This Policy describes how we use, share, and protect the personal information of individuals who use our Platform. It also describes your rights and choices regarding the use, access to, and correction of personal information.

Our website, content, and communications (collectively, “Platform”) may include links to websites and/or applications operated and maintained by third-parties. Please note that we have no control over the privacy practices of websites or applications that we do not own. We encourage you to review the privacy practices of those third-parties.

The types of personal information we obtain about you depends on how you interact with us and our Platform. When we use the term “personal information,” we are referring to information that identifies, relates to, describes, or can be associated with you. The following are the categories and specific types of personal information that we collect:

Personal Identifiers

Including your full name, address, email, phone number, social media handles, or other similar identifiers.

Device Information and Other Unique Identifiers

Including device identifier, internet protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers.

Internet or Other Network Activity

Including browsing or search history, and information regarding your interactions with our Platform.

Payment Information

Including credit or debit card numbers.

User Content

Including your communications with us and any other content you provide (such as images, videos, survey responses, comments, reviews, testimonials, and other content).

Inferences

Inferences drawn from or created based on any of the information identified above.

We collect personal information about you from various sources. For example, we collect and obtain information:

Directly from you

We collect personal information you provide, such as when you sign an engagement letter and become a client, book a meeting or consultation with us, subscribe to our newsletter, access gated content (e.g., cryptocurrency litigation tracker), RSVP for one of our events or webinars, sign up to receive emails and other communications from us, contact us via email, phone, or webform, or otherwise opt in.

Using cookies and other automatic data collection technologies

When you use our Platform, open or click on emails we send you, or interact with our communications and advertisements, we or third-parties we work with automatically collect certain information using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. For more information, please see “Cookies and Similar Tracking Technologies” section below.

From our Third-Party Partners

We obtain information from third-parties that we have partnered with.

From Social Media

If you interact with us on social media in connection with Ashbury or our Platform, we collect information that you share with us, or that the social media platforms share with us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.|

From Other Sources

For example, we may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.

We and our third-party service providers (such as advertising and analytics providers) use cookies, web beacons, pixels, internet tags, and other similar tracking technologies (collectively, “tracking technologies”) to gather information when you interact with our Platform and emails. Some tracking technologies help us maintain the security of our Platform and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions. These tracking technologies are “required” because we need them for the Platform to work properly. We do not provide the option to opt-out of these tracking technologies, but you can remove these “required” tracking technologies by modifying your browser settings. Please note, some features of our Platform may not be available to you as a result.

We permit third-parties to use tracking technologies on our Platform for analytics to understand how visitors interact with our Platform. For example, we use Google Analytics to evaluate Platform traffic and usage data to help us improve our products and services.

In general, personal information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your personal information in the following ways:

Providing Legal Services

We use your personal information to provide and improve our legal services.

Maintaining and Operating the Platform

We use your personal information to operate, improve, and maintain our Platform. We also use your personal information to carry out surveys and research on how our Platform is being used and how we can improve it.

Communicating With You

We use your personal information to communicate with you about your case, billing, and other service-related purposes.

Marketing Purposes

We use personal information for marketing purposes, such as to send newsletters, emails, advertisements, and promotional communications by email.

Security and Fraud Prevention

We use personal information to detect, investigate, prevent, and take action against potential malicious, deceptive, fraudulent, or illegal activity, including attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents, and harm to the rights or property of Ashbury and our clients, employees, or others.

Legal Obligations

We use personal information to comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.

Core Business Functions

We use personal information to support core business functions, including to maintain records related to business process management, to collect amounts owing to us, and to provide and maintain the functionality of our Platform, including identifying and repairing errors or problems.

We disclose personal information only to the third-parties as indicated below, in addition to any specified disclosures described elsewhere in this Policy:

Business Affiliates

We may share your personal information with our business affiliates, including any affiliated companies, subsidiaries, sister companies. Our business affiliates process personal information as our service providers, where necessary to provide the Platform and services that you have requested, including to administer our Platform, or in other circumstances with your consent or as permitted or required by law. We may share the information with our potential partners, investors and other parties with a view to a potential business partnership, collaboration, joint venture or otherwise in furtherance of our business.

Service Providers

We may share your personal information with third-party service providers for business or commercial purposes. Your personal information may be shared so that they can provide us with services, including payments, communications, data analytics, advertising, and marketing. We share your personal information with these service providers only so that they can provide us with services, and we prohibit our service providers from using or disclosing your personal information for any other purpose. Our third-party service providers are subject to strict confidentiality obligations.

Professional Advisors

We may share your personal information with our professional advisors, including legal, accounting, or other consulting services for purposes of audits or to comply with our legal obligations.

Business Transfers

We may disclose personal information to a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Ashbury’s assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which personal information held by Ashbury are among the assets to be transferred.

Law Enforcement and Legal Request

We may disclose personal information to comply with applicable legal and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.

We may share any information collected in accordance with this Privacy Policy with: (i) governmental and other regulatory authorities or the courts in any jurisdiction; (ii) any third party claimants or potential third party claimants; or (iii) your card issuing bank, financial institution and/or payment service provider, to process or resolve any chargeback, payment reversal and/or dispute arising from or in connection with a transaction using our legal services in accordance with our Terms of Service.

Enforcement of Legal Rights

We may disclose personal information to the extent they are necessary to enforce or protect our rights, privacy, safety or property, and/or that of our affiliates, you or others, including enforcing our Terms of Service and any other agreements.

We do not knowingly collect personal information from children under the age of sixteen (16) without authorization by a holder of parental responsibility. If you believe that we may have collected personal information from or about a child under the age of sixteen (16) without such authorization, please contact us at [email protected].

We take the protection of your personal information seriously. Ashbury employees who have access to your personal information are made aware of the importance of keeping it confidential. We care about the security of the information and use various administrative, and technological safeguards to preserve the integrity and security of all information collected through our Platform.

However, no data security measures can guarantee complete security; we also depend on you to take common sense steps to ensure your personal information remains secure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Platform.

In general, we retain your personal information for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In the event that you make a verifiable request to delete your personal information and no exceptions apply, we will no longer retain your personal information. Please note that in many circumstances we are required to retain all, or a portion, of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.

The criteria used to determine our retention periods includes, without limitation:

• The length of time we have an ongoing relationship with you and provide the Platform to you;
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Depending on where you reside or applicable law, you may exercise the rights described below. Please note that some of the rights may vary depending on your country, state, or province of residence.

Accessing, Updating, Correcting, and Deleting Personal Information

You may have the right to request (1) access to and receive details about the personal information we maintain about you and how we process it; (2) update your personal information or correct any inaccuracies; (3) receive a copy of your personal information that we have collected and processed; (4) or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. There may be limitations to these rights based on your specific circumstances and applicable law.

You can submit a privacy rights request by emailing us at [email protected].

Identity Verification

For us to process certain privacy rights requests, we will need to verify your identity to confirm that the request came from you. This is done to protect your identity and personal information. Depending on your request, we will ask for information such as your name and an email address that you have used with Ashbury, or other personal information that you have previously provided to us. For certain requests, we may also ask you to provide other details but in no event will we ever attempt to collect any sensitive personal information such as any financial/banking information or your Driver’s License, Social Security, or Passport numbers.

Ashbury is located in the United States. If you submit personal information to Ashbury your personal information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. By submitting your personal information to us you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not necessarily limited to, the United States.

This section of our Privacy Policy is specifically for California residents and explains how we collect, use, and disclose personal information relating to California residents who are protected under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”). The CCPA and CPRA define “personal information” as any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

Categories of Personal Information We Collect and Our Purposes for Collection and Use

You can find a list of the categories of personal information that we collect in Section 2 titled “What Personal Information We Collect”. For details regarding the sources form which we obtain personal information, please see Section 3 titled “How We Collect Personal Information”. We collect and use personal information for the business or commercial purposes described in Section 5 titled “How We Use Personal Information”.

Categories of Personal Information Disclosed and Categories of Recipients

• We share Personal Identifiers with: service providers and third-parties.
• We share Device Information and Other Unique Identifiers with: service providers and third-parties.
• We share Internet or Other Network Activity with: service providers and third-parties.
• We share Payment Information with: service providers who process payments.
• We share Inferences with: service providers who help administer marketing and personalization.

For more information on how your information is shared, please see Section 3 titled “How We Share Your Personal Information”. We may also need to share any of the above categories of information pursuant to reasons described in Section 5 titled “How We Share Your Personal Information”.

Sale of Personal Information / Do Not Sell or Share

Our use of tracking technologies may be considered a “sale” under California law. You may opt out of the sale and sharing of your personal information by using global privacy control (“GPC”) settings through a compatible web browser or by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of our Platform found within the cookie banner at the bottom of the Platform and selecting your preferences.” If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. We do not knowingly sell the personal information of consumers under 16 years of age.

Categories of personal information disclosed that may be considered a “sale” under California law: Personal Identifiers; Device Information and Other Unique Identifiers; and Internet or Other Network Activity.

Categories of third parties to whom personal information was disclosed that may be considered a “sale” under California law include advertisers and marketing partners, data analytics providers, and social media networks.

Sensitive Personal Information We Collect and Our Purposes for Collection and Use

The CPRA’s definition of sensitive personal information includes the following types of information:

• Social security number, driver’s license number, state identification card number, or passport number;
• A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
• Biometric information processed for the purpose of identifying a consumer; and
• Health and medical information

Right to Limit the Use of Sensitive Personal Information

Ashbury does not collect any sensitive personal information for any individuals. If Ashbury collects your sensitive personal information in the future, we will provide disclosures in this section and a right for you to limit the use of such information.

Retention of Personal Information

For information regarding how long we retain your personal information, please see Section 9 titled “How Long We Retain Your Personal Information”.

Your California Privacy Rights

Under the CCPA and CPRA, California residents have certain rights with respect to personal data about them we have collected. California residents are entitled to contact us to request information about whether we have disclosed personal information to third parties for the third parties’ direct marketing purposes.

California consumers have the right to:

• Request disclosure of the categories and specific pieces of personal information that Ashbury has collected about you;
• Request disclosure of the categories of third-party sources, if any, from which Ashbury has collected personal information about you;
• Disclosure of the business or commercial purpose(s) for which your personal information has been collected by Ashbury;
• Receive a list of the categories of third parties with whom Ashbury has shared your personal information;
• Request that Ashbury delete any personal information that it has collected from you (subject to exceptions)
• Request that Ashbury correct inaccurate personal information that Ashbury has about you;
• Request that Ashbury limit the use of sensitive personal information to only that which is necessary for providing products and services;
• Request to opt-out of automated decision-making, including profiling and targeted advertising; and
• Not be discriminated against by Ashbury (e.g., charged different rates, provided different levels of service, denied goods or services, or suggested any of the preceding) for exercising any of the individual rights granted above.

To exercise any of your rights as a California consumer, you can submit a request to [email protected].

Before complying with your request, we will need to verify that it is you that is making the request. To accomplish this, you will be requested to confirm specific personal information that we already know about you. California consumers are limited to two requests for personal information per twelve (12) month period. Only you or an authorized agent may make a verifiable data subject request related to your personal information. The verifiable data subject request must provide sufficient information and documentation to allow us to verify that you (or an authorized agent) are the person about whom we collected personal information. We will not provide you with personal information if we cannot verify your identity and/or authority to make the data subject request and confirm the personal information belongs to you or the represented individual. We use personal information provided in a verifiable data subject request solely to verify the requestor’s identity or authority to make the request.

We will respond to a verifiable data subject request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period which is an additional forty-five (45) days. We will deliver our response to electronically at the email address in your request. All disclosures we provide will only cover the twelve (12) month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable data subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Notice of Financial Incentive

We offer our customers a loyalty program that provides certain perks, such as rewards and exclusive offers. We may also provide other programs, such as sweepstakes, contest, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or phone number). Because our Programs involve the collection of personal information, they might be interpreted as a “financial incentive” program under California law. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.

This section of this Policy applies only to Clients who is a resident of or uses the Platform from a country that is a Member State of the European Union (“EU Clients”) and supplements the information in the Privacy Policy.

Ashbury is the data controller for processing of personal data as defined under applicable data protection law. For purposes of this Policy, personal information and personal data are used synonymously.

Under the General Data Protection Regulation (“GDPR”) (and subject to any relevant exceptions) you have the right to access, correct, change, delete, restrict, exercise your right to data portability, or object to the processing of personal data.

Legal Basis for Processing

We process personal data for the purposes set out in this Privacy Policy, as described above. Our legal bases to process personal data includes processing that is:

• Necessary for the performance of the contract between you and Ashbury (for example, to provide you with the legal services you request and to identify and authenticate you so you may use the Platform);
• Necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement);
• Necessary for our legitimate interests (for example, to manage our relationship with you and to improve the Platform and our legal services); and
• Based on your consent (for example, to communicate with you about our legal services and provide you with marketing information), which may subsequently be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

You are not required, as a necessity to enter into a contract, to provide us with personal data for processing as described above.

Your EU Rights

As an individual residing in, or located in, the European Union or European Economic Area, you can exercise your GDPR rights. We may first request verification of your identity prior to facilitating the exercise of your rights.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Ashbury might have received the data from Ashbury; what the source of the information was (if you didn’t provide it directly to Ashbury); and how long it will be stored. You have a right to correct the record of your personal data maintained by Ashbury if it is inaccurate. You may request that Ashbury erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Ashbury processes your personal data. When technically feasible, Ashbury will—at your request—provide your personal data to you or transmit it directly to another controller.

Reasonable access to your personal data will be provided at no cost upon request made to Ashbury at [email protected]. If access cannot be provided within a reasonable time frame, the we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied. You can also email us for any questions or complaints concerning the processing of your personal data. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.

If you have any questions or complaints related to our practices with respect to the collection, use, or disclosure of personal information, or if you would like to update your information, please contact us at [email protected].

It is our intent to post any changes we make to our Privacy Policy on this page, with a notice that it has been updated on our main homepage. If we make material changes to how we treat your personal information, we will notify you through a notice on the homepage. The date that this Privacy Policy was last revised is listed at the top of the page. You are responsible for visiting our website and this Privacy Policy to check for any changes.