GDPR Privacy Policy

Wendi Lazar Law PC ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This General Data Protection Regulation (GDPR) Privacy Policy explains how we collect, use, disclose, and safeguard personal data of individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland when you visit our website or use our professional consulting services.

This policy applies to all personal data processed by Wendi Lazar Law PC, whether collected online through our website or through our professional services engagements. 

Legal Basis For Processing

We process your personal data under the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes

  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract

  • Legal Obligation: Processing is necessary for us to comply with the law

  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests

Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: First name, last name, title, company name

  • Contact Data: Business address, email address, telephone numbers

  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website

  • Usage Data: Information about how you use our website and services

  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences

  • Professional Data: Job title, company information, professional experience, areas of expertise

  • Transaction Data: Details about services we have provided to you

How We Collect Your Personal Data

We collect personal data through:

  • Direct Interactions: You may provide us with your identity, contact, and professional data by filling out forms on our website, corresponding with us by email, phone, or otherwise, or engaging our services

  • Automated Technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns

  • Third Parties: We may receive personal data from analytics providers, advertising networks, and search information providers

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we use your personal data:

  • To provide and deliver our professional consulting services

  • To manage our relationship with you, including notifying you about changes to our terms or privacy policy

  • To respond to your inquiries and communicate with you

  • To improve our website, services, and client relationships

  • To deliver relevant website content and marketing communications

  • To comply with legal and regulatory obligations

  • To protect our business interests and legal rights

Data Sharing And Disclosure

We may share your personal data with: 

  • Service Providers: Third-party vendors who perform services on our behalf, such as IT support, email delivery, hosting services, and analytics providers

  • Professional Advisors: Lawyers, accountants, auditors, and other professional advisors

  • Regulatory Authorities: Government bodies and law enforcement agencies as required by law

  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Data Transfers

As a U.S.-based company, personal data collected from individuals in the EEA, UK, or Switzerland will be transferred to and processed in the United States. We ensure that appropriate safeguards are in place for such transfers, which may include:

  • Standard Contractual Clauses approved by the European Commission

  • Adequacy decisions recognizing that certain countries provide adequate protection

  • Other lawful transfer mechanisms as permitted under GDPR 

Data Security 

We have implemented appropriate technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include: 

  • Encryption of data in transit and at rest

  • Regular security assessments and updates

  • Access controls limiting who can access personal data

  • Employee training on data protection

  • Incident response procedures 

However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.  

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data

  • The potential risk of harm from unauthorized use or disclosure

  • The purposes for which we process your personal data

  • Whether we can achieve those purposes through other means

  • Applicable legal requirements

Generally, we retain client data for seven years after the end of our business relationship, unless a longer retention period is required or permitted by law.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request copies of your personal data

  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete

  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions

  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions

  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions

  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions

  • Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month, although this period may be extended by two additional months where necessary, taking into account the complexity and number of requests.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.

For individuals in the UK, individuals can contact the Information Commissioner's Office (ICO) at www.ico.org.uk.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use and how to manage your cookie preferences, please refer to our separate Cookie Policy. 

Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 16, we will take steps to delete such information as quickly as possible.

Changes to This Policy 

We may update this GDPR Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post any changes on this page and update the "Last Updated" date. We encourage you to review this policy periodically.

If we make material changes to this policy, we will provide notice through our website or by other means, such as email, as appropriate under the circumstances.

Data Controller Contact Information

Wendi Lazar Law PC acts as the data controller for the personal information we collect and process. If you have any questions, concerns, or requests regarding this GDPR Privacy Policy or our data practices, please contact us at:

  • Wendi Lazar Law PC

  • Attention: Wendi Lazar

  • Phone: 917.596.3454

  • Email: info@wendilazarlaw.com  

We will make reasonable efforts to respond promptly to all inquiries and requests. 

Acknowledgment

By using our website or engaging our services, you acknowledge that you have read and understood this GDPR Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein.

 

Last Updated: March 1, 2026