Effective Date: August 12, 2024
This Privacy Policy describes how Johnson Law Group, DBA No Bull Law (“JLG DBA NBL,” “we,” “our,” or “us”) collects, uses, and discloses information about you as well as your rights and choices about such use and disclosure, and applies to your use of www.johnsonlawgroup.com and any online service location that posts a link to this Privacy Policy and all features, content, and other services that we own, control, and make available through such online service location (collectively, the “Service”). This Privacy Policy applies only to information collected through our Service and not to information collected offline, except as indicated below, at the time of collection, or where an offline location makes this Privacy Policy available to you.
By using our Service, you consent to our collection, use, and disclosure practices, and other activities as described in this Privacy Policy. If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section below. If you are a resident of Nevada, California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, Virginia, or a data subject in Europe, please see the additional disclosures at the end of the Privacy Policy.
For personal data transferred from the United Kingdom, the European Union, and Switzerland, we will provide appropriate safeguards, such as through use of standard contractual clauses.
What Information Do We Collect?
Information on Behalf of our Clients
We provide legal services to our clients and collect and process information at their direction (“Client Data”). Client Data has historically included client contact details, case matter information, including official documents, and internal communications, among other information. This data is used to provide legal services to our clients, maintain internal business records, manage client relationships, host events, administer client facing applications, maintain internal operating processes, and fulfill regulatory, legal or ethical requirements, among other things as permitted by our client agreements. Such Client Data may be collected via our online client portal (“Client Portal”) where we may receive Client Data and provide case updates or other internal communications.
Client Data, including Client Data collected through the Client Portal, may be shared with service providers and law enforcement (as necessary), among other parties as permitted by our client agreements. Our processing of Client Data is governed by our agreements with our clients, and not this Privacy Policy.
Information You Provide through the Service
We collect information you provide directly via the Service, such as when you request a free case evaluation or speak with us through a live chat. We may use Service Providers (defined below) to collect this information. The information we collect includes information that identifies you personally (whether alone or in combination). Some examples of information we collect include the following:
Contact Information: your name, email address, phone number, physical address, and similar contact information.
Description of your Legal Issues: information about your legal issues, all of which is clearly labeled at the time of collection.
Other Content: We collect the content of messages you send to us, such as questions and information you provide. We also collect the content of your communications as necessary to provide you with the Service.
You may choose to voluntarily submit other information to us through the Service that we do not request, and, in such instances, you are solely responsible for such information.
Information Collected Automatically through the Service
In addition, we automatically collect information when you use the Service. We may use Service Providers to collect this information. Some examples of information we automatically collect include Service use data, including data about the pages you visit, the emails you view, the time of day you browse, and your referring and exiting pages; device connectivity and configuration data, including data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address; and location data, including imprecise location data (such as location derived from an IP address or data that indicates a city or postal code level).
This information is collected through cookies and other tracking technologies incorporated into our Service, including the following:
Cookies, which are placed on your browser when you visit a website, open or click on an email, or interact with an advertisement. Our Service uses session cookies (which expire when you close your browser) and persistent cookies (which expire at a set expiration date or when you manually delete them). We incorporate both first party cookies (which are cookies served directly by us) and third-party cookies (which are cookies served by third parties we work with). We use cookies for a variety of purposes, including to help make our website work, personalize your browsing experience, prevent fraud and assist with security, and perform measurement and analytics.
Pixels (also known as web beacons), which is code embedded in a website, email, or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website or email that contains a pixel, the pixel may permit us or another party to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from other parties that allow us to track analytics and provide additional functionality.
For further details on your choices around cookies and other tracking technologies, see the “Your Privacy Choices” section below.
Information from Other Sources
We also collect information from other sources. The categories of sources vary over time, but have included:
Lead generators, which provide us with your information so that we may contact you to verify your information and evaluate your potential claims.
Publicly-available sources, including data in the public domain.
Social Networks with which you interact.
Information We Infer
We infer new information from other information we collect to generate information about your likely preferences or other characteristics.
Sensitive Information
To the extent any categories of information we collect are sensitive categories of information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of information for purposes of targeted advertising or to make inferences.
What Do We Use Your Information For?
We collect and use information for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our purposes for collecting and using information include the following:
To manage our Service;
To perform services requested by you, such as to respond to your comments, questions, and requests;
To send you transactional emails (the email address you provide may be used to provide you with notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages);
To prevent and address fraud, breach of policies or terms, and threats or harm;
To improve our Service or other JLG DBA NBL websites, apps, marketing efforts, products and services (we continually strive to improve our offerings based on the information and feedback we receive from you);
To personalize your experience (your information helps us to better respond to your individual needs);
To develop and send you direct marketing, including advertisements and communications about our services; and
To fulfill any other purpose disclosed to you and with your consent.
Notwithstanding the above, we may use information from the Service that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Privacy Choices” section below.
Disclosure of Information
We disclose information we collect in accordance with the practices described in this Privacy Policy. The categories of parties to whom we disclose information include the following:
Service Providers. We disclose information to our agents, vendors, and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as operating our Service, conducting our business, data analytics, marketing and advertising, and technical support. Service Providers are prohibited from using your information for any reason other than to provide this assistance, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.
Affiliates. We may disclose your information to our related entities including our parent and sister companies. For example, we may disclose your information to our affiliates for marketing and technical operations.
Partners. We disclose your information to our partners in connection with us conducting our business or providing services to you. For example, we partner with other laws firms to help work on claims subject to laws in various jurisdictions, and the information we provide is confidential and subject to attorney-client privilege.
Facilitating Requests. We disclose information to other parties for purposes of facilitating your requests or enabling enhancements, such as when you choose to disclose information to a social network about your activities on the Service.
Merger or Acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
Security and Compelled Disclosure. We disclose information when we believe release is appropriate to comply with the law or legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also disclose information to enforce our Service policies, or protect ours or others rights, property, or safety.
Consent. We may disclose information to fulfill any other purpose disclosed to you and with your consent.
Notwithstanding the above, we may disclose information from the Service that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Privacy Choices” section below.
Your information, including your mobile information will NEVER be shared with third parties for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Other Parties
We may link to or offer parts of our Service through websites and services controlled by third parties. In addition, we may integrate technologies, including those disclosed in the What Information Do We Collect? section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use. Some examples of where you may interact with a third party include hyperlinks to third party websites and services.
Analytics
Our Service contains Tracking Technologies owned and operated by other parties. For example, we use Tracking Technologies from analytics providers, such as Google Analytics, to help us analyze your use of the Service, compile statistic reports on the Service’s activity, and provide us with other services relating to Service activity and internet usage.
For further information on Tracking Technologies and your rights and choices regarding them, please see the “Information Collected Automatically” and “Your Privacy Choices” sections.
Your Privacy Choices
We provide a variety of ways for you to exercise choice, as described below.
Region Specific Rights
Some regions provide additional rights by law, as described in our region-specific terms. This subsection details how you may exercise some of those rights to the extent they apply to you.
Data Subject Requests. To access, correct, delete, or exercise similar rights available to you in your region with respect to your information, please submit a request through our form here or call our toll-free number at 800-230-7700. For additional information regarding your data subject rights, please see the region-specific terms below.
Communications
Emails. Should you wish to stop receiving further promotional emails from us, please follow the instructions as provided in the promotional emails you receive to click on the unsubscribe link or email us at privacyofficer@johnsonlawgroup.com with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your ongoing business relations with JLG DBA NBL.
Text Messages and Calls. You can opt-out of receiving text messages or calls to your phone number at any time by (i) for text messages, texting “STOP” in response to any text message you receive from us or contacting us as set forth in the section entitled “Contact Us” below and specifying you want to opt-out of text messages; and (ii) for calls, requesting opt-out during any call you receive from us or contacting us as set forth in the section entitled “Contact Us” below and specifying you want to opt-out of calls.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We will not sell any personal information of any clients to any third affiliates.
Please note that your opt-out is limited to the email address and phone number used and will not affect subsequent subscriptions.
Browser and Device Controls
Cookies and Pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.
Preference Signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals. Except as required by law, we do not respond to preference signals.
Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of any third party opt-out tools.
Children
Our Service, products and services are all directed to people who are at least 13 years old or older, and we do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) from children under 13 years of age. If you are a parent or guardian and believe JLG DBA NBL has collected children’s personal information in violation of COPPA, please contact us as set out in the “Contact Us” section below.
How Do We Protect Your Information?
We implement a variety of reasonable administrative, physical, and technical security measures to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.
Retention
We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
International Transfer
We are based in the U.S. and the information we collect is governed by U.S. law. If you are located outside of the U.S., please be aware that the information we collect may be transferred to, stored, used, and otherwise processed in the U.S. and other jurisdictions in accordance with this Privacy Policy, and you agree to such processing. Data protection laws in the U.S. and other jurisdictions may differ from those of your country of residence. If your data is transferred to us from Europe, the United Kingdom, or Switzerland, we will process your personal data subject to appropriate safeguards, such as through the use of standard contractual clauses or the Data Privacy Framework. For additional details on how we process such data. please see the Additional Disclosures for Data Subjects in Europe and Data Privacy Framework section below.
Changes to our Privacy Policy
We reserve the right to revise and reissue this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes on this page. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice on the Service or to your email address.
Contact Us
If you have any questions regarding this Privacy Policy or our data practices, you may contact us using the information below.
By email: privacyofficer@johnsonlawgroup.com
By web form: https://www.johnsonlawgroup.com/contact/
By mail:
Johnson Law Group, DBA No Bull Law
Attention: Data Privacy
2925 Richmond Avenue
Suite 1700
Houston, Texas 77098
United States
This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at privacyofficer@johnsonlawgroup.com.
Additional Disclosures for Nevada Residents
If you are a Nevada consumer, you have the right to direct us not to sell certain information that we have collected or will collect about you. To exercise this right, please email us at privacyofficer@johnsonlawgroup.com.
Additional Disclosures for California Residents
These additional disclosures apply only to California residents. Terms have the meaning ascribed to them in the California Consumer Protection Act as amended by the California Privacy Rights Act (“CPRA”), unless otherwise stated.
Notice of Collection
For the categories of personal information we have collected in the past 12 months, see the What Information Do We Collect? section above, which we have further set out below using California-specific terms:
Contact Identifiers, including name, postal address, email address, and phone number
Characteristics of protected classifications under California or federal law, including gender.
Commercial or transactions information, including description of legal issues, records of products or services purchased, obtained, or considered.
Device Identifiers, including your device’s IP address and Ad ID.
Device Information, including your device’s operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.
Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.
Non-precise location data, such as location derived from an IP address, or data that indicates a city or postal code level.
Inferences drawn from the above information about your predicted characteristics and preferences.
For the categories of sources from which personal information is collected, see the “What Information Do We Collect?” section above. For the specific business and commercial purposes for collecting and using personal information, see the “What Do We Use Your Personal Information For?” section above. For the categories of third parties to whom information is disclosed, see the “Disclosure of Information” section above. For the criteria used to determine the period of time information will be retained, see the Retention section above.
We do not sell your personal information as those terms are defined by the CPRA. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents.
Some of the personal information we collect may be considered sensitive personal information under the CPRA. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.
Right to Know, Correct, and Delete
You have the following rights under the CPRA:
The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which personal information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
The right to correct inaccurate personal information that we maintain about you.
The right to delete personal information we have collected from you.
To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.
Authorized Agent
You can designate an authorized agent to submit requests on your behalf. Except for opt-out requests, we will require written proof of the agent’s permission to do so and verify your identity directly.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
Shine the Light
California’s “Shine the Light” law permits customers who reside in California to request, once per year, disclosure regarding how we share certain of their information with third parties and affiliates for those third parties’ and affiliates’ own direct marketing purposes. If this law applies to you and you wish to obtain further information about our sharing, please contact us as set out in the “Contact Us” section above. Requests must state “California Privacy Rights Request” in the subject line or first line of the description and include your name, street address, city, state, and ZIP code. We are not required to respond to requests made by means other than through the provided email or mail addresses.
Additional Disclosures for Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia
These additional rights and disclosures apply only to residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia. Terms have the meaning ascribed to them in each respective law, as applicable.
Data Subject Requests
You may have the following rights under applicable law:
To confirm whether or not we are processing your personal data, and in some regions, confirm the categories of personal data we have processed
To access your personal data
To correct inaccuracies in your personal data
To delete your personal data
To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
If you are an Oregon resident, you also have the right to:
Receive a list of the specific third parties to which we have disclosed personal data
To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We will respond to your request within 45 days. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
Authorized Agent.
You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.
Consent.
You have the right to revoke consent previously given to us for the processing of your personal data. To revoke consent, write us at the email or postal address set out in the Contact Us section (specifying the consent you wish to withdraw). If you withdraw consent, you may not be able to receive certain services related to that consent.
Appeals.
If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacyofficer@johnsonlawgroup.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:
For Colorado residents, to the Colorado AG at https://coag.gov/file-complaint/
For Connecticut residents, to the Connecticut AG at https://www.dir.ct.gov/ag/complaint/
For Montana residents: https://dojmt.gov/consumer/
For Oregon residents: https://justice.oregon.gov/consumercomplaints/
For Texas residents: https://oag.my.salesforce-sites.com/CPDOnlineForm
For Utah residents: https://attorneygeneral.utah.gov/contact/complaint-form/
For Virginia residents, to the AG at https://www.oag.state.va.us/consumercomplaintform
Additional Disclosures for Data Subjects in Europe and Data Privacy Framework
These additional disclosures and rights apply only to personal data we receive from individuals located in the European Economic Area, Switzerland, or the United Kingdom (collectively, “Europe”). Terms have the meaning ascribed to them in the General Data Protection Regulation (“GDPR”).
Data Controller
Data protection laws in Europe make a distinction between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). JLG DBA NBL acts as a controller with respect to personal data collected as you interact with our Service.
Lawful Basis for Processing
Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us, our Service Providers, our partners, or our clients; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.
Your European Privacy Rights
If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request. For details on our retention practices for personal data, see the Retention section above.
JLG DBA NBL complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (together, the “DPF”) as set forth by the U.S. Department of Commerce. JLG DBA NBL has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. JLG DBA NBL has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. The Federal Trade Commission has jurisdiction over JLG DBA NBL’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
JLG DBA NBL’s responsibility for personal data it receives in reliance on the DPF and subsequent transfers of personal data to third parties is detailed in the DPF Principles. Where JLG DBA NBL relies on the DPF Principles for onward transfers from the EU, UK, and Switzerland, including the onward transfer liability provisions, JLG DBA NBL remains responsible under the DPF Principles for third-party agents processing personal data on its behalf.
In the event that you have any inquiry, dispute, or claim arising out of or relating to our reliance on the DPF, please contact us as set out in the “Contact Us” section below. If we are unable to resolve your complaint regarding personal data transferred in reliance on the DPF directly, you may submit your complaint at no cost to you to JAMS at https://www.jamsadr.com/eu-us-data-privacy-framework. In the event there are residual complaints regarding personal data transferred in reliance on the DPF that have not been resolved by JAMS, or any other means, you may seek a non-monetary remedy through binding arbitration to be provided to you in accordance with the DPF.
To learn more about the DPF, and to view JLG DBA NBL’s certification, please visit https://www.dataprivacyframework.gov/s/participant-search.
Complaints
If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may submit a complaint to the data protection regulator in your jurisdiction. In addition to the contact information above, please contact our:
European Representative:
EUrepresentative@johnsonlawgroup.com
or
Data Protection Officer:
privacyofficer@johnsonlawgroup.com