GDPR Compliance

What is the GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union that governs how organizations collect, process, store, and protect the personal data of individuals located in the EU and European Economic Area (EEA). It replaced the earlier Data Protection Directive (95/46/EC) and has been in effect since May 25, 2018.

Although Simpson & Mena Law, P.A. is a Florida-based law firm, we are committed to meeting the highest standards of data privacy for all visitors to our website and all individuals who interact with our firm — regardless of their location.

Is Simpson & Mena GDPR Compliant?

Yes. Simpson & Mena Law, P.A. adheres to GDPR principles and is committed to protecting the personal data of all users and prospective clients. We have implemented technical and organizational measures to ensure that personal data is processed lawfully, fairly, and transparently.

Our Privacy Policy and Data Processing Agreement outline in detail the steps we take to safeguard your information.

Our GDPR Commitments

1. Lawful Basis for Processing

We only collect and process personal data when we have a lawful basis to do so. For prospective clients, this typically means processing is necessary to respond to your inquiry or take steps at your request before entering into a legal services agreement. For existing clients, processing is necessary for the performance of our engagement and to comply with legal obligations.

2. Data Minimization

We only collect personal data that is directly relevant and necessary for providing our legal services — including Labor & Employment Law, Immigration, and Real Estate Law. We do not collect excessive data and we limit access to personal information to authorized staff who require it to perform their duties.

3. Right to Access

You have the right to request a copy of the personal data we hold about you. Upon verification of your identity, we will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.

4. Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will promptly update your information upon receiving a valid request.

5. Right to Erasure (Right to Be Forgotten)

You may request deletion of your personal data where there is no compelling reason for us to continue processing it. Please note that this right is subject to exceptions — for example, we may be required to retain certain information to comply with professional obligations under Florida Bar rules or applicable law.

6. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

7. Data Portability

Where technically feasible, you have the right to receive your personal data in a portable format and to transmit that data to another controller.

8. Notification of Data Breach

In the unlikely event of a data breach affecting your personal data, Simpson & Mena will notify affected individuals and relevant supervisory authorities without undue delay (and within 72 hours where feasible), providing detailed information about the nature of the breach, the potential risks, and the steps we are taking to mitigate harm.

Data Protection Officer

Simpson & Mena Law, P.A. has designated a Data Protection Officer (DPO) responsible for overseeing compliance with GDPR and our broader privacy commitments. If you have any questions about how we handle your personal data, wish to exercise any of your data rights, or would like to make a complaint, please contact our DPO:

Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

International Data Transfers

As a U.S.-based law firm, personal data provided to Simpson & Mena may be transferred to and processed in the United States. When we process data of individuals located in the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data during international transfers.

Cookies & Website Analytics

Our website uses cookies and similar technologies to improve your browsing experience and analyze site usage. We obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences at any time through your browser settings. For more details, see our Privacy Policy.

Questions?

If you have any questions or concerns regarding our GDPR compliance, your data rights, or this policy, please do not hesitate to contact us. We are committed to resolving any privacy-related concerns promptly and transparently.