MENU

PRIVACY AND DATA RETENTION POLICY

SARAH S. RAMA ESQ., LL.M. - IMMIGRATION LAW FIRM

Last Updated: May 28, 2025

1. INTRODUCTION

Sarah S. Rama ESQ., LL.M. ("the Firm," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy and Data Retention Policy explains how we collect, use, disclose, and safeguard your information when you:

  • Visit our website
  • Engage our legal services
  • Submit inquiries regarding our E-Visa services
  • Interact with our advertisements, including Google Video Ads
  • Communicate with us through any medium

This policy has been developed in compliance with the General Data Protection Regulation (GDPR) as implemented in Portugal through Law No. 58/2019 of 8 August 2019 and is supervised by the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados or CNPD).

2. DATA CONTROLLER INFORMATION

Sarah S. Rama ESQ., LL.M. 110 Front Street, Suite 300 Harbourside Place Jupiter, FL 33477 Email: [email protected] Phone: +1 (561) 744-2611

3. PERSONAL DATA WE COLLECT

We may collect the following categories of personal information:

3.1 Identity and Contact Information

  • Full name
  • Date of birth
  • Citizenship and nationality
  • Contact details (address, email, phone number)
  • Passport or identification documents
  • Marital status

3.2 E-Visa Application Data

  • Employment history
  • Educational background
  • Financial information
  • Family details
  • Travel history

3.3 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Location data
  • Pages visited on our website
  • Referral source
  • Time and duration of website visits

3.4 Marketing and Communications Data

  • Preferences in receiving communications
  • Communication history with our firm
  • Responses to surveys or feedback

4. HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through the following methods:

4.1 Direct Interactions

  • Consultation requests
  • E-visa application forms
  • Email or telephone communications
  • Client intake forms
  • In-person meetings

4.2 Automated Technologies

  • Cookies (see our Cookie Policy below)
  • Server logs
  • Google Analytics
  • Social media platforms

4.3 Third Party Sources

  • Government agencies
  • Previous legal representatives (with your consent)
  • Public records
  • Identity verification services

5. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal grounds:

5.1 Performance of Contract

We process your information to fulfill our contractual obligations when providing legal services.

5.2 Legal Obligation

We may process your data to comply with legal requirements applicable to immigration services in Portugal.

5.3 Legitimate Interests

We process data for our legitimate business interests, including:

  • Providing and improving legal services
  • Administrative functions
  • Marketing our services (subject to your rights)
  • Security and fraud prevention

5.4 Consent

Where required by law, we will obtain your explicit consent before processing your personal data, particularly for:

  • Marketing communications
  • Processing special categories of personal data
  • Sharing information with third parties outside our service provision

You have the right to withdraw consent at any time by contacting us using the details provided in Section 2.

6. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

6.1 Service Provision

  • Evaluating eligibility for E-Visa services
  • Preparing and submitting visa applications
  • Communicating with immigration authorities
  • Providing legal advice
  • Managing client relationships

6.2 Administrative Purposes

  • Client identification and verification
  • Billing and accounting
  • Record keeping and case management

6.3 Marketing and Communications

  • Informing you about relevant immigration law updates
  • Sharing information about our services

6.4 Website Operation and Improvement

  • Ensuring website security
  • Analyzing website usage
  • Customizing website content
  • Troubleshooting technical issues

7. DATA SHARING AND TRANSFERS

7.1 Third-Party Service Providers

We may share your personal data with:

  • IT and cloud service providers
  • Email, communication, and collaboration tools
  • Case management software providers
  • Professional advisors (accountants, auditors)
  • Payment processors

All third-party providers are required to respect the security of your personal data and treat it according to the law. They may only process your personal data for specified purposes and in accordance with our instructions.

7.2 Legal and Regulatory Bodies

We may disclose your information to: All case information is Attorney Client Privilege unless under legal subpoena to provide.

7.3 International Transfers

If we need to transfer your personal data outside the European Economic Area (EEA), we ensure a similar degree of protection by implementing at least one of the following safeguards:

  • Transfer to countries deemed to provide adequate protection by the European Commission
  • Use of specific contracts approved by the European Commission
  • Use of EU-approved data transfer mechanisms

8. DATA SECURITY

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. These include:

  • Encryption of sensitive data via Microsoft Office 365 Servers
  • Secure data storage systems via OneDrive and SharePoint

We limit access to your personal data to employees, agents, and contractors on a need-to-know basis. They are subject to strict confidentiality obligations.

9. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

9.1 Retention Periods

  • Client files: Massachusetts File Retention Guidelines (BBO Guidance)
    • Minimum retention period6 years after the conclusion of the representation.

9.2 Criteria for Retention

To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Legal, regulatory, and professional requirements

9.3 Secure Disposal

When personal data is no longer needed, we will securely delete or anonymize it.

10. YOUR LEGAL RIGHTS

Under the GDPR and Portuguese Law No. 58/2019, you have the following rights:

10.1 Access

Request access to your personal data and receive a copy of the personal information we hold about you.

10.2 Rectification

Request correction of incomplete or inaccurate personal data.

10.3 Erasure

Request deletion of your personal data in certain circumstances.

10.4 Restriction of Processing

Request restriction of processing in certain circumstances.

10.5 Data Portability

Request transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format.

10.6 Objection

Object to processing based on legitimate interests or for direct marketing.

10.7 Automated Decision Making

Not be subject to decisions based solely on automated processing that produces legal or similarly significant effects.

10.8 Complaint

Lodge a complaint with the Portuguese Data Protection Authority (CNPD) at:

Comissão Nacional de Proteção de Dados Av. D. Carlos I, 134, 1º 1200-651 Lisboa Portugal Tel: +351 21 392 84 00 Email: [email protected] Website: https://www.cnpd.pt

11. COOKIE POLICY

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website.

11.2 Types of Cookies We Use

  • Necessary cookies: Essential for website functionality
  • Preference cookies: Remember your settings and preferences
  • Statistics cookies: Collect anonymous information about how you use our site
  • Marketing cookies: Track your activity across websites to deliver personalized advertising

11.3 Managing Cookies

You can set your browser to refuse all or some cookies or alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly.

11.4 Google Analytics

We use Google Analytics to analyze the use of our website. Google Analytics generates statistical information about website use through cookies. The information generated about our website is used to create reports about website usage. Google stores this information. Google's privacy policy is available at: https://policies.google.com/ privacy

11.5 Google Ads

We use Google Ads to deliver video advertisements about our E-Visa services. Google uses cookies to personalize ads and analyze traffic. Information collected may be shared with Google's advertising partners. You can opt out of personalized advertising by visiting: https://www.google.com/ settings/ads

12. CHILDREN'S PRIVACY

Our services are not intended for children under 16 years of age without parental consent. We do not knowingly collect personal information from children under 16. If you are under 16, please do not provide any personal information to us without involvement from your parent or guardian.

13. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new policy on our website with a revised date.

14. CONTACT US

If you have questions about this privacy policy or want to exercise your rights, please contact us:

Sarah S. Rama ESQ., LL.M. 110 Front Street, Suite 300 Harbourside Place Jupiter, FL 33477 Email: [email protected] Phone: +1 (561) 744-2611