PASSRIGHT.COM PRIVACY NOTICE
Last modified: July 16th, 2024
Sapochnick Technologies, Inc. dba PassRight (“Company” or “We”) respect your privacy and commit to protecting it through our compliance with the practices described in this notice.
This notice describes our practices for collecting, using, maintaining, protecting, and disclosing the personal data we may collect from you or that you may provide when you visit our website (our “Website”). This notice applies to the personal data collected through our Website, regardless of the country where you are located.
The Website may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. We do not control these third-party websites, and we encourage you to read the privacy notice of every website you visit.
Please read this notice carefully to understand our policies and practices for processing and storing your personal data. By engaging with our Website, you accept and consent to the practices described in this notice. This notice may change from time to time (see “Changes to Our Privacy Notice”). Your continued engagement with our Website after any such revisions indicates that you accept and consent to them, so please check the notice periodically for updates.
Joint Controllers
The Company’s is the Controller and Processor of all personal data pursuant to this Privacy Policy. Its corporate headquarters are located at San Diego, 540 6th Ave, CA 92101.
With regard to personal data processed in connection with maintaining the Company’s profile on Facebook, please be advised that the controller of your personal data processed by that website is both the Company and Meta Platforms, Inc. acting as joint controllers. All information on the processing of personal data by Company and the rights that you have in relation to the Company can be found in this privacy policy. In any matters related to maintaining your own profile on Facebook, tracking your behavior by Facebook and exercising your rights in this regard, please contact Meta Platforms, Inc. directly. We would like to inform you that by liking our post, i.e. by clicking the “Like” button, you consent to the processing of your personal data.
More information on the joint control and processing of personal data by Meta Platforms, Inc. can be found via the following link: https://www.facebook.com/privacy/policy/.
Data We May Collect About You
We collect and use different types of data from and about you including:
Personal data that we could reasonably use to directly or indirectly identify you, such as your name, postal address, email address, telephone number, nationality, place of birth, national identification number, social security number, United States taxpayer ID, passport number, information regarding the issuance of your passport, United States driver’s license number, and/oor certain other information requested necessary to submit your forms to the USCIS and/or DHS that is collected through the Website (“personal data”).
Personal data that you provide to us through completed forms, email, telephone, or other means pursuant to the services offered by the Company.
Non-personal data that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as demographic information, statistics, or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Website feature.
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, or operating system and platform.
Non-personal details about your Website interactions, including the full Uniform Resource Locators (URLs), clickstream information to, through, and from our Website (including date and time), products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from the page.
If we combine or connect non-personal, demographic, or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.
How We Collect Data About You
We use different methods to collect data from and about you including through:
Direct interactions. You may give us information about you by filling in forms or by corresponding with us by phone, email or otherwise. This includes information you provide when you create an account, subscribe to our service, and when you report a problem with our Website.
Automated technologies or interactions. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns as specified above. We collect this information by using cookies, server logs, and other similar technologies (see “Cookies and Automatic Data Collection Technologies”).
Third parties or publicly available sources. We may receive information about you if you visit other websites employing our cookies or from third parties including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, data brokers, or aggregators.
Cookies and Automatic Data Collection Technologies
Our Website uses cookies (small files placed on your device) or other automatic data collection technologies to distinguish you from other Website users. This helps us deliver a better and more personalized service when you browse our Website. It also allows us to improve our Website by enabling us to:
Estimate our audience size and usage patterns.
Store your preferences so we may customize our Website according to your individual interests.
Speed up your searches.
Recognize you when you return to our Website.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Please review our Cookie Policy for information on how you can opt out of behavioral tracking on this Website and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.
You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, certain parts of our Website may become inaccessible and certain features may not work correctly. Unless you adjust your browser settings to refuse cookies, our system will issue them. For detailed information on the cookies we use and the purposes for which we use them, please review our Cookie Policy which can be found at this link: https://www.passright.com/cookie-policy/.
Our Website pages and emails may contain web beacons (small transparent embedded images or objects, also known as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count website page visitors or email readers, or to compile other similar statistics such as recording Website content popularity or verifying system and server integrity.
How We Use Your Personal Data
We use your personal data to provide you with products, offer you services, communicate with you, facilitate services from our affiliates, or to conduct other business operations, such as using data to improve and personalize your experiences. Examples of how we may use the personal data we collect include to:
Present our Website and provide you with the information, products, services, and support that you request from us.
Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or comply with legal requirements.
Fulfil the purposes for which you provided the data or that were described when it was collected.
Notify you about changes to our Website, products, or services.
Ensure that we present our Website content in the most effective manner for you and for your computer.
Administer our Website and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
Improve our Website, products or services, marketing, or customer relationships and experiences.
Protect our Website, employees, or operations.
Measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you;
Make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.
The Law Offices of Jacob J. Sapochnick, APC (“LOJS”) is a San Diego-based immigration law firm that has common ownership with the Company. We may share your personal data with LOJS to facilitate your potential engagement with LOJS for legal services. For more information, see “Your Personal Data Use Choices.”
We may use non-personal data for any business purpose.
Disclosure of Your Personal Data
We may share your personal data with:
Any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and our affiliates, including the Law Office of Jacob Sapochnick.
Business partners, suppliers, service providers, sub-contractors, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization). We contractually require these third parties to keep that personal data confidential and use it only for the contracted purposes.
To fulfill the purpose for which you provide it. For example, if you have provided information to facilitate the filing of immigration-related applications, we will provide such information to United States Citizenship and Immigration Services and/or the Department of Homeland Security as appropriate.
For any other purposes that we disclose when you provide the data.
With your consent.
We may also disclose your personal data to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
To a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.
To comply with any court order, law, or legal process, including responding to any government or regulatory request.
To enforce or apply our terms of use and other agreements.
To protect the rights, property, or safety of our business, our employees, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity, fraud protection, and credit risk reduction.
We may share non-personal data without restriction.
Consent to Personal Data Transfer
We are based in the United States of America. We may process, store, and transfer the personal data we collect, in and to a country outside your own, with different privacy laws that may or may not be as comprehensive as your own.
By submitting your personal data or engaging with our Website, you consent to this transfer, storing, or processing.
Your Personal Data Use Choices
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We provide you the ability to make certain decisions about your personal data use the following personal data control mechanisms:
Promotional Offers from the Company. If you do not want us to use your contact information to promote our own products and services, or third parties’ products or services, you can opt-out by unsubscribing via the link provided in any email we send to you. This opt out does not apply to information provided to the Company as a result of a transaction with the Company.
Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly. For more information about tracking technologies, please see “Cookies and Automatic Data Collection Technologies.”
Our Website may, from time to time, contain links to and from the websites of our third parties (e.g., through our blogs). If you follow a link to any third-party website, please note that these third parties have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.
Accessing and Correcting Your Personal Data
You can access, review, and change your personal data by emailing compliance@passright.com.
Data Security
The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorized access, use, alteration, or disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website.
Children’s Online Privacy
We do not direct our Website to minors and we do not knowingly collect personal data from children under 18 without consent of their parents or guardians. If we learn we have mistakenly or unintentionally collected or received personal data from a child without appropriate consent, we will delete it. If you believe we mistakenly or unintentionally collected any information from or about a child, please contact us at compliance@passright.com .
Changes to Our Privacy Notice
We will post any changes we may make to our privacy notice on this page. If the changes materially alter how we use or treat your personal data we will notify you by email to the primary email address specified in your account. Please check back frequently to see any updates or changes to our privacy notice.
Rights of Citizens of the EEA
This section applies to citizens of the European Economic Area, free trade area and common market, comprising the countries of the European Union and the European Free Trade Association, with the exception of Switzerland (collectively, the “EEA”).
How and Why We Process Your Data
Purpose of processing | Legal basis | Data recipients | Duration of processing |
Responding to a message sent by e-mail, via Facebook messenger or profile, or over the phone | Article 6 (1) (f), i.e. the legitimate interest of the Controller in handling correspondence and phone calls | IT service providers; Internet providers; hosting providers; Microsoft Ltd. Facebook Ltd. | For the period necessary to consider the matter to which the message relates. |
Presenting an offer (in the case of individuals addressing an inquiry on their own behalf, i.e. B2C) | Article 6 (1) (b) of the GDPR, i.e. processing is necessary to take steps prior to entering into a contract. | IT service providers; Internet providers; hosting providers; | Until you object to the processing. |
Presenting an offer (in the case of individuals addressing an inquiry on behalf of the bodies for which they provide services, i.e. B2B) | Article 6 (1) (f) of the GDPR, i.e. the legitimate interest of the Controller in proposing and establishing business cooperation. | IT service providers; Internet providers; hosting providers; | Until you object to the processing. |
Marketing – the main website | Article 6 (1) (f), i.e. the legitimate interest of the Controller in acquiring and retaining a client | IT service providers; Internet providers; hosting providers; | Until you object to the processing. |
Marketing – promotional mailing, including sending of newsletters | Article 6 (1) (f) of the GDPR, i.e. a legitimate interest consisting in carrying out marketing activities based on your consent obtained in accordance with the Telecom Law and APES. | IT service providers; Internet providers; hosting providers; | Until you object or withdraw your consent expressed in accordance with the Telecom Law and APES. |
Sharing newsletter subscribers’ Personal Data with the Controller’s business partners in the USA | Article 6 (1) (f) of the GDPR legitimate interest pursued by Controller’s business partners from the USA in maintaining Sapochnick Technologies dba PassRight’s business continuity. | Controller’s business partners (assignees of the Controller’s business assets such as database of newsletter subscribers) | Until you object to processing of your Personal Data or until any claims arising under the provisions of civil law become time-barred. |
Marketing – maintaining company profiles on social media platforms (Facebook, Instagram, LinkedIn, YouTube) | Article 6 (1) (f), i.e. the legitimate interest of the Controller in acquiring and retaining a client by publishing promotional posts | IT service providers; Internet providers; hosting providers; Facebook Ltd.; Google Ltd.; Linkedin Ireland Unlimited Company. | Until you object to the processing. |
Marketing – maintaining landing pages | Article 6 (1) (f) of the GDPR, i.e. a legitimate interest consisting in carrying out marketing activities. | IT service providers; Internet providers; hosting providers; Google Ltd. | Ad 1. Until you object to the processing. |
Acceptance of the order in the Shop | Article 6 (1) (b) of the GDPR Taking the necessary steps to enter into a contract with a client. | IT service providers; Internet providers; hosting providers; Stripe Inc. Google Ltd. | For the duration of the contract, its termination and until the expiry of the time limit for pursuing potential claims |
Entering into and performing a contract with a client (processing an order) | Article 6 (1) (a) of the GDPR and, in selected cases, Article 9 (2) (a) and (f) of the GDPR in connection with the client’s consent to processing for the following purposes – to the extent necessary for providing services – to perform a contract – to pursue or defend any claims in connection with performing of a contract. | IT service providers; Internet providers; hosting providers; Payment services providers; Law firms and legal advisors; | Before a service performed is completed, until you withdraw your consent; after the service has been completed, until the expiry of the period for pursuing or defending against any claims. |
Keeping an archive of closed clients’ cases | Article 6 (1) (f) of the GDPR Controller’s legitimate interest in storing clients’ archive documents. | IT service providers; Internet providers; hosting providers. | Until you object to processing of your Personal Data or until any claims arising under the provisions of civil law become time-barred. |
Sharing clients’ Personal Data with the Controller’s business partners in the USA | Article 6 (1) (f) of the GDPR legitimate interest pursued by Controller’s business partners from the USA in maintaining Passright’s business continuity. | Controller’s business partners (assignees of the Controller’s business assets such as client database). | Until you object to processing of your Personal Data or until any claims arising under the provisions of civil law become time-barred. |
Keeping an archive of potential clients (individuals who submitted an inquiry regarding services provided by the Controller) | Article 6 (1) (f) of the GDPR Controller’s legitimate interest in storing potential clients’ contact details. | IT service providers; Internet providers; hosting providers. | Until you object to processing of your Personal Data or until any claims arising under the provisions of civil law become time-barred. |
Sharing potential clients’ Personal Data with the Controller’s business partners in the USA | Article 6 (1) (f) of the GDPR legitimate interest pursued by Controller’s business partners from the USA in maintaining Sapochnick Technologies dba PassRight’s business continuity. | Controller’s business partners (assignees of the Controller’s business assets such as potential clients database) | Until you object to processing of your Personal Data or until any claims arising under the provisions of civil law become time-barred. |
Complaints (defending against or pursuing any claims) | Article 6 (1) (f) of the GDPR legitimate interest in establishing, pursuing or defending claims. | IT service providers; Internet providers; hosting providers; Payment services providers. | Until any claims arising under the provisions of civil law become time-barred. |
Taking steps prior to entering into and performing a contract (contractors) | Article 6 (1) (b) of the GDPR Taking the necessary steps to enter into a contract with a client. | IT service providers; Internet providers; hosting providers; Law firms and legal advisors; | For the duration of the contract, its termination and until the expiry of the time limit for pursuing potential claims |
Performing a contract (contractor’s employees). | Article 6 (1) (f) of the GDPR the Controller’s legitimate interest in coordinating activities with the contractor. | IT service providers; Internet providers; hosting providers; Law firms and legal advisors; | For the duration of the contract, its termination and until the expiry of the time limit for pursuing potential claims |
Running a recruitment process (employees) | Article 6 (1) (a) and (c) of the GDPR the Controller is obligated to process a specific set of data of candidates for work; As regards the data going beyond the set defined in the labour law, the legal basis for the processing of personal data is the candidate’s consent (Article 6 (1) (a) of the GDPR) | IT service providers; Internet providers; hosting providers | 3 months from the date of completion of the recruitment process or until the consent is withdrawn, based on the candidate expressing his or her wish to participate in future recruitments |
Recruitment (contractors and collaborators) | Article 6 (1) (b) of the GDPR, i.e. the legal basis is taking steps prior to entering into a contract with persons engaged in their own business. | IT service providers; Internet providers; hosting providers | 3 months from the date of completion of the recruitment process. |
Organization of projects and events (conferences, trainings, webinars). | Article 6 (1) (f) of the GDPR, i.e. a legitimate interest consisting in carrying out marketing activities. | IT service providers; Internet providers; hosting providers; Bodies cooperating in the organization of events. | Until any claims become time-barred. |
Recording and publishing recordings of organized events (conferences, trainings, webinars). | Article 6 (1) (f) of the GDPR, i.e. the Controller’s legitimate interest consisting in carrying out marketing activities based on your consent within the meaning of the Polish Copyright Act. | IT service providers; Internet providers; hosting providers; Bodies cooperating in the organization of events. | Until you object or withdraw your consent within the meaning of the Polish Copyright Act. |
Acceptance and processing of a request under GDPR | Article 6 (1) (c), i.e. the obligation under the GDPR to provide the data subject with information about the actions taken in connection with his or her request | IT service providers; Internet providers; hosting providers – Law firms and legal advisors; | Until any claims become time-barred. |
Statistics and profiling | Article 6 (1) (f), i.e. the legitimate interest of the Controller in collecting and using statistics in order to improve the range and quality of services offered and communicating customised marketing content in relation to the use of Google Analytics based on your consent obtained in accordance with the Telecom Law | IT service providers; Internet providers; hosting providers, Google Ltd. | Until you object to the processing. |
Rights of data subjects
Each citizen of the EEA whose data is processed has specific rights under the GDPR.
Right to demand access to your personal data
Each person has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, he or she has the right to access them and to obtain some specific information.
The first copy of personal data undergoing processing will be provided to the person at his or her request free of charge. We may charge a reasonable fee for any further copies requested by the data subject due to administrative costs. If you make the request by electronic means, and unless otherwise requested by you, we will provide the information in a commonly used electronic form.
Right to rectify
You have the right to request from us the rectification without delay of your personal data which is inaccurate. You also have the right to request to have incomplete personal data completed, including by means of providing an additional statement.
Right to demand the erasure of personal data
You have the right to request from us to delete your data without delay, and we are obligated to delete it without undue delay where one of the following grounds applies:
your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you have withdrawn the consent on which the processing is based and there is no other legal basis for further processing;
you have objected to the processing and there are no overriding legitimate grounds for the processing;
your personal data have been processed unlawfully;
your personal data have to be erased in order to comply with a legal obligation under the European Union law or under the law of the Member State to which the controller is subject;
your personal data have been collected in connection with the provision of information society services.
In accordance with the GDPR, your data, regardless of your request and the fact that the above conditions are fulfilled, may not be deleted if their processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing under the EU or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defense of legal claims.
Right to demand restriction of processing
You have the right to request from the controller to restrict processing in the following cases:
you contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the data;
the processing is unlawful but you oppose the erasure of your personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but you need the data for the establishment, exercise or defense of legal claims;
you object to the processing pending the verification whether the legitimate grounds on the part of the controller override your reasons for the objection.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your data based on the legitimate interest of the Controller or a third party, or to the processing necessary for the performance of a task carried out for reasons of public interest or in the exercise of official authority vested in the controller, including profiling based on those legal provisions.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the grounds for the establishment, exercise or defence of legal claims.
Right of data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where:
the processing is based on your consent or on a contract and
the processing is carried out by automated means.
The possibility of exercising the right of data portability and having it transmitted by the controller directly to another controller will be realized as far as technically feasible.
According to the GDPR, the exercise of your rights must not adversely affect the rights and freedoms of others.
Right of withdrawal of your consent
If your data is processed on the basis of your consent, you have the right to withdraw such consent at any time. The withdrawal of your consent will not affect the lawfulness of data processing carried out on the basis of your consent before its withdrawal.
If you withdraw your consent, we have the right to further process your data if it is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing under the EU or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;for reasons of public interest in the field of public health;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defense of legal claims.
Right to lodge a complaint
You have the right to submit a complaint to the applicable data protection authority. If you are based in the EEA, please utilize the following link to determine the appropriate administrative body’s contact information: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
Contact Information
Please address questions, comments, and requests regarding this privacy notice and our privacy practices to compliance@passright.com .