policy applies to:
1. Visitors to our website and individuals who enquire about our services; and
2. Individuals and employers to which we provide legal representation, and our employer clients (collectively, “Clients”) of GIA for whom petitions are prepared and processed for their individual employees for our.
Depending on our relationship, we will collect and use your information in different ways.
1. How we obtain your personal information;
2. Collection of your personal information and how we use it;
3. Our legal basis for using your personal information;
4. How and why we share your personal information with others;
5. How long we store your personal information;
6. Your rights;
9. Where we may transfer your personal information;
10. Risks and how we keep your personal information secure;
11. Links to other websites;
13. Further questions and how to make a complaint.
(E) Your rights to object: You have various rights in respect of our use of your personal information as set out in section 6. Two of the key rights to be aware of are that:
1. you may ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
2. you may ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person’s, legitimate interest.
You can find out more information in section 6.
1.1 You may provide us with your information voluntarily, or we may collect it automatically from your device through cookies and similar technologies.. We may also receive information about you from your employer and from our service providers, such as Envoy Global Inc. (“Envoy”), which is providing the technology platform and nonlegal services to support our immigration services.
2.1 Visitors to our website and individuals who enquire about our services
(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following information about you:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) information provided when you correspond with us;
(vi) any updates to information provided to us;
(vii) the following information created and recorded automatically when you visit our website:
(A) Technical information. This includes: the Internet Protocol (IP) address used to connect your computer to the internet the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; platform; and similar technical information. We use this personal information to administer our website, to measure the efficiency of our systems and to better understand the locations from which people access our webpages; and
(B) Information about your visit and your behavior on our website . This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as which pages you visit, scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further service or downloads.
(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to allow you to access and use our website;
(ii) for improvement and maintenance of our website and to provide technical support for our website;
(iii) to ensure the security of our website;
(iv) to evaluate your visit to the website and prepare reports or compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive. Such details will be anonymized as far as reasonably possible and you will not be identifiable from the information collected.
The technologies we use for this automatic data collection described above may include:
(a) What personal information we collect about you
(i) We, or third parties on our behalf, will collect and use the following information about you:
(ii) your name;
(iii) your postal address;
(iv) your email address;
(v) your telephone number;
(vi) your government identification number such as social security and drivers license number, state identification card number, passport number, alien registration number, taxpayer identification number)
(vii) your age;
(viii) your gender;
(ix) your date of birth;
(x) your country of birth and citizenship;
(xi) copies of your passports, birth certificates, marriage certificates and degrees;
(xii) information provided when you correspond with us;
(xiii) information provided by immigration authorities and other governmental departments in respect of your immigration application;
(xiv) any updates to information provided to us;
(xvi) any other information required by immigration authorities, other governmental departments, or applicable law to process your immigration application.
(b) How we use your personal information
We will collect, use and store the personal information listed above for the following reasons:
(i) to provide you with our immigration services including preparing the necessary forms and supporting documents to obtain work authorized status in the US for you and (where applicable) your family members;
(ii) to deal with any inquiries you make to us or issues you have about our Services, including to fulfill any data subject rights requests described in Section 6;
(iii) to send you certain communications (including by email or post) about our Services, such as to let you know our terms and conditions and keeping you informed about our fees and charges);
(iv) to send you communications about services that may be relevant to you, including services from us, our partners, and other third parties;
(iv) for internal corporate reporting and business administration purposes, including ensuring adequate insurance coverage;
(v) to secure the Services and our facilities, and to protect the rights and safety of us, our corporate customers, other clients, and the public;
(vi) to comply with any procedures, laws and regulations which apply to us; and
(vii) to establish, exercise or defend our legal rights.
(c) Source of personal information. We may receive some of your personal information from third parties, such as from your employer or a family member.
(d) Special categories of data. Some of the personal information that we collect about you or which you provide to us may be special categories of data. Special categories of data include information about physical and mental health, sexual orientation, racial or ethnic origin, political opinions, philosophical belief, trade union membership and biometric data. We only collect this information when required by immigration authorities, other governmental departments, or applicable law to process your immigration application. We or our service provider, Envoy, will request your consent to collect this information. You may decline to provide this information, but this may result in our inability to process your immigration application.
2.3 Further processing
Before using your personal information for any purposes which fall outside those set out in this section 2, we will assess whether our new use of your personal information is compatible with the purposes set out in this section 2. Please contact us using the details in section 13 if you want further information on the assessment we will undertake.
(c) where legally required (such as when we process special categories of data), with your consent.
If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information.
3.2 If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at firstname.lastname@example.org and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide our immigration services and associated services to you.
5. How long we store your personal information
We keep your personal information for no longer than necessary for the purposes for which the personal information is processed or as required by applicable law. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
6. Your rights
6.1 Individuals in the EU have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at email@example.com at any time. Individuals in the EU have the following rights:
(a) Right of access. You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the United Kingdom or the European Economic Area (“EEA”).
(b) Right to update your information. You have a right to request an update to any of your personal information which is out of date or incorrect.
(c) Right to delete your information. You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13.
We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, using the contact details in section 13.
(d) Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13.
We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 13.
(e) Right to stop marketing: You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
(f) Right to data portability: You have a right to ask us to provide your personal information to a third-party provider of services.
This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.
(g) Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
(h) You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
7.1 You must be aged 18 or over to purchase services from us. Our services are not directed at children and we do not knowingly collect any personal information from children for marketing purposes or any other purposes.
7.2 Please contact us at firstname.lastname@example.org if you are aware that we may have inadvertently collected personal information from a child.
8.1 We may collect and use your personal information for undertaking marketing by email telephone and post if we have a lawful basis to do so.
8.2 If you wish to stop receiving marketing communications, you can contact us by email at email@example.com.
9. Where we may transfer your personal information
9.1 Your personal information may be used, stored and/or accessed by staff operating outside the EEA working for us (specifically in the USA, and India where we are based), to foreign governments or suppliers. Further details on to whom your personal information may be disclosed are set out in section
9.2 For individuals in the European Economic Area. GIA has certified under the EU-U.S. Privacy Shield Framework (the “Privacy Shield”). On July 16, 2020, Europe’s highest court, the CJEU, invalidated the EU-US Privacy Shield with respect to transfers of data between the European Economic Area (“EEA”) and the United States (the decision did not apply to the Swiss-US Privacy Shield, which remains a valid data transfer mechanism for transfers from Switzerland to the US). GIA is taking steps to comply with the CJEU decision, including by entering into Standard Contractual Clauses with its customers and subprocessors upon request. Additionally, GIA will continue to protect EEA, UK, and Swiss data in compliance with the Privacy Shield Principles, as described herein.
(a) GIA is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
(d) Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
(e) We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your personal information with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
(f) In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
(g) GIA’s accountability for personal information that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, GIA remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless GIA proves that it is not responsible for the event giving rise to the damage.
(h) In compliance with the Privacy Shield Principles, GIA commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact GIA by email at firstname.lastname@example.org.
(i) (GIA has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit bbbprograms.org/privacy-shield-complaints for more information and to file a complaint. This service is provided free of charge to you.
(j) If your complaint involves human resources data transferred to the United States from the EEA in the context of the employment relationship, and GIA does not address it satisfactorily, GIA commits to cooperate with the panel established by the EU data protection authorities (“DPA Panel”), as applicable and to comply with the advice given by the DPA Panel, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
(k) If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
9.3 Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting us using the details in section 13.
10. Risks and how we keep your personal information secure
10.1 The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public, information that you would prefer to keep private.
10.2 For this reason, GIA is committed to protecting your personal information from loss, theft and misuse. We take appropriate precautions to safeguard the confidentiality of your personal information, including through use of appropriate organisational and technical measures including but not limited to role-based access control of data stored at a cloud provider for Document Management System as well as the Envoy platform.
10.3 In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make efforts to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.
10.4 Where we have given you (or where you have chosen) a password which enables you to access your Envoy online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
11. Links to other websites
13. Further questions and how to make a complaint
13.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact email@example.com. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information
13.2 EU data subjects may also make a complaint to the Information Commissioner’s Office in the UK, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
4851-3386-4837, v. 13
Updated January 7, 2022