top of page

Our Privacy Policy


Effective: March 23, 2020


This Privacy Policy describes how Ishimbayev Law Firm, P.C. collects and uses your Personal Data through our Web sites and mobile applications pursuant to the EU General Data Protection Regulation (“GDPR”) and other applicable data protection and privacy legislation. This Privacy Policy tells you what Personal Data we collect, why we need it, how we use it and what safeguards are in place to keep it secure. ILF policies reflect our best efforts to adhere to all foreign and domestic, federal and state Online Privacy Protection laws and regulations.


Key Terms

“ILF” “we” “us” and “our” refers to Ishimbayev Law Firm, P.C. 


“ILF Personnel” means ILF’s prospective, present and past partners, employees, consultants and agency staff, and people connected to such persons.


“Personal Data” means information about individuals (including you), and from which such individuals could be identified.


“You” means individuals whose Personal Data we process, including but not limited to, ILF’s clients, ILF’s client personnel, counterparties, counter-party personnel, other solicitors / advisors, witnesses, suppliers, supplier personnel, job applicants and individuals to whom we send marketing communications. “You” does not include ILF Personnel.


Collection of Personal Information

We collect personal information that you voluntarily provide when you visit our Sites. For example, we collect information about you when you: 

  • Sign up to receive advisories, articles, announcements or other communications; 

  • Register for an event; 

  • Apply for a job with ILF; or 

  • Submit a comment or question or otherwise communicate with us through the Sites.


The personal information we collect may include your first and last name, street address, telephone number, email address, communication preferences, password, and other information you submit through the Sites. If you apply for a job through our Sites, we may gather additional information about you, such as your resume, cover letter, work history, reference information, education information, information required to complete a background check and any other information you elect to provide us (e.g., career objectives, willingness to relocate, awards or professional memberships).


We also collect certain information automatically when you visit our Sites (“Technical Information”). Technical Information includes the IP address of your device; the type of browser, device and operating system you use; other identifiers associated with the device you use to access our Sites; the pages you visit and the features you use, including dates and times; and if you navigated from or navigate to another Web site, the address of that Web site. We may collect Technical Information through the use of cookies, clear .gifs, web beacons, local shared objects, Flash cookies or other tags, identifiers or technologies as ­­­­­they may become available or change over time. We may track the total number of visitors to our Sites, the number of visitors to each page of our Sites, whether visitors share our Sites with others, and the domain names of our visitors’ Internet service providers. We may also collect information regarding the effectiveness of our email or other communications, such as whether you open an email we send to you. Please note that third party ad networks and service providers may receive Technical Information and use and disclose such Technical Information for their own purposes, subject to their own privacy policies. You can opt out of delivery of targeted advertising to you by multiple ad networks by visiting Our Sites also use Google Analytics to analyze your website activity. You can opt out of Google Analytics by visiting


Why do we need to collect and use your Personal Data?

We need to collect and use your Personal Data for a number of reasons, the primary purpose being to provide legal advice and services to our clients and which may involve the use of your Personal Data in the following (non-exhaustive) ways:

  • to contact you if you are involved in a matter we are undertaking for a client, whether in your professional or personal capacity;

  • to carry out investigations, risk assessments and client due diligence;

  • to analyze the practices of your employer or other organizations and / or persons with whom you have dealings;

  • to review, draft and disclose correspondence and other documents, including court documents;

  • to instruct third parties on behalf of our clients; and

  • for comparison / analytical purposes and to formulate legal opinions and provide advice.


We may also process your Personal Data for effective business management purposes which may involve the use of your Personal Data in the following (non-exhaustive) ways:

  • to engage and contact suppliers;

  • to carry out internal reviews, investigations, audits;

  • to conduct business reporting and analytics;

  • to advertise and market the services that we provide;

  • to help measure performance and improve our services;

  • for recruitment purposes;

  • for regulatory and legislative compliance and related reporting; and

  • for the prevention and detection of crime.


How We Use Personal Information Collected through the Sites

We use personal information we collect through our Sites to contact you, to provide you with information that you have requested, to provide additional information which we believe may be of interest to you, to perform an activity you have requested (such as to register you for an event or to evaluate an application for a job opportunity), to enhance or improve the Sites, for security purposes, or otherwise to operate our business. 


Sharing of Personal Information

We may share personal information with third parties in the following circumstances:

  • When authorized by you

  • With third party service providers retained to perform services on our behalf. These service providers are not authorized to use or disclose the information except as necessary to provide services to us.

  • If we are required to do so by law or pursuant to legal process or in response to a request from law enforcement authorities or other government officials.

  • When we believe disclosure is necessary or appropriate to prevent physical harm or financial fraud or theft, or in connection with an investigation of suspected or actual illegal activity.

  • In connection with the sale or transfer of all or a portion of our business or assets to a third party.


Special category and criminal records Personal Data

If ILF processes your criminal records Personal Data or special category Personal Data relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health data, biometric data or sexual orientation, we will obtain your explicit consent to those activities unless this is not required by law (because, for example, it is processed for the purpose of exercising or defending legal claims) or the information is required to protect your health in an emergency. Where we are processing Personal Data based on your consent, you have the right to withdraw that consent at any time.


Direct Marketing

We may use your contact details to send you marketing materials, provided we are permitted to do so by law. You always have the right to unsubscribe from any marketing. You can do so by clicking on the relevant link in the next email we send you, or by sending your request to


Who receives your Personal Data?

We may disclose your Personal Data to third parties if, and only when, we have a legal basis to do so. Such recipients include but are not limited to: co-counsel, other solicitors / barristers / experts / foreign law firms whom we instruct on your behalf; ILF’s insurance brokers and underwriters; ILF’s bank, auditors and accountants; ILF’s outsourced IT providers and other suppliers; HMRC; the SRA; the Law Society; the other side / other parties on any given matter (lay and solicitor).


Your Choices and Rights

You may unsubscribe from advisories, articles, announcements and other promotional emails received from us by following the unsubscribe link included at the bottom of each such email or by contacting us at Please note that you may continue to receive non-promotional communications to the extent permitted by law. 


Your browser and your device may enable you to limit the use of cookies and other technologies used to collect Technical Information. You should consult documentation for your browser or device for more information about exercising these options. Please note that you may not be able to use all the features of our Sites if you limit the Technical Information you share with us. 


If you are a California resident you have the right to request information from IFL regarding the manner in which we share certain categories of your personal information with third parties, for the third parties direct marketing purposes. California law provides that you have the right to receive the following information upon request: 

  • Your identifying information maintained by ILF during the preceding calendar year;

  • The categories of information ILF disclosed to third parties for the third parties direct marketing purposes during the preceding calendar year; 

  • The names and addresses of third parties that received such information or if the nature of their business cannot be determined from the name, then examples of the products or services markets. 

You are entered to receive a copy of this information in a standardized format and the information will not be specific to you individually. You may make such a request by emailing


Online Tracking

Our Sites are not designed to respond to "do not track" requests from browsers. 


To request details of the personal information we hold about you or to delete or rectify any inaccurate personal information about you please contact us at We will handle any such request in accordance with applicable law. Please note that we may take reasonable steps to verify your identity before implementing your request. 


How we protect your Personal Data

We have security arrangements in place to guard against unauthorized access, improper use, alteration, destruction or accidental loss of your Personal Data. We take appropriate organizational and technical security measures and have rules and procedures in place to ensure that any Personal Data we hold is not accessed by anyone unauthorized to access it. We have in place, and abide by, a specific information security policy to protect your Personal Data.


When we use third-party organizations to process your Personal Data on our behalf, they must also have appropriate security arrangements, must comply with our contractual requirements and instructions and must ensure compliance with the GDPR and any other relevant data protection legislation.


The use of the Internet creates inherent information security risks, and we are not able to guarantee the security of our Sites. 


Transfers of Personal Information

We may transfer the personal information we collect through the Sites to countries with laws that may be deemed not to provide the same level of data protection as the laws in the country in which you reside. Please note that our primary data processing facilities are located in the United States of America. By submitting personal information through the Sites you consent to the transfer of personal information as described in this Privacy Statement. 


Linked Sites

The Sites may include links to sites operated by external third parties. The inclusion of a link to a third-party site does not imply our endorsement of the site or the products and services offered at such site. Please note that this Privacy Statement does not apply to any such third-party sites. You should consult privacy policies of each site you visit.


Changes and Questions

ILF may revise this Privacy Statement from time-to-time. Please check this page periodically for changes. 


If you have questions about this Privacy Statement or our practices with respect to personal information, please send your request to


EU Data Subjects and the General Data Protection Regulation (GDPR)


Data Controller

ILF is the Data Controller in relation to your Personal Data and is committed to protecting the privacy rights of individuals, including your rights.


Data Protection Manager

ILF is not required under the GDPR to appoint a Data Protection Officer and does not consider it appropriate to do so on a voluntary basis. Our Compliance Officer oversees compliance with our professional responsibilities and with legislative requirements.


ILF must identify a lawful basis for processing your Personal Data which may vary according to the type of Personal Data processed and the individual to whom it relates.


A. Performance of a contract with you (where applicable):

ILF is entitled to process the Personal Data it requires in order to fulfil its obligations under its contract with you. This will be the relevant legal basis if you are an individual client or supplier / other individual with a direct contractual relationship with ILF.


B. Legitimate interests of ILF or a third party:

We process some of your Personal Data on the basis that it is in our legitimate interests and / or the legitimate interests of a third party to do so. This will primarily concern the processing of Personal Data that is necessary to provide legal advice and services to our clients. ILF’s legitimate business interest in such instances is the proper performance of its function as an authorized and regulated provider of legal services. ILF’s clients also have a legitimate interest (and more general right in law) in obtaining legal advice and services.


ILF’s broad interest in the provision of legal services as a basis for processing your Personal Data, and our clients’ corollary interest in the receipt of such services, can be broken down into more discreet categories which may include, but are not limited, to:

  • the interest in contacting individuals relevant to ILF’s work and our clients’ matters, which may involve the use of your Personal Data;

  • the interest in reviewing documents and correspondence that have been disclosed to ILF, ILF’s clients and third parties, which may contain your Personal Data;

  • the interest in reviewing and analyzing all evidence available to ILF and its clients, which may contain your Personal Data;

  • the interest in adducing legal arguments, creating documents and correspondence, which may contain your Personal Data;

  • the interest in disclosing documents and correspondence, which may contain your Personal Data, to various parties in the furtherance of ILF’s clients’ objectives;

  • the interest in instructing third parties on behalf of ILF’s clients;

  • the interest in receiving payment from ILF’s clients and third parties and to facilitate payments to and from ILF’s clients and third parties; and

  • in order to allow for all of the above, the secure management and storage of your Personal Data, within our IT environment and hard copy filing systems.


ILF may also process your Personal Data on the basis that it is necessary for its legitimate business interests in the effective management and running of ILF which may include, but is not limited to: engaging suppliers and supplier personnel; ensuring that its systems and premises are secure and running efficiently; for regulatory and legislative compliance, and related auditing and reporting; for insurance purposes; for recruitment / hiring purposes; for marketing purposes; and to facilitate, make and receive payments.


ILF does not consider that the processing of your Personal Data, on the basis that it is within ILF’s legitimate interests (whatever such interests might be), is unwarranted because of any prejudicial effect on your rights and freedoms or your legitimate interests.


C. Compliance with a legal obligation to which ILF is subject:

In certain circumstances, ILF must process your Personal Data in order to comply with its legal obligations. This might include, but is not limited to, Personal Data required: for tax and accounting purposes; for conflict checking purposes as required by the common law and ILF’s regulators; and for ILF to fulfil its compliance and other obligations under relevant legislation / regulation.


More information relating to legal bases for processing Personal Data can be obtained by contacting us by e-mail at


Is your Personal Data transferred to “third countries” and, if so, what safeguards are in place?

ILF is an organization based outside of the EU. In accordance with this Privacy Policy and the provisions of the GDPR, we may transfer your Personal Data to organizations located in “third countries” (those outside of the EEA). In addition to the security arrangements mentioned above in relation to our engagement of third-party organizations, where such transfers are required we will ensure that your Personal Data is adequately protected, for example, by using a contract for the transfer which contains specific data protection provisions (the “Model Clauses”) that have been adopted by the European Commission or a relevant data protection authority.


How long will your Personal Data be retained by ILF?

It is our policy to retain your Personal Data for the length of time required for the specific purposes for which it is processed by ILF and which are set out in this Privacy Policy. However, we may be obliged to keep your Personal Data for a longer period, for example, where required by our legal and regulatory obligations or in order to ensure we have effective back-up systems. In such cases, we will ensure that your Personal Data will continue to be treated in accordance with this Privacy Policy, restrict access to any archived Personal Data and ensure that all Personal Data is held securely and kept confidential.


What are your rights?

ILF would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:


The right to access – You have the right to request ILF for copies of your personal data. We may charge you a small fee for this service.


The right to rectification – You have the right to request that ILF corrects any information you believe is inaccurate. You also have the right to request ILF to complete the information you believe is incomplete.


The right to erasure – You have the right to request that ILF erases your personal data, under certain conditions.


The right to restrict processing – You have the right to request that ILF restrict the processing of your personal data, under certain conditions.


The right to object to processing – You have the right to object to ILF’s processing of your personal data, under certain conditions.


The right to data portability – You have the right to request that ILF transfers the data that we have collected to another organization, or directly to you, under certain conditions.


If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us:


Via e-mail at:


Or write to at Ishimbayev Law Firm, P.C., 1 World Trade Ctr Ste 8500, New York, NY 10007.


Representative in the European Union

ILF is a non-EU organization and as such is required to appoint an EU-based representative in one of the EU member-states. ILF designated Bartlomiej Milewski to act on ILF’s behalf with regard to ILF’s obligations under GDPR. Bartlomiej Milewski can be contacted via e-mail at or via mail at ul. Mazowiecka 7/17, 00-052 Warszawa, Poland.


How to make a complaint

If you are unhappy with the information provided in this Privacy Policy or have concerns about the way in which ILF processes your Personal Data you may in the first instance email, and if you remain dissatisfied then you may apply directly to the National Data Protection Authority institution located in your country of residence. You can find a list of National Data Protection Authorities established in EU member-states on this website:

bottom of page