New York view

PRIVACY STATEMENT

Hoyos & Associates P.C. (“Hoyos & Associates” or “H&A”) is a law firm structured as a New York State Professional Corporation that operates through several professional firms and constituent entities (the “Related Firms”) located worldwide to provide legal and other client-related professional services. The Related Firms are constituted and regulated under relevant local regulatory and legal requirements. Hoyos & Associates is for description purposes only and does not imply that the Related Firms are in a partnership. The responsibility for providing services to the client is defined in writing, whether in a digital or physical format, which outlines terms of engagement between the Related Firm and the client.

In accordance with the customary terminology used in professional services organizations, references to "partner" or "shareholder," as is common, means a person who is a partner, shareholder, or equivalent in a Related Firm, and reference to a “location” means the location of the office of any such Related Firm.

The Hoyos & Associates Web Site(s) and the Information Feed (As defined in the End-User Agreement, which requires prior consent) on the Web App, as well as any Web Site operated for or on behalf of H&A or any Related Firm, are intended for information purposes only. Nothing on the H&A Web Sites is to be considered as creating an attorney-client relationship, any contractual relationship, or rendering legal or professional advice for any specific matter. Readers are responsible for obtaining such advice from their own legal counsel. No client or reader should act or refrain from acting based on any H&A Web Site(s) content without first obtaining matter-specific legal and/or professional advice. H&A and any Related Firm accept no responsibility for any loss or damage, howsoever incurred, which may result from accessing or reliance on content on the H&A Web Site(s) and disclaim, to the fullest extent permitted by applicable law, any or all liability concerning acts or omissions made by clients or readers based on content on the H&A Web Site(s).

If you have any questions about the content on the H&A Web Site, please contact:

Mateo Hoyos, Chief Executive Officer, at mateo@hoyos.law.

The H&A Web Site(s) or Web App may contain links to external Web Sites, and external Web Sites may link to the H&A Web Site(s) or Web App. H&A and the Related Firms are not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, regarding the content or operation of any such external Web Sites.

Some of the H&A Web Site(s) and the Web App content may constitute attorney advertising within the meaning of the applicable bar rules. As applicable, the following statement is made in accordance with those rules:

ATTORNEY ADVERTISING. PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME.

Anti-corruption and anti-bribery

H&A must comply with various anti-corruption and anti-bribery laws across many jurisdictions, including, but without limitation, the US Foreign Corrupt Practices Act. The Firm, its lawyers, employees, clients, and suppliers have various obligations under these laws. We comply with these obligations and advise our clients on how to comply. As a Firm, we have robust policies, training, and procedures to ensure compliance with anti-corruption and anti-bribery laws globally, where applicable.

E-mail Communications

NOTICE: If you have received an e-mail from H&A, the e-mail message and all attachments transmitted with it are intended solely for the use of the addressee and may contain legally privileged and confidential information. If the reader of the message is not the intended recipient or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, copying, or other use of the message or its attachments is strictly prohibited. If you have received a message in error, please notify the sender immediately by replying to the message and delete it from your computer.

PLEASE NOTE that we and an external service provider will automatically scan all incoming emails to eliminate unsolicited promotional emails (“spam”). This could result in the deletion of a legitimate email before its intended recipient at our firm reads it. Please let us know if you have concerns about this automatic filtering.

Information About Fraudulent Emails and Phone Calls Referencing H&A

H&A is a law firm that operates directly in three (3) jurisdictions and indirectly in various locations, employing lawyers and support staff in these jurisdictions. Our Firm may sometimes attract the attention of unscrupulous individuals who falsely claim to work for H&A and/or use our Firm’s name to advance fraudulent schemes against innocent people.

These sorts of scams and other security risks are rampant on the Internet, and we recommend you take steps to protect yourself and the security of your information. While we routinely report such abuses to law enforcement agencies, the nature, and volume of these scams and frauds make it impossible for our Firm to prevent the misuse of H&A's name and the names of our lawyers.

Among the various recent misrepresentations referencing H&A are:

  1. individuals falsely claiming to be from H&A and making offers of employment or soliciting personal information or job application fees via email (often purporting to conduct “interviews” online via virtual meeting platforms with no in-person or even telephonic interviews) or supposedly on behalf of a company using H&A as a legal reference or point of contact for such purposes; individuals falsely claiming to be from H&A or sending fake invoices seeking payment, including wire transfer instructions;
  2. individuals falsely claiming to be H&A lawyers handling consumer debt collection cases and threatening wage garnishment or arrest if funds are not provided immediately;
  3. individuals falsely claiming to be H&A lawyers requesting to facilitate payment of money urgently for the benefit of a family member who has been in an automobile accident or other emergency;
  4. individuals falsely claiming to be from H&A and forwarding supposed court notices that require an immediate response.

PLEASE NOTE THIS IS NOT AN EXHAUSTIVE LIST OF SCAMS; NEW ONES ARE BEING DEVISED BY CRIMINALS ALL THE TIME.

What should you do? To report a potential e-mail, telephone, or other scam, we recommend you contact the relevant police or government authorities in your jurisdiction. For example, you can file reports in the US with the following government authorities:

If you receive an email or threatening telephone call from someone claiming to be from H&A and offering employment or seeking payment of money or personal information, we suggest:

  • Communicate with such person using only the contact information provided on our Web Site or Web App, www.hoyos.law. Do not communicate via other email addresses, telephone numbers, or text messaging. For example, if the sender is using a non-H&A email address and/or justifies this on the basis that an H&A account is not working, you should insist on contacting the sender only via the contact information on our Web Site.
  • Attempt to independently verify, including by telephone, the legitimacy of the caller’s identity, for example, by contacting the Firm’s General Counsel.
  • Do not send any money to the email sender or caller.
  • Do not provide the email sender or caller with personal or financial information about yourself, such as your bank accounts or credit card numbers.
  • Report the fraudulent email or call to the police or other relevant authorities.

In addition, if you receive a suspicious email referencing our Firm or appearing to be from our Firm (e.g., from a "spoofed" H&A email address, which does not end in “@hoyos.law” ), we suggest the following:

  • Do not open or click on any links contained in the email.
  • Do not open or download any attachments to the email.
  • Do not respond to the email in any way or provide any personal or confidential information in reply to the email.
  • Do not send any money in response to the email.
  • If applicable, forward the suspicious email to your organization’s IT Department and ask that they inspect the message to determine legitimacy.
  • Delete (permanently) the message from your email account.

If you have questions about your computer’s security or suspect it has been compromised, we recommend you contact your information technology support team, computer manufacturer, or Internet service provider.

H&A is not involved in the scams listed above or any other scams. Note that we do not conduct Firm business via web-based email accounts such as gmail.com, hotmail.com, yahoo.com, or personal email addresses. We generally do not conduct firm business through text messages or instant messaging. Neither H&A nor its lawyers or employees can accept any responsibility for the criminal conduct of a third party claiming to use the Firm's name. If you have any concerns or receive suspicious communications referencing H&A, please contact our General Counsel at the telephone number or email address shown on this web page.

Notice of Copyright and Reproduction

Copyright 2024 H&A. All rights reserved.

The content of the H&A Web Sites is protected, the reproduction of reasonable portions of the content of the Web Sites is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are appropriately attributed to H&A, (iii) the portion of the Web Site being reproduced is not altered or made available in a manner that modifies the content of the web site or presents the portion of the web site being reproduced in a false light and (iv) notice is made to the disclaimers included on the Web Site. The permission to re-copy does not allow for incorporation of any substantial portion of the Web Sites in any work or publication, whether in hard copy, electronic, or any other form or for commercial purposes.

This Privacy Statement describes how Hoyos & Associates P.C. and other Related Firms (defined on the Disclaimer web site found here: www.hoyos.law/disclaimers) and affiliates of H&A collect, use, share, and otherwise process Personal Data (as defined below). The controller of your Personal Data is the H&A entity with which you engage (in each case, the “Firm”). The Firm processes personal data about:

  • Visitors to our websites, web applications, mobile applications, and other communication platforms (each a “Site”)
  • Contact persons for our clients and/or prospective clients
  • Contact persons for suppliers of goods and services to the Firm
  • Any other individuals about whom the Firm obtains Personal Data

In this Privacy Statement, “Personal Data” means information that (either in isolation or in combination with other information held by the Firm) enables you to be identified as an individual or recognized directly or indirectly. We want to assure you that we take the security of your Personal Data seriously and have implemented measures to protect it.

Suppose you provide us with Personal Data relating to other persons (such as family members, work colleagues, employees, etc.). In that case, you are responsible for ensuring the relevant individuals are made aware of the terms of this Privacy Statement and that you are legally entitled to provide us with their Personal Data. You are also responsible for ensuring their Personal Data is accurate and up-to-date.

Overview

Unless we expressly state otherwise, the Firm is the controller of the Personal Data we process and is therefore responsible for ensuring that the systems and methods we use comply with data protection laws to the extent applicable to us.

Firm personnel are required to comply with this Privacy Statement and associated Firm policies when dealing with Personal Data. They must also complete data protection training where appropriate to their role.

Summary of Key Points

Collection
We collect Personal Data from various sources to manage our business and commercial relationships on a day-to-day basis.

Use
We use Personal Data to provide our services and respond to inquiries, manage accounts and maintain business operations, provide relevant marketing, and fulfill other business and compliance purposes.

Sharing
We share Personal Data as necessary to provide services, respond to requests, and fulfill other business and compliance purposes.

Marketing Choices
You have control over how we use Personal Data for marketing.

Cookies
We use cookies on our Sites and provide choices regarding their use.

Data Subject Rights
You have certain rights to request access, rectification, deletion, objection, or other actions regarding your Data where applicable law requires.

Data Security
We maintain technical and organizational measures to protect Personal Data from loss, misuse, alteration, or unintentional destruction of Personal Data.

Cross-Border Data Transfers
We provide appropriate protections for cross-border transfers where specified by law.

Other Issues
We provide other information in this Privacy   Statement about (i) the possible consequences for not providing Personal Data, (ii) how we do not engage in automated decision-making that has substantial effects on individuals, (iii) how we handle do-not-track (DNT) signals, (iv) data retention, (v) links to third party websites, (vi) employee and contractor issues; and (vii) changes to this Privacy Statement.

Contact Us 
Please contact us as detailed at the end of this Privacy Statement with any questions.

Collection of Personal Data

We collect the following categories of Personal Data about Site visitors, clients, prospective clients, suppliers, and other third parties:

  • Primary data: Name, gender, title, organization, job responsibilities, phone number, mailing address, email address, contact details, and information about family life (excluding special categories of data), including family, children, hobbies, and interests.
  • Special categories of data: in limited circumstances, where you have provided us with such information as it is necessary for a specific service we are providing to you: religious or other beliefs, racial or ethnic origin,  sexual orientation, health data, and details of trade union membership.
  • Registration data: Newsletter requests, event/seminar registrations, dietary preferences (excluding special categories of data), subscriptions, downloads, and usernames/passwords.
  • Client service data: Personal Data received from clients regarding employees, customers, or other individuals known to clients, invoicing details and payment history, and client feedback.  
  • Marketing data: Individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences.
  • Transaction data: Personal data contained in documents, correspondence, or other materials provided by or relating to transactions, proceedings, or other legal matters on which we advise our clients.
  • Interaction data: Personal data such as contact data, e-mail metadata, and other technical data relating to your interactions with us.
  • Compliance data: Government identifiers, passports or other identification documents, dates of birth, beneficial ownership data, and due diligence data.
  • Job applicant data: Data provided by job applicants or others on our Sites or offline means in connection with employment opportunities, which also may be subject to an additional relevant local recruitment privacy policy.  
  • Device data: Computer Internet Protocol (IP) address, unique device identifier (UDID), cookies and other data linked to a device, and data about usage of our Sites (Usage Data).

We collect Personal Data from several sources, either directly from the data subjects or clients, colleagues, and publicly available sources. Where the Firm receives data about employees, customers, or other individuals from its clients, the Client is responsible for ensuring that any such data is transferred to us in compliance with applicable data protection laws.

Use of Personal Data

The purposes for which we use Personal Data and the legal bases for such processing are as follows:

  • We use primary data, such as registration, client service, and device data, to provide legal advice and respond to inquiries. We need to process your information this way to perform our obligations under our client contracts.
  • To manage our business operations and administer our client relationships, we use primary data, special categories of data, registration data, marketing data, and client service data.  This processing is necessary to perform our obligations under our contracts with clients (e.g., issuing and processing invoices) and suppliers (e.g., managing the supply of goods and services to the Firm).
  • We use device data to make our Sites more intuitive and easy to use.  Our legitimate interests must monitor how our Sites are used to help us improve the layout and information available and provide a better service to our Site users.
  • We use primary, registration, transaction, and device data to protect the security and effective functioning of our Sites and information technology systems. Our legitimate interests must monitor how our Sites are used to detect and prevent fraud, other crimes, and misuse. This helps us ensure that you can safely use our Sites.
  • We use primary, interaction, and device data to expand and maintain our contacts list, better understand how people use our services, and improve the strength of our relationships with clients and other third parties. Our legitimate interests must keep your information accurate and up-to-date to improve the client experience and our relationship with you.
  • To provide relevant marketing, such as information about events or services that may be of interest to you, including legal services, legal updates, client conferences or networking events, and groups of specific interest (e.g., specific types of networking groups), we use marketing data, primary data, special categories of data, registration data, client service data, and device data. Our legitimate interests must process this information to provide you with tailored and relevant marketing updates and invitations.
  • To address compliance and legal obligations, such as complying with the Firm's tax reporting obligations, checking the identity of new clients, and preventing money laundering and/or fraud, we use compliance data, primary data, registration data, transaction data, and device data. This processing is necessary to comply with legal requirements to which we are subject.
  • We use job applicant data and compliance data to consider individuals for employment and contractor opportunities and manage onboarding procedures. The processing is necessary for recruitment and onboarding and for complying with legal obligations to which we are subject and which may be subject to a relevant local recruitment privacy policy.

Use of genAI

The Firm may use generative Artificial Intelligence ("genAI") technology to support processing Personal Data for the purposes referred to in this Privacy Statement. All such genAI technology is subject to robust prior screening to ensure it meets applicable ethical, legal, and contractual requirements, including data privacy and information security. The Firm has adopted appropriate business practices and training for attorneys and business professionals governing the responsible use of genAI technology to ensure that Personal Data remains adequately protected.

Sharing of Personal Data

We may share Personal Data with the following categories of recipients:

  • Affiliates: Hoyos & Associates S.A.S., our Colombian Related Firm, operates under the umbrella of Hoyos & Associates P.C., a New York Professional Corporation with member law firms and affiliates worldwide. Each member firm may share Personal Data with other member law firms and affiliates to provide you with legal services and administer our relationship with you (e.g., invoicing, marketing)  or otherwise as necessary for the purposes described above.
  • Suppliers and service providers: We share Personal Data with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions to carry out the abovementioned purposes.  These include infrastructure and IT services providers, for example, the providers of our client intake system, our finance systems, and our customer relationship management databases; third-party consultants who provide us with support in respect of business analytics and marketing campaigns; and the providers of external venues where we host conferences and events. We require such parties by contract to provide reasonable security for Personal Data and to use and process such Personal Data on our behalf only.
  • Financial institutions: We share personal data concerning invoices and payments with financial institutions.
  • Corporate purchasers: We may share Personal Data with any corporate purchaser or prospect to the extent permitted by law as part of any merger, acquisition, sale of Firm assets, or transition of service to another provider, as well as in the event of insolvency, bankruptcy, or receivership in which Personal Data would be transferred as an asset of the Firm.
  • Mandatory disclosures and legal claims: We share Personal Data to comply with the Firm's tax reporting obligations, comply with any subpoena, court order, or other legal process, and comply with a request from our regulators, governmental request, or any other legally enforceable demand.  We also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.

If you have questions about the parties with which we share Personal Data, please contact us as specified below.

Marketing Choices

You have control regarding our use of Personal Data for direct marketing. In specific markets, you will need to expressly consent before receiving marketing.  In all markets, you can choose not to receive such communications anytime. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication,  please follow the unsubscribe link in the relevant communication or contact us below.

Cookies

We engage certain providers to use cookies, web beacons, and similar tracking technologies (collectively, "cookies") on our Sites.

What are cookies?
Cookies are small amounts of data stored on your browser, device, or viewing page. Some cookies are deleted once you close your browser, while others are retained even after you close your browser so that you can be recognized when you return to a website.

How do we use cookies?
We use cookies and allow certain third parties to place cookies on our Sites to provide the Sites and services, gather information about your usage patterns when you navigate the Sites to enhance your personalized experience, and understand usage patterns to improve our Sites, products, and services.

Cookies on our Sites are generally divided into the following categories:

  • Necessary Cookies: These cookies are essential for the website to function and cannot be switched off in our systems. They are usually only set in response to your actions, which amount to a service request, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work. These cookies do not store any personally identifiable information.
  • Functional Cookies: These cookies enhance the website's functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.
  • Performance Cookies: These cookies allow us to count visits and traffic sources to measure and improve our site's performance. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and, therefore, anonymous. If you do not allow these cookies, we will not know when you visited our site and will be unable to monitor its performance.
  • Targeting Cookies: Our advertising partners may set these cookies through our site. They may use those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store personal information directly but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
  • Social Media Cookies: These cookies are set by a range of social media services we have added to the site to enable you to share our content with your friends and networks. They can track your browser across other sites and build up a profile of your interests. This may impact the content and messages you see on other websites you view. If you do not allow these cookies, you may not be able to use or see these sharing tools.

What are your options if you do not want cookies on your computer?

When you first visit our Sites, you will be asked for your consent to use any cookies that are not strictly necessary. You can manage your choices utilizing the consent management tool provided. If you change your mind, you can adjust your preferences at any time using the manage cookies link in the footer of our Sites.

Data Subject Rights

If you are in the European Economic Area (EEA), you have the following rights:

  • Access. Subject to certain exceptions, you have the right to request a copy of the personal data we are processing about you, which we will provide you with in electronic form. At our discretion, we may require you to provide your identity before providing the requested information.  We may charge a reasonable administration fee if you need multiple copies of your Personal Data.
  • Rectification. You have the right to require that we amend any incomplete or inaccurate Personal Data that we process about you.
  • Deletion. You have the right to request that we delete Personal Data that we process about you unless we are required to retain such data to comply with a legal obligation or to establish, exercise, or defend legal claims.
  • Restriction. You have the right to request that we restrict our processing of your Personal Data where:some text
    • you believe such data to be inaccurate;
    • our processing is unlawful, or
    • We no longer need to process such data for a particular purpose, but we cannot delete it due to a legal or other obligation or because you do not want us to.
  • Portability. You have the right to request that we transmit the Personal Data we hold in respect of you to another controller, where this is:some text
    • Personal information that you have provided to us, and
    • We are processing that data based on your consent or to fulfill our obligations under a contract with you (such as providing legal services).
  • Objection. Where our legal justification for processing your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling, legitimate grounds for the processing that override your interests and rights or if we need to continue to process the data to establish, exercise, or defend a legal claim.
  • Withdrawing Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out of marketing messages that you receive from us.

If you are in the EEA, you also have the right to complain to the local data protection authority if you believe we have not complied with applicable data protection laws.

Data Security

We have implemented technical and organizational measures to safeguard the personal data in our custody and control. Such measures include:

  • Restricting access to Personal Data to staff and service providers on a need-to-know basis;

While we endeavor to always protect our systems, sites, operations, and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be safe from intrusion by others.

You also have an essential role in protecting Personal Data. You should not share any username, password, or other authentication data provided to you with anyone, and we recommend that you do not re-use passwords across more than one website or application.  If you have any reason to believe your username or password has been compromised, please contact us as detailed below.

Cross-Border Data Transfers

We transfer Personal Data to jurisdictions as necessary for the purposes described above, including to jurisdictions that may provide a different level of data protection than your home country.  In particular, our Sites are hosted on servers in the United States. If you are in a non-US jurisdiction, transferring Personal Data is necessary to provide you with the requested information and perform any requested transaction. When you submit personal information to us, you transfer your data across borders.

Concerning transfers originating from the European Economic Area and Switzerland (together "EEA") to the United States and other non-EEA jurisdictions, we implement standard contractual clauses approved by the European Commission and other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the General Data Protection Regulation or other relevant laws. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below.

Contact Us

If you have questions or comments regarding this Privacy Statement or our privacy practices, please contact us here:


Mateo Hoyos, Esq. - Chief Executive Officer
15 MetroTech
Floor 7
Brooklyn, NY 11201
mateo@hoyos.law

Effective date: May 2024