Privacy Policy

1. Introduction

Bush Group LLP (“the Firm,” “we,” “us,” or “our”) is a business law firm headquartered in Denver, Colorado, United States. This Privacy Policy explains in detail how we collect, process, store, share, and protect personal information from clients, prospective clients, website visitors, and third parties connected to our legal practice.

Our commitment to privacy goes beyond minimum legal standards. This policy is designed to align with key frameworks, including:

  • U.S. Federal Laws: FTC Act, COPPA, GLBA (where applicable).

  • Colorado State Law: Colorado Privacy Act and Identity Theft Protection Rules.

  • International Standards: GDPR (EU/EEA), UK GDPR, CPRA/CCPA (California), OECD privacy principles, and ABA Model Rule 1.6 regarding attorney-client confidentiality.

2. Data Controller and Contact Information

Data Controller: Bush Group LLP
Office Address: 1144 15th St, Denver, CO 80202 (bushgroupllp.com)
Phone: (303) 970-2007
Email: contact@bushgroupllp.com

3. Scope of This Policy

This Privacy Policy applies to personal information we collect through:

  1. Our website (including forms, cookies, analytics).

  2. Direct communications via phone, email, or in-person meetings.

  3. Legal documents, filings, and case-related materials.

  4. Third-party sources such as courts, regulators, opposing counsel, or witnesses.

  5. Employment or recruitment processes.

This policy does not apply to anonymized data, publicly available information, or purely business-to-business data not considered personal information under applicable laws.

4. Legal Bases for Processing

Under GDPR (EU/EEA):

  • Consent (Art. 6(1)(a))

  • Contractual necessity (Art. 6(1)(b))

  • Legal obligations (Art. 6(1)(c))

  • Legitimate interests (Art. 6(1)(f)) such as business administration, fraud prevention, and IT security

For sensitive data (Art. 9), processing occurs only with explicit consent or when required for legal claims.

Under CPRA/CCPA (California):

We honor the following rights:

  • Right to know, delete, correct, and port personal information

  • Right to opt out of sale or sharing

  • Right to non-discrimination

Under Colorado Law:

We comply with requirements for transparency, data minimization, consumer rights, and security safeguards.

5. Categories of Information We Collect

  • Identity Data: full name, date of birth, identification numbers.

  • Contact Data: mailing address, email, phone number.

  • Professional Data: corporate affiliations, job title, licenses.

  • Financial Data: billing records, payment details, transaction history.

  • Case Information: contracts, evidence, pleadings, court filings, correspondence.

  • Technical Data: IP address, device identifiers, browser type, cookies, user behavior on our site.

  • Sensitive Data: may arise in litigation or legal services (processed only when strictly necessary and lawful).

6. Methods of Collection

  • Directly from you via intake forms, emails, or contracts.

  • Automatically via website analytics, cookies, and server logs.

  • From Third Parties such as courts, regulators, counterparties, or professional partners.

7. Purposes of Processing

We use personal information to:

  • Provide legal services, including litigation, corporate transactions, international business, intellectual property, and debt resolution.

  • Manage billing, fee arrangements, and compliance with tax laws.

  • Screen for and prevent conflicts of interest.

  • Communicate with clients, prospective clients, and counterparties.

  • Protect IT systems, ensure cybersecurity, and improve our website.

  • Comply with legal and regulatory obligations.

  • Conduct marketing and business development (with consent where required).

8. Your Privacy Rights

Depending on your jurisdiction, you may exercise:

  • Access to your data

  • Rectification of inaccuracies

  • Deletion of personal information

  • Restriction or objection to processing

  • Data portability

  • Withdrawal of consent (where applicable)

  • Non-discrimination for exercising your rights

  • Right to lodge complaints with supervisory authorities (e.g., Colorado Attorney General, EU Data Protection Authorities).

9. Information Sharing

We may share personal information with:

  • Courts, regulators, and government authorities.

  • Opposing counsel, mediators, and arbitrators.

  • Service providers such as IT vendors, billing platforms, and consultants.

  • Professional experts, investigators, or witnesses engaged in legal matters.

  • Business transferees in the event of a merger or acquisition.

All third parties are bound by confidentiality and data protection agreements.

10. International Transfers

Where personal data is transferred outside the U.S.:

  • For EU/EEA: we rely on Standard Contractual Clauses (SCCs) or other recognized safeguards.

  • For UK and other jurisdictions: equivalent contractual and technical protections are applied.

11. Data Retention

We retain personal information for:

  • The duration of the attorney-client relationship.

  • At least 7 years after matter closure, in compliance with ethical and tax obligations.

  • Longer when necessary to defend against claims, preserve records, or meet legal requirements.

12. Security Measures

We safeguard data through:

  • Technical controls: encryption, firewalls, secure backups.

  • Organizational controls: staff training, restricted access, confidentiality protocols.

  • Physical safeguards: locked file storage, controlled office access.

We also maintain an incident response plan for data breaches.

13. Data Breach Notification

In the event of a breach:

  • We will notify affected individuals promptly and transparently.

  • Under GDPR, authorities will be notified within 72 hours where required.

  • Under Colorado and U.S. laws, we will follow applicable timelines and processes.

14. Children’s Privacy

We do not knowingly collect data from children under 13 (COPPA). For individuals under 16, parental consent is required before processing.

15. Sensitive and Confidential Information

Sensitive personal information is only processed:

  • With explicit consent, or

  • Where strictly necessary for legal claims, defense, or regulatory obligations.

16. Professional Confidentiality

As attorneys, we are additionally bound by:

  • ABA Model Rule 1.6 (confidentiality of client information).

  • Colorado Rules of Professional Conduct, which impose strict duties to safeguard client secrets.

These obligations exceed general privacy requirements.

17. Policy Updates

This Privacy Policy may be revised to reflect:

  • Changes in laws or regulations

  • Technological or security updates

  • Adjustments in firm practices or structure

The most recent version will always be posted with an updated revision date.

18. Contact Information

For questions, concerns, or to exercise your privacy rights, please contact us at:

Bush Group LLP
1144 15th St, Denver, CO 80202
Phone: (303) 970-2007
Email: contact@bushgroupllp.com

19. Disclaimer

This Privacy Policy is provided for transparency and compliance purposes. It does not create an attorney-client relationship and should not be considered legal advice. For specific matters, please consult directly with our attorneys.

Bush Group LLP.

Contact

Services

contact@bushgroupllp.com

(303) 970-2007

© 2012. All rights reserved.

1144 15th St, Denver, CO 80202

Address

Privacy Policy.