Privacy Policy

Last updated: 2025-08-01

1. Introduction and Data Controller Information

Torres, Batz & Barr (“we,” “our,” or “us”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you visit our website (torresbatzbarr.com) or use our legal services.

Data Controller: Torres, Batz & Barr Locations: CD MX, San Antonio, Madrid

2. Personal Data We Collect

2.1 Information You Provide Directly

• Contact Forms: Name, email address, phone number, message content, preferred contact method
• Newsletter Subscriptions: Email address, name (optional), communication preferences
• Service Inquiries: Legal service requirements, case details, personal and business information
• Client Consultations: Detailed personal, financial, and legal information relevant to your case

2.2 Information Collected Automatically

• Website Analytics: IP address, browser type, device information, pages visited, time spent, referring websites
• Cookies and Tracking: Session data, preferences, marketing tracking (with your consent)
• Communication Records: Email communications, phone call logs, meeting notes

2.3 Third-Party Sources

• Legal Databases: Public records, court filings, regulatory information (when relevant to your case)
• Business Verification: Corporate registrations, financial records (with your authorization)

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR) and applicable Mexican data protection laws, we process your personal data based on:

• Consent: Newsletter subscriptions, marketing communications, non-essential cookies
• Contract Performance: Providing legal services, processing payments, client communications
• Legal Obligation: Compliance with legal and regulatory requirements, court orders
• Legitimate Interest: Website analytics, service improvement, business development (balanced against your privacy rights)

4. How We Use Your Data

4.1 Service Provision

• Providing legal consultation and representation
• Case management and documentation
• Client communication and updates
• Billing and payment processing

4.2 Website and Marketing

• Responding to contact form inquiries
• Sending newsletters and legal updates (with consent)
• Website functionality and user experience improvement
• Analytics and service optimization

4.3 Legal and Compliance

• Maintaining client confidentiality and privilege
• Compliance with legal and regulatory obligations
• Preventing fraud and ensuring service security

5. Data Sharing and Third Parties

We may share your personal data with:

5.1 Service Providers

• Omnisend: Email marketing platform (newsletter subscriptions with consent)
• Google Analytics: Website analytics (anonymized data)
• Cloud Storage Providers: Secure document storage and backup
• Payment Processors: Secure payment handling

5.2 Legal and Professional

• Courts and Legal Authorities: When required by law or court order
• Other Legal Professionals: With your consent for case collaboration
• Regulatory Bodies: For compliance and licensing requirements

5.3 Data Processing Agreements

All third-party processors are bound by strict data processing agreements ensuring:

• GDPR compliance
• Adequate security measures
• Limited data use for specified purposes only
• Data deletion upon contract termination

6. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). When this occurs, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate protection levels
• Standard Contractual Clauses: EU-approved contractual protections
• Certification Schemes: Providers certified under privacy frameworks

7. Data Retention Periods

We retain personal data only as long as necessary:

• Website Analytics: 26 months (Google Analytics default)
• Newsletter Subscriptions: Until you unsubscribe
• Contact Inquiries: 3 years from last contact
• Client Files: 7 years after case closure (Mexican legal requirement)
• Financial Records: 10 years (tax and regulatory requirements)

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Access Right

Request a copy of personal data we hold about you, including:

• Data categories processed
• Processing purposes
• Recipients of data
• Retention periods

8.2 Rectification

Request correction of inaccurate or incomplete personal data.

8.3 Erasure (“Right to be Forgotten”)

Request deletion of your personal data when:

• No longer necessary for original purposes
• You withdraw consent (where consent was the legal basis)
• Data has been unlawfully processed
• Required for legal compliance

8.4 Data Portability

Receive your personal data in a structured, machine-readable format and transmit it to another controller.

8.5 Objection

Object to processing based on legitimate interests, including direct marketing.

8.6 Restriction

Request limitation of processing in specific circumstances.

8.7 Withdrawal of Consent

Where processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact: Torres, Batz & Barr

9. Data Security Measures

We implement appropriate technical and organizational measures:

• Encryption: Data encryption in transit and at rest
• Access Controls: Role-based access to personal data
• Regular Backups: Secure, encrypted data backups
• Staff Training: Regular privacy and security training
• Incident Response: Procedures for data breach notification
• Regular Audits: Security assessments and updates

10. Cookies and Tracking Technologies

10.1 Cookie Categories

• Essential Cookies: Required for website functionality (no consent needed)
• Analytics Cookies: Google Analytics for website improvement (consent required)
• Marketing Cookies: Newsletter and form tracking (consent required)

10.2 Cookie Management

You can control cookies through:

• Our cookie consent banner
• Browser settings
• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

11. Children’s Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the information immediately.

12. Legal Professional Privilege

As a law firm, we maintain strict attorney-client privilege. Personal data related to legal representation is protected under professional confidentiality rules and will only be disclosed as permitted by law or with your explicit consent.

13. Data Breach Notification

In case of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours (where required)
• Inform affected individuals when there is a high risk to their rights and freedoms
• Document all breaches and remedial actions taken

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority:

For EU residents: Your local Data Protection Authority (find yours at: ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm)

For Mexican residents: INAI (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) Website: home.inai.org.mx

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated through:

• Website notification
• Email notification (for newsletter subscribers)
• Direct communication (for active clients)

16. Contact Information

For privacy-related questions or to exercise your rights, contact Torres, Batz & Barr.

This Privacy Policy was last updated on 2025-08-01 and is effective immediately.