Privacy Policy

Last Updated: December 16, 2025

Chichyan Law APC (“we,” “our,” or “the Firm”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://chichyanlaw.com or engage with our legal services. This policy complies with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Nevada privacy laws, and applicable attorney-client confidentiality requirements.

1. Information We Collect

1.1 Personal Information

We collect the following categories of personal information:

• Identification Information: Name, alias, postal address, email address, telephone number, driver’s license number, date of birth, Social Security number (when legally required)
• Contact Information: Phone numbers, email addresses, mailing addresses, emergency contact information
• Financial Information: Bank account details, insurance information, payment card information, settlement disbursement details
• Health Information: Medical records, treatment information, injury details, disability information, medical provider contacts
• Legal Case Information: Accident details, police reports, witness statements, photographs of injuries/property damage, insurance claims, correspondence related to your case
• Protected Classification Characteristics: Age, marital status, disability status (when relevant to your case)
• Commercial Information: Transaction history, payment records, billing information
• Internet/Electronic Activity: IP address, browser type, device identifiers, website navigation patterns, pages viewed, time spent on pages, referring website
• Geolocation Data: Physical location data when you access our website or during accident scene investigations
• Employment Information: Employer name, occupation, work history, lost wages documentation
• Professional Information: Prior legal representation, litigation history (when relevant)
• Audio/Visual Information: Video surveillance footage, recorded phone conversations (with consent), photographs, voice recordings

1.2 Sensitive Personal Information

We may collect sensitive personal information including:

• Social Security numbers, driver’s license numbers, or state identification numbers
• Account credentials and passwords for client portals
• Precise geolocation data
• Racial or ethnic origin (when relevant to discrimination claims)
• Health information and medical records
• Contents of mail, email, and text messages (when relevant to your legal matter)

1.3 Automatically Collected Information

Our website uses cookies, web beacons, and similar technologies to automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, links clicked, time spent on site)
• Referral sources
• Session information

2. Sources of Information

We collect personal information from the following sources:

• Directly from you: Through consultation forms, phone calls, emails, client intake forms, and in-person meetings
• Your medical providers: Medical records, treatment notes, billing statements (with your authorization)
• Insurance companies: Your insurance carriers and third-party insurers
• Law enforcement agencies: Police reports, accident reports, investigation records
• Witnesses and experts: Accident witnesses, expert witnesses, investigators
• Public records: Court filings, property records, vehicle registration databases
• Employers: Wage verification, employment records (with your authorization)
• Automated technologies: Cookies, analytics tools, website tracking technologies
• Third-party service providers: Payment processors, document management systems, case management software
• Opposing parties and their counsel: Discovery materials, settlement negotiations
• Other attorneys: Referral sources, co-counsel arrangements

3. How We Use Your Information

We use your personal information for the following business purposes:

3.1 Legal Services

• Providing legal representation and advocacy
• Investigating and evaluating your personal injury claim
• Communicating with you about your case
• Negotiating settlements with insurance companies and adverse parties
• Preparing and filing legal documents
• Representing you in court proceedings and arbitrations
• Coordinating medical treatment and documenting injuries
• Calculating damages and economic losses

3.2 Business Operations

• Processing payments and managing billing
• Maintaining client files and case records
• Complying with legal and regulatory obligations
• Managing our business operations and administration
• Training staff and quality assurance
• Maintaining appointment schedules and calendars

3.3 Website and Communications

• Operating and improving our website functionality
• Responding to inquiries and consultation requests
• Sending case updates, appointment reminders, and legal notices
• Providing customer service and technical support
• Analyzing website usage and performance

3.4 Marketing (with appropriate consent)

• Sending newsletters and legal updates
• Promoting our legal services
• Publishing case results and client testimonials (with explicit consent)

3.5 Security and Fraud Prevention

• Protecting against security threats and fraudulent activities
• Maintaining the security and integrity of our systems
• Investigating and preventing unauthorized access

3.6 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy and as required by law. For active client matters, we retain information for the duration of representation plus the applicable statute of limitations. Closed case files are retained according to California State Bar requirements and our internal retention policies, typically 7-10 years after case closure.
________________________________________

4. How We Share Your Information

We may disclose your personal information to the following categories of third parties:

4.1 Service Providers and Vendors

• Medical providers and treatment facilities
• Expert witnesses and consultants
• Court reporters and legal support services
• Document management and cloud storage providers
• IT support and cybersecurity services
• Payment processors and banking institutions
• Marketing and website analytics providers
• Case management software providers

4.2 Legal and Professional Parties

• Courts, tribunals, and arbitration forums
• Opposing counsel and adverse parties (during litigation/settlement)
• Insurance companies and claims adjusters
• Co-counsel and referring attorneys
• Mediators and arbitrators
• Legal research services

4.3 Required Disclosures

• Law enforcement agencies (when legally required)
• Regulatory authorities and government agencies
• Compliance with court orders, subpoenas, or legal process
• Protection of our legal rights and property
• Prevention of fraud or illegal activities
• Protection of client safety or public safety (when legally permitted)

4.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or business transition, your information may be transferred to the successor entity, subject to attorney-client privilege protections.

4.5 No Sale of Personal Information

We do not and will not sell your personal information to third parties. We do not share personal information for cross-context behavioral advertising purposes.

5. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA/CPRA:

5.1 Right to Know

You have the right to request disclosure of:

• Categories of personal information we collected about you
• Categories of sources from which we collected your information
• Our business or commercial purposes for collecting or selling personal information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we collected about you
• Historical data back to January 1, 2022 (if maintained)

5.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions including:

• Completing the transaction for which the information was collected
• Providing legal services you requested
• Complying with legal obligations
• Internal uses reasonably aligned with your expectations
• Attorney-client privilege and work product protections

5.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

5.4 Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of your sensitive personal information to purposes necessary for performing our legal services.

5.5 Right to Opt-Out

• Right to opt out of the sale/sharing of personal information (though we do not sell or share)
• Right to opt out of automated decision-making technology (ADMT) that produces legal or similarly significant effects

5.6 Right to Non-Discrimination

You have the right to not receive discriminatory treatment for exercising your CCPA/CPRA rights.

5.7 Exercising Your Rights

To exercise these rights, you may:

• Email: morris@chichyanlaw.com
• Phone: +1 (818) 488-9448
• Mail: 400 N Brand Blvd Suite 840, Glendale, CA 91203
• Website: Use our designated “Do Not Sell or Share My Personal Information” link

We will respond to verified requests within 45 days, with a possible 45-day extension if necessary. You will receive visible confirmation once your request has been processed.

5.8 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We will require verification of the agent’s authority to act on your behalf.

6. Nevada Residents’ Privacy Rights

Nevada residents have the right to opt out of the sale of certain covered personal information. While we do not sell personal information, Nevada residents may submit opt-out requests to:

Designated Request Address:

• Email: morris@chichyanlaw.com
• Phone: +1 (818) 488-9448
• Website Form: Use our designated “Do Not Sell or Share My Personal Information” link

We will respond to verifiable requests within 60 days, with a possible 30-day extension if necessary.

7. Attorney-Client Privilege and Confidentiality

7.1 Confidential Communications

All communications between you and Chichyan Law APC are protected by attorney-client privilege and professional confidentiality rules. This privilege:

• Protects your communications from disclosure to third parties
• Encourages full and honest communication with your attorney
• Applies to emails, phone calls, text messages, video conferences, and all forms of electronic communication
• Extends to information you provide to our staff in connection with your representation

7.2 Ethical Obligations

As licensed attorneys, we are bound by the California Rules of Professional Conduct, which require us to maintain the confidentiality of all information related to your representation. Violations of these rules can result in disciplinary action, including disbarment.

7.3 Exceptions to Confidentiality

We may disclose confidential information only in limited circumstances:

• With your informed written consent
• To prevent reasonably certain death or substantial bodily harm
• To establish a claim or defense in a controversy between you and the Firm
• To comply with court orders or applicable law
• To detect and resolve conflicts of interest (with limited disclosure to necessary personnel)

8. Data Security Measures

We implement comprehensive technical, administrative, and organizational security measures to protect your information:

8.1 Technical Security Controls

• Multi-factor authentication for all systems containing client information
• Encryption of sensitive data both in transit (TLS/SSL) and at rest
• Secure firewalls and intrusion detection systems
• Regular security patches and system updates
• Access controls limiting information access to authorized personnel only
• Secure backup systems with encrypted data storage
• Anti-malware and antivirus protection on all devices

8.2 Administrative Security

• Written security policies and procedures governing all data handling
• Employee training on confidentiality, privacy, and data security
• Vendor management protocols requiring contractual security obligations
• Incident response procedures for data breaches
• Regular security audits and assessments
• Access logging and monitoring of systems containing personal information

8.3 Physical Security

• Secure office facilities with controlled access
• Locked file cabinets for physical records
• Clean desk policies for confidential materials
• Secure document destruction procedures
• Visitor sign-in protocols

8.4 Cybersecurity Audits

We conduct regular independent cybersecurity audits covering all technical, administrative, and organizational security measures, as required by CCPA regulations effective January 1, 2026.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality and security
• Analytics Cookies: Help us understand website usage and improve performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: May be used for targeted advertising (with consent)

9.2 Third-Party Services

Our website may use third-party services including:

• Google Analytics for website analytics
• Social media plugins (Facebook, LinkedIn, etc.)
• Live chat functionality
• Video hosting platforms

9.3 Cookie Control

You can control cookies through your browser settings. Note that disabling certain cookies may impact website functionality. To opt out of targeted advertising, you may also visit the Digital Advertising Alliance’s opt-out page at https://optout.aboutads.info/.

9.4 Do Not Track Signals

Our website does not currently respond to “Do Not Track” browser signals. However, you may use the “Limit the Use of My Sensitive Personal Information” link to exercise CCPA rights.

10. Third-Party Links

Our website may contain links to third-party websites, including medical providers, courts, and legal resources. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

11. Children’s Privacy

Our website and services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16 without parental consent. If we become aware that we have collected such information, we will take steps to delete it promptly.

12. Email and Text Message Communications

12.1 Security of Electronic Communications

While we take reasonable precautions to secure electronic communications, email and text messaging are not completely secure. Confidential information transmitted electronically may be intercepted by unauthorized parties.

12.2 Consent to Electronic Communication

By providing your email address or phone number, you consent to receive electronic communications from us regarding your case, including case updates, appointment reminders, and legal notices. You may opt out of marketing communications at any time while still receiving essential case-related communications.

13. Data Minimization and Purpose Limitation

We collect, use, retain, and share only the minimum personal information and sensitive personal information that is reasonably necessary and proportionate to our disclosed purposes. We document all purposes and retention periods and regularly review our data collection practices to ensure compliance.

14. Automated Decision-Making Technology (ADMT)

14.1 Use of ADMT

We may use automated decision-making technology for limited purposes, such as:

• Case intake screening and evaluation
• Document analysis and review
• Legal research assistance
• Scheduling and calendar management

14.2 Your ADMT Rights

If we use ADMT that produces legal or similarly significant effects concerning you, you have the right to:

• Opt out of such profiling
• Request information about the logic involved in the decision-making
• Access information about the significance and consequences

14.3 Risk Assessments

We conduct thorough risk assessments before using ADMT for significant decisions, including stakeholder involvement, documentation, and periodic review as required by CCPA regulations.

15. International Data Transfers

Our services are primarily provided within the United States. If you access our website from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our services, you consent to such transfers.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on our website with a revised “Last Updated” date. Material changes will be communicated to active clients via email or other direct communication methods.

17. Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or to submit privacy-related requests:

Chichyan Law APC
Privacy Officer: Morris Chichyan, Esq.
Email: morris@chichyanlaw.com
Website: https://chichyanlaw.com
Office Address: 400 N Brand Blvd Suite 840, Glendale, CA 91203
Phone: +1 (818) 488-9448

18. California Privacy Protection Agency

If you are a California resident and have concerns about our privacy practices that we have not adequately addressed, you may contact the California Privacy Protection Agency:

California Privacy Protection Agency
Website: https://cppa.ca.gov
Email: regulations@cppa.ca.gov

19. Record-Keeping and Metrics

We maintain records of all consumer privacy requests and our responses for at least 24 months as required by CCPA regulations. Annual metrics regarding privacy requests are available upon request.

By using our website or engaging our legal services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.