Estate And Elder Planning LLC

Frederick

301 663 9230

Rockville

240 453 0070

Make an Appointment

GDPR Privacy Policy

1. Introduction

Our firm (“Firm,” “we,” “our,” or “us”) is a Maryland limited liability company providing estate planning and elder law legal services under the laws of the State of Maryland.

Regardless of physical location, all legal services are governed exclusively by Maryland law.

This Privacy Policy explains how we collect, use, process, store, and protect personal data obtained through our website and in connection with legal services.

For purposes of applicable data protection laws, including the EU General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”), the Firm acts as the Data Controller with respect to personal data collected through our website and client engagement.

2. Categories of Personal Data We Collect

A. Contact Information

• Name
• Address
• Telephone number
• Email address

B. Client & Prospective Client Information

• Financial and asset information
• Estate planning documents
• Family information
• Beneficiary designations
• Communications and correspondence

C. Special Category Data (when relevant to representation)

• Health information
• Disability status
• Long-term care or Medicaid eligibility information

D. Technical Data

• IP address
• Browser type
• Device information
• Website usage data
• Cookie-related data

E. Documents Submitted

• Any files or communications voluntarily provided via website, email, or secure portal.

3. Lawful Bases for Processing (GDPR – Articles 6 & 9)

Where GDPR applies, personal data is processed under the following lawful bases:

Article 6 Bases

• Performance of a contract (legal services engagement)
• Taking steps at the request of the data subject prior to entering a contract
• Compliance with legal obligations
• Legitimate interests in operating and securing the Firm
• Consent (where required)

Article 9 – Special Category Data

Health and related sensitive information is processed only when:

• The data subject provides explicit consent, or
• Processing is necessary for the establishment, exercise, or defense of legal claims.

We process personal data only to the extent necessary to provide legal services and maintain Firm operations.

4. How We Use Personal Data

We use personal data to:

• Respond to inquiries
• Provide legal services
• Draft estate planning documents
• Communicate regarding client matters
• Comply with professional and ethical obligations
• Maintain internal administrative records
• Improve website functionality and security
• Prevent fraud and unauthorized access

We do not sell personal information. 

5. International Data Processing and Transfers

The Firm is organized in the United States but may access and process data while physically located in Portugal.

Personal data may therefore be processed in:

• The United States
• Portugal
• Other jurisdictions where secure service providers operate

Where required under GDPR, international transfers are safeguarded through:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs) with service providers
• Contractual confidentiality obligations
• Professional attorney-client confidentiality standards.

6. Data Security Measures

We implement appropriate technical and organizational safeguards, including:

• Encrypted devices
• Secure cloud-based document management systems
• Two-factor authentication
• Secure VPN connections
• Access restrictions and password protection
• Encrypted email or secure portals where appropriate

No system is completely secure; however, we take reasonable and professional measures to protect confidential and personal data.

7. Data Retention

Client files are retained in accordance with Maryland professional responsibility rules and applicable legal obligations.

Closed client files are typically retained for a period consistent with professional and malpractice considerations (generally no less than five years unless circumstances require longer retention).

Certain records may be retained longer where legally required.

8. Sharing of Personal Data

We may share personal data with:

• Secure cloud service providers
• Practice management software providers
• Payment processors
• Accountants or tax professionals when necessary
• Courts, government agencies, or regulators as legally required

All service providers are contractually required to maintain appropriate data protection safeguards and process data only under our instructions.

We do not sell or rent personal data.

9. Your Rights Under GDPR (Where Applicable)

If you are located in the European Union or European Economic Area, you may have the following rights:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”) where applicable
• Right to restrict processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time (where processing is based on consent)
• Right to lodge a complaint with a supervisory authority

In Portugal, the relevant supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD).

Certain rights may be limited where personal data is subject to attorney-client privilege or required to be retained under legal or professional obligations.

Requests may be submitted using the contact information below.

10. Cookies and Website Analytics

Our website may use essential cookies necessary for basic functionality.

If analytics or non-essential cookies are used, they are implemented in accordance with applicable consent requirements. Users may adjust cookie preferences through browser settings.

11. Contact Information

David Wingate, Esq.

12. Updates to This Policy

This Privacy Policy may be updated periodically