Data Protection and Privacy Notice

Our Privacy Policy

This Notice has been prepared primarily for the benefit of our clients, prospective clients, or relevant third parties whose personal data we may process in the course of providing legal services. Separate notices are prepared and provided regarding the collection and use of personal data of our employees, job applicants, and former employees, applicable during and after the employment relationship.

Celiksoy Law Firm, PC ("We," "Our Firm") aims to process your personal data in compliance with applicable U.S. federal and state privacy laws, including primarily the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), as well as professional confidentiality obligations. This Data Protection and Privacy Notice explains the types of personal data we may collect about you when you interact with us, and how we store, process, and protect such data.

We understand that this notice is comprehensive; however, we wish to inform you as clearly as possible about your rights and how your data is used by our firm. Please do not hesitate to contact us if you have any further questions.

1) Under What Conditions Do We Process Data?

Although there is no single framework equivalent to "GDPR Article 6" for data processing in the United States, we process personal data for the following purposes and legal bases:

a) Contractual Relationship and Service Provision

To provide legal services, establish and maintain the client relationship, and deliver the services you request.

b) Compliance with Legal Obligations

Identity verification, billing/accounting, fraud prevention, responding to legal requests, and compliance with applicable laws.

c) Legitimate Business Purposes

Operation of business processes, quality control, training, security, auditing, risk management, and service improvement.

d) Explicit Consent (Where Applicable)

For example, in situations such as newsletter subscriptions or certain marketing communications, we may rely on your consent. You may withdraw your consent at any time.

2) When Do We Collect Your Personal Data?

We generally collect your personal data when:

• You provide it directly to us (via email, phone, WhatsApp, web forms, in-person meetings, postal mail)
• It is provided by third parties within the scope of a case (e.g., opposing parties, employers, institutions, experts)
• It is generated automatically through technical data when you visit our website

3) What Types of Data Do We Collect?

A) Information You Provide

You may voluntarily share your personal data with us in the following situations:

• When you contact us through our website
• When you request a consultation
• When you subscribe to our newsletter
• When you interact with us via social media
• When you use our services

B) Data Collected Within the Scope of Client Services

Depending on the nature of the case, we may collect the following data:

• Full name and contact details (address, email, phone number)
• Identity verification data (copies of passport/ID/driver's license, proof of address, etc.)
• Date of birth and biographical information
• Immigration status, application history, education/work history, CV, publications, awards (where required for the case)
• Correspondence and other personal data contained in case files
• Payment and financial information (for billing and accounting purposes)

C) Sensitive Personal Information

Due to the nature of certain cases, the following data may be processed to a limited extent:

• Health data (e.g., medical reports, in asylum/humanitarian applications)
• Special categories of personal data such as race/ethnic origin, religion, political opinions, sexual orientation (only where required for the case)
• Criminal record/conviction information (only where necessary for application/eligibility assessment)

Such data is processed only to the extent necessary, limited to the purpose, and with appropriate security measures.

4) Website and Third-Party Sources

When you visit our website, the following technical data may be collected:

• IP address, device, and browser information
• On-site navigation data, click streams, pages visited
• Approximate location data (IP-based)

This data is processed for purposes such as website security, performance, analytics, and improving user experience. Data may be collected through cookies and similar technologies.

5) CCTV (Closed-Circuit Television Systems)

CCTV may be used in our offices and/or building entrances for security purposes. In this context, image data may be recorded. Camera recordings may be used to:

• Ensure a safe working environment
• Ensure building and staff security
• Assist in the prevention and investigation of crimes

Recordings are not used for automated decision-making purposes and are retained for a reasonable period of time.

6) Telephone Calls and Communication Records

Telephone calls may be recorded for purposes such as improving service quality, training, handling complaints, security, and compliance with legal obligations.

Important: Call recording rules in the United States vary by state. California follows a "two-party consent" approach. Accordingly, where applicable, explicit notice and/or consent is obtained for call recording.

7) How Do We Use Your Data?

We may use your personal data for the following purposes:

• Providing legal advice and representation services
• Client communication, appointment scheduling, and case management
• Identity verification, fraud prevention, and security checks
• Billing, payment processing, and accounting
• Website development, analytics, and service improvement
• Sending newsletters/announcements where you have provided explicit consent

8) Cookies and Analytics

Cookies may be used to analyze web traffic and improve the website experience. Where applicable, a cookie preference mechanism is provided for non-essential cookies.

Our firm may use:

• Essential cookies (website security/basic functions)
• Preference/performance cookies
• Analytics cookies

If you have any queries about the cookies that we use, or would like more information, please contact info@celiksoylaw.com.

9) Use of Artificial Intelligence (AI) and Technology

AI-supported tools or automation solutions may be used to improve service quality. Such use is carried out in compliance with:

• Case confidentiality
• Professional ethical obligations
• Data security principles

The use of AI tools may be limited depending on the nature of the case, and additional safeguards may be applied where necessary.

10) How Do We Protect Your Data?

Your data is protected under attorney–client privilege and professional confidentiality obligations. Measures we apply include:

• Access control and authorization
• Encryption and secure storage
• Cybersecurity measures
• Regular internal audits and risk assessments

However, no system can be guaranteed to be 100% secure.

11) How Long Do We Retain Data?

Retention periods vary depending on the nature of the case, legal obligations, and business needs. In general:

• Client files: reasonable period (in most cases several years, depending on file type)
• Billing/accounting records: periods required by law
• Unengaged matters / preliminary consultation records: limited period
• CCTV / call recordings: purpose-limited, reasonable period

Detailed retention periods may be shared upon request.

12) With Whom Is Your Data Shared?

Data may be shared only to the extent necessary and limited to the purpose, with:

• Translators, experts, consultants
• Couriers/postal services (where required)
• Secure IT service providers (hosting, email, document management, etc.)
• Authorized public authorities or courts (where legally required)

We do not "sell" your personal data. (Within the meaning of "sale/share" under CCPA/CPRA, the firm aims not to share personal data with third parties for marketing purposes.)

13) Where Is Data Processed? (Transfers Outside the U.S.)

Data is primarily processed and stored in the United States. However, due to certain service providers or technical infrastructure we use, data may be processed outside the United States. In such cases, reasonable security measures and contractual safeguards are applied.

14) Your Rights

Our clients may have the following rights under CCPA/CPRA (subject to certain exceptions):

• Right to Know what personal data is collected about you
• Right to Delete personal data
• Right to Correct inaccurate personal data
• Right to Opt-Out of Sale/Share (where applicable)
• Right to Limit Use of Sensitive Personal Information (where applicable)
• Right to Non-Discrimination for exercising your rights

To exercise these rights, you may contact us using the contact details below.

15) Links to Other Websites

Our website may contain links directing you to third-party websites. Our firm is not responsible for the privacy practices of such websites.

17) Changes to This Notice

This Notice may be updated from time to time. Updates will be published on this page. Continued use of our website or continued receipt of services may be deemed acceptance of the updated notice.

16) Contact Information

For information on how your information is used, how we maintain the security of our information, and to exercise your rights to access information we hold on you, please contact us. Similarly, if you believe that the information we hold is wrong or out of date, please let us know and we will update it.

Celiksoy Law Firm, PC
Registered in the State Bar of California.

Address: 8880 Rio San Diego Drive, Suite 800, San Diego, CA 92108
Phone: +1 (972) 897-2242
Email: info@celiksoylaw.com