Privacy Policy

Branfman Mayfield Bustarde Reichenthal LLP

Privacy Policy

Bmbr.com (the “Site”) is owned and operated by Branfman Mayfield Bustarde Reichenthal LLP. Melissa Bustarde is the data controller and Privacy Officer, and she can be contacted at: [email protected] or: Branfman Mayfield Bustarde Reichenthal LLP 2011 Palomar Airport Road, Suite 306, Carlsbad, California 92011

Purpose

The purpose of this privacy policy (this “Privacy Policy”) is to inform users of our Site of the following:

  1. The personal data we will collect;
  2. Use of collected data;
  3. Who has access to the data collected;
  4. The rights of Site users; and
  5. The Site’s cookie policy.

This Privacy Policy applies to use of our Site. The European Union’s General Data Protection Regulation (“GDPR”) and California’s California Consumer Privacy Act (“CCPA”) provide protections for consumers in their respective jurisdictions. If you are not a resident or user of the site in the European Union or a California resident then you may not have rights under the GDPR or CCPA. Even though the GDPR or CCPA may not apply to you, we do respect and protect users’ privacy.

Even if you are not a California resident or a resident of the European Union we take steps to protect your private information. However, nothing herein should be taken as an agreement that the CCPA’s protections/remedies shall apply as to use by non-California residents or that the GDPR’s protections/remedies shall apply to non-European Union residents.

General Terms on Privacy

Except as otherwise mandated by law in the applicable jurisdiction, the following General Terms on Privacy shall apply.

Third Party Vendors

We may use third party vendors to perform certain functions, e.g. e-mail services, cloud/data storage providers. Such vendors shall only have access to personal information needed to perform their functions and shall not have authority to use any personal information for any other purpose.

Business Transfers

In the event we sell or transfer some or all of our business or assets, we will provide you with notice before your personal information is transferred and becomes subject to a different privacy policy. The consumer information and user submissions we obtain may be part of such sale or transfer.

Legal Compliance

We may disclose personal or consumer information on a good faith belief that the disclosure is appropriate to comply with the law or protect the user, us, the site or the public.

Children

We do not knowingly collect or use personal data from children under 13 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 13 years of age has provided us with personal data their parent or guardian may contact our Privacy Officer.

How to Access, Modify, Delete, or Challenge the Data Collected

If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the GDPR, please contact our Privacy Officer, Melissa L. Bustarde at:

[email protected] or:
Branfman Mayfield Bustarde Reichenthal LLP
2011 Palomar Airport Road, Suite 306, Carlsbad, California 92011

Do Not Track Notice

Do Not Track (“DNT”) is a privacy preference that you can set in certain web browsers. We do not track the users of our Site over time and across third party websites and therefore do not respond to browser-initiated DNT signals. However, we note that under California law, California residents have the right to opt-out of the sharing of personal information, which can be exercised by contacting us as described in this Privacy Policy. We are not responsible for and cannot guarantee how any third parties who interact with our Site and your data will respond to DNT signals.

Cookie Policy

A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

We use the following types of cookies on our Site:

1. Functional cookies
Functional cookies are used to remember the selections you make on our Site so that your selections are saved for your next visits;

2. Analytical cookies
Analytical cookies allow us to improve the design and functionality of our Site by collecting data on how you access our Site, for example data on the content you access, how long you stay on our Site, etc; and

3. Third-Party Cookies
Third-party cookies are created by a website other than ours. We may use third-party cookies to achieve the following purposes: to analyze website traffic and usage patterns to help us improve the website

Modifications

This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the “Effective Date” at the top of this Privacy Policy. For material changes that affect your rights under GDPR or CCPA, we will provide prominent notice on our Site and, where we have your contact information, direct notification at least 30 days before the changes take effect. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates.

Contact Information

If you have any questions, concerns or complaints, you can contact our Privacy Officer at [email protected] or:
Branfman Mayfield Bustarde Reichenthal LLP
2011 Palomar Airport Road, Suite 306, Carlsbad, California 92011

General Data Protection Regulation (European Union)

The above General Terms on Privacy shall apply to users in the European Union except to the extent they conflict with the terms of the GDPR, in which case the GDPR provisions shall control. For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation. For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.

Your Rights as a User Under the GDPR

Under the GDPR, you have the following rights:

  1. Right to be informed;
  2. Right of access;
  3. Right to rectification;
  4. Right to erasure;
  5. Right to restrict processing;
  6. Right to data portability; and
  7. Right to object.

We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37 of the GDPR.

Consent

By using our Site users agree that they consent to:

  1. The conditions set out in this Privacy Policy.

When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.

You can withdraw your consent by contacting [email protected].

Legal Basis for Processing

We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.

We rely on the following legal bases to collect and process the personal data of users in the EU:

  1. Users have provided their consent to the processing of their data for one or more specific purposes; and
  2. Processing of user personal data is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
Information We Collect and How We Use It

Personal Data We Collect

We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

Data Collected Automatically

When you visit and use our Site, we automatically collect and store the following information:

  1. Name or initials (only if voluntarily provided through the contact form);
  2. Location;
  3. Hardware and software details;
  4. Clicked links; and
  5. Content viewed

How We Use Personal Data

Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.

The data we collect automatically is used for the following purposes:

  1. Statistics.

Who We Share Personal Data With

Employees

We may disclose user data to any member of our organization who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.

Third Parties

We may share user data with the following third parties:

  1. Google Analytics.

We may share the following user data with third parties:

  1. Links clicked while using site.

We may share user data with third parties for the following purposes:

  1. Statistics.

Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given purpose.

Other Disclosures

We will not sell or share your data with other third parties, except in the following cases:

  1. If the law requires it;
  2. If it is required for any legal proceeding;
  3. To prove or protect our legal rights; and
  4. To buyers or potential buyers of this company in the event that we seek to sell the company.

If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their privacy policies and practices.

How Long We Store Personal Data

User data will be stored until the purpose the data was collected for has been achieved, or for a maximum period of 3 years, whichever comes first, unless a longer retention period is required or permitted by law.

You will be notified if your data is kept for longer than this period.

How We Protect Your Personal Data

In order to protect your security, we use industry standard SSL-TLS encryption for data transmission. Access to personal data is limited to employees and authorized third-party service providers who need such access to perform their functions, and all such parties are bound by confidentiality obligations.

While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.

International Data Transfers

We transfer user personal data to the following countries:

  1. United States.

When we transfer user personal data we will protect that data as described in this Privacy Policy and comply with applicable legal requirements for transferring personal data internationally.

  1. If you are located in the United Kingdom or the European Union, we will only transfer your personal data if:
  2. The country your personal data is being transferred to has been deemed to have adequate data protection by the European Commission or, if you are in the United Kingdom, by the United Kingdom adequacy regulations; or

We have implemented appropriate safeguards in respect of the transfer. For example, the recipient is a party to binding corporate rules, or we have entered into standard EU or United Kingdom data protection contractual clauses with the recipient.

Complaints

If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. You can lodge a complaint with a supervisory authority by contacting the European Data Protection Supervisor; details can be found at https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en.

California Consumer Protection Act

The above General Terms on Privacy shall apply as to users who are California residents except to the extent they conflict with the California Consumer Privacy Act of 2018. The CCPA protects California residents. CCPA has similar requirements and protections to the GDPR. If you decide to contact us through the contact form, that does require that you provide your name and email. You have the option of providing a phone number and the contents of a message to be transmitted to us.

The CCPA applies to:

  • Companies that serve California residents that have at least $25 million in annual revenue;
  • Companies of any size that have personal data of at least 100,000 California consumers or households or that collect more than half their revenue from the sharing or sale of personal data of California residents.

For your information, we do not have $25 million in annual revenue, and we do not sell our users’ personal data for monetary consideration. As of February 2026 we do not have the personal data of 50,000 consumers, households, or devices to trigger the CCPA’s applicability thresholds. We do share some data with Google Analytics. Even though the CCPA may not apply to us, we voluntarily follow its principles to protect your privacy.

Rights of California Residents Under the CCPA:

1. Right to Know. You may make requests for the (1) categories of personal information we have collected, disclosed or sold about you in the last 12 months, (2) categories of sources that we collected personal information, (3) the business purposes that we used the information, and (4) categories of third parties with whom we share or have shared your personal information;

2. Right to Access. You may make requests for the specific pieces of personal information we have collected about you.

3. Right to Delete. You have the right to request that we delete personal information that we collected from you, subject to certain exceptions.

4. Right to Opt-Out. You have the right to opt out of sharing of your personal information to third parties. If we ever did start selling our users’ personal information, then you would have the right to opt-out of the sale of your personal information to third parties.

5. You have the right to designate an authorized agent to submit the above requests on your behalf.

6. You have the right to not be discriminated against in receiving different or less favorable pricing, services, or financial incentives for exercising an of the above rights.

7. You have the right to request correction of inaccurate personal information.

8. If we collect sensitive personal data such as precise geo-location, contents of communications, etc., you have the right to limit its use to what is necessary to perform the requested services.

You may exercise your right to make any of these requests by contacting the Privacy Officer (identified above).

CCPA Consumer Requests

If the CCPA applies and you submit a consumer request we will endeavor to respond to your request within 45 days. Our response shall only cover the prior 12 month period preceding our receipt of your request. We will notify you if we require more time to respond or if we are unable to comply with a request.

Information that We Collect and How We Use It

Please see the sections describing the Information We Collect and How We Use It that are provided, above, in relation to the GDPR.

Authorized Agent

You may authorize someone to act as your authorized agent regarding consumer requests sent on your behalf. We will require written authorization signed by you, designating the agent or a power of attorney that we can verify. We may verify the identity of both the consumer and the agent.

Opt-Out of Sale of Your Information

We do not sell your personal information for monetary consideration. However, You may prevent your data from being used by Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout. Please note that this opt-out is device and browser-specific under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), certain data sharing activities may be considered a “sale” or “sharing” of personal information. We may share your information with third parties such as Google Analytics to analyze website usage and improve our marketing efforts. This may result in targeted advertising based on your online activity.

You have the right to opt out of the sale or sharing of your personal information as defined by the CCPA/CPRA. To exercise this right, you may:
1. Contact our Privacy Officer via the contact methods provided above (regular mail or email);
2. Prevent your data from being used by Google Analytics by visiting: https://tools.google.com/dlpage/gaoptout; or
3. Use the “Do Not Sell or Share My Personal Information” link on our website [if applicable].

We will not discriminate against you for exercising your opt-out rights. Your request will be processed within 15 business days of receipt, as required by California law.

Changes to This Privacy Policy

We may change and update this privacy policy from time to time. When we make material changes to this policy, we will notify you by posting a prominent notice on our website and updating the “Last Updated” date at the top of this policy. For significant changes that materially affect your rights, we may also provide additional notice such as via email to the address you provided when contacting us, if applicable. We encourage you to review this policy periodically to stay informed about how we protect your information. Your continued use of our website after changes are posted constitutes your acceptance of the updated policy.

Get a consultation

The team at Branfman Mayfield Bustarde Reichenthal LLP will represent you with professionalism and integrity. Schedule your appointment with us today.

Contact Us