Privacy & Cookie Policy


Effective 11/01/2018

Overview of our Privacy & Cookie Policy

This Privacy & Cookie Policy (“Privacy Policy”) governs use of our website, (“the Site”), and other services that link to, or contain references to, this document and are published or made available by Grumbles Law PLLC (“GL”, “we”, “us” or “our”). Please read this Privacy Policy carefully.  It summarizes the various ways we acquire and treat your Data when you access, visit and/or use the Site, social feeds or other Services (as defined in our Terms of Use).   If you are a client of GL, separate privacy policies will govern your use of those products and services. This Privacy Policy does not cover information collected on sites, applications, destinations, or services linked to from the Site that we do not own or control.

You can access this Privacy Policy any time in the footer of the Site’s home page, via the menu button or on the Site description screen, or as otherwise indicated depending on the Site you are using.  By accessing, visiting or using the Site, you consent to this Privacy Policy.  If you do not agree with the terms and conditions of this Privacy Policy, you should not access, visit and/or use the Site.  We advise that you print or retain a digital copy a copy of this Privacy Policy for future reference.

In addition to reviewing this Privacy Policy, please also review our Terms of Use and any other terms and conditions that may be posted elsewhere in the Site or otherwise communicated to our users, because the Terms of Use and all such terms and conditions are also part of the Agreement between you and us.

“Personally Identifiable Information” that alone or in combination with other information or in certain contexts can be used to identify, distinguish or trace you or the device(s) (collectively, “Device”) used to access the Site is referred to in this document as “PII”.  PII, together with all other information about you and/or your Device(s) that we acquire is referred to collectively as your “Data.” “Content” as used herein refers generally to any type of information, including text, images, video, whether sourced from you, us or third parties.

This Privacy Policy may be modified from time to time, so check back often.  So that you are aware changes have been made, we will adjust the “Last Revised” date at the beginning of this document.  If we make a significant change in the way we use or share your PII, we will endeavor to post on the Site a prominent notice that a change was made. Continued access of the Site by you will constitute your acceptance of any changes or revisions to the Privacy Policy.

The Types of Data Acquired About You

  • Personally Identifiable Information (PII).  We acquire PII that may include, in certain contexts, your name, postal address, zip code, email address, and telephone number.  We also acquire your IP address and/or Device ID, which certain jurisdictions consider to be PII because it could be used to identify an individual or Device if it were combined with other identifying information.
  • Sensitive PII. We do not request on or through the Site any Data that is often considered “highly sensitive,” such as financial account information (e.g., credit report information, bank account numbers), personal health information, or government-issued identification numbers (e.g., social security number, drivers’ license number, or passport number).
  • Anonymous Data.  Some of the Data that we acquire cannot identify, distinguish or trace you or your Device, even if combined with other identifying information, and some Data that could be considered PII when combined with other identifying information is not used in a way that identifies, distinguishes or traces you or your Device, but is instead used in an anonymous way, often aggregated with other anonymous Data about other users.

How We Acquire Your Data

Data You Provide.  We mostly receive PII because you provide it to us. For instance, we may acquire your Data when you contact us by telephone, postal mail, social media interaction or messaging (e.g., Contact page message, email, SMS, MMS, or similar technologies). We also may acquire information that you provide about other people, for example.

Data Automatically Collected.  The Site may also automatically collect Data about you, your online behavior and your Device.  The Data collected may include, without limitation, the make, model, settings, specifications (e.g., CPU speed, connection speed, browser type, operating system, device identifier) and geographic location of you and/or your Device, as well as date/time stamp, IP address, pages visited, time of visits, content viewed, ads viewed, the site(s), application(s), destination(s), and/or service(s) you arrived from, and other clickstream data. The Site may collect your Data even if the Site is not open on your Device or you’re not logged in.

Data Acquired Elsewhere.  We may also acquire your PII or other Data offline or otherwise outside of the Site.  For example, we may acquire such Data from third party data suppliers.  We reserve the right to merge or co-mingle this other Data with your PII and Data collected on or through the Site.

Social Network Integration.  If you choose to access, visit and/or use any third party social networking service(s) that may be integrated with the Site, we may receive your Data that has been made available to those services, including information about your contacts on those services.  For example, some social networking services allow you to push Content from our Site to your contacts or to pull information about your contacts so you can connect with them on or through our Site. Some social networking services also will facilitate your registration for our Site or enhance or personalize your experience on our Site.  Your decision to use a social networking service in connection with our Site is voluntary. However, you should make sure you are comfortable with your Data the third party social networking services may make available us by visiting those services’ privacy policies and/or modifying your privacy settings directly with those services.

How We Use Your Data

Processing Your Requests for Content.  We use your Data to process your request for Content.  For example, if you request a return message via the Contact page on our Site, we may use your e-mail address to send you a confirmation notice and your mailing address or e-mail address to send you a message.

Administering the Site. We also use your Data for any lawful business purpose in connection with administering the Site, including without limitation for customer service, to help diagnose problems with servers, and to track users’ movements around the Site. Your geographic location Data may specifically be used to show you Content based on geographic location.

Access by Third Party Providers.  We may also allow access to your Data by third party providers (“Third Party Providers”) that provide us with services, such as technical maintenance, market research, community and forums management, e-commerce, personal/job search and other advertising functionality, but only for the purpose of and to the extent necessary to provide those services. There are also times when you provide Data to us in areas of the Site that may be managed or participated in by one or more Third Party Providers. In such cases, the Data may be used by us and by such Third Party Provider(s), each pursuant to its own policies. While we may seek to require Third Party Providers to follow appropriate privacy policies and will not authorize them to use your Data except for the express purpose for which it is provided, we do not bear any responsibility for any actions or policies of third parties.

Marketing Communications.  We may also use your Data to communicate with you about new services, events or products offered by us, Third Party Providers, and other companies and individuals with which we have a relationship.

Health, Safety, and Legal Requests.  We reserve the right to access, use, and share with others your Data for purposes of health, safety and other matters in the public interest.  We may also provide access to your Data in order to cooperate with official investigations or legal proceedings brought by or otherwise involving governmental and/or law enforcement officials, as well as private parties, including, for example, in response to subpoenas, search warrants, court orders, or other legal process. We may also provide access to protect our rights and property and those of our agents, customers, and others including to enforce our agreements, policies, and terms of use.

Employment Opportunities.  If you provide your PII to us in connection with an employment inquiry, without limiting the applicability of the rest of this Privacy Policy, we will use your PII to evaluate your job application, and for related recruiting, reporting and recordkeeping purposes.  We may maintain your PII on file, whether we hire you or not, to administer your relationship with us and/or for job applicant-related reporting and recordkeeping for as long as required or permitted by law.

Transfer or Sale of Our Business.  As our business changes, we may buy or sell various assets owned or controlled by us.  In the event all or a portion of the assets are sold, assigned, transferred or acquired by another company due to merger, divestiture, restructuring, reorganization, dissolution, financing, acquisition, bankruptcy or otherwise, your Data may be among the transferred assets. If you are a client of the firm, any transfer of your Data would be governed under separate terms.

Combining Your Anonymous Data with PII.  We reserve the right to merge or co-mingle anonymous, non-personally identifiable Data about you, your offline and online behavior, and/or your Device (including its geographic location), with your PII for any lawful business purpose.

Sharing Your Data for Marketing; Opt-Out; How to Update Your Data

Use of Your Data for Marketing.  We may use your Data to communicate marketing-related messages or information from us. We will not share your Data with third parties except as necessary for us to communicate with you (for example, mailing list software).

How to Withdraw Consent for Receipt of Marketing Messages from Us.  If you do not wish to receive marketing or other commercial messages from us hereinafter, simply follow the unsubscribe instructions contained within the message you receive.  But note that you may continue to receive certain communications from us that are necessary for the Site, for example, security alerts.

How to Update Your PII.  If you have provided contact details on any part of the Site, please use the mechanism or contact information on the Site that allows you to change or update your member preferences, if available, to keep all such Data accurate and up-to-date.  If no such mechanism or contact information is available on the Site, contact our Data Privacy Coordinator as described below with your changes.

Cookies and Related Technologies; Do Not Track (DNT)

Cookies/Local Device Storage.  The Site may at times place and/or store code or other types of information and/or software on your Device or within your browser, such as cookies (including flash cookies), locally shared objects, and HTML5 (collectively, “Local Device Storage”). We and Third Party Providers may use “Local Device Storage” in connection with the Site for any lawful business purpose, including without limitation to track the movements of individual users through the Site and elsewhere on the web or across apps, devices, and geographic locations, to help diagnose problems with servers, to gather broad demographic information, to conduct research, to deliver editorial Content, to record personalization information, and to otherwise administer the Site.

You May Disable Local Device Storage.  If you do not want Local Device Storage, your Device or browser may include an option that allows you to not accept it. However, if you disable Local Device Storage, some portions of the Site may not function properly.

Tracking Technologies.  In addition to Local Device Storage, we may use web beacons, web bugs, internet or pixel tags, clear gifs, digital fingerprinting (aka “Machine Identification”) and similar technologies (collectively, together with Local Device Storage, the “Tracking Technologies”) on the Site and in our communications with you, such as within e-mail and text messages and push notifications. We may use Tracking Technologies for all or some of the same lawful business purposes we describe above for use of Local Device Storage.

Do Not Track (DNT).  Your browser setting may allow you to automatically transmit a “Do Not Track” (DNT) signal to websites and online services that you visit. There is no consensus among industry participants as to what DNT means in this context, and some browsers automatically apply DNT signals by default and therefore do not necessarily reflect our visitors’ choice as to whether they wish to receive advertisements tailored to their interests. As a result, like many websites and online services, we do not alter our practices when the Site receives a DNT signal from a visitor’s browser. As discussed below, you may opt out of the use of your Data for online behavioral advertising by third parties at any time. To find out more about DNT, please visit

Transfer of Your Data Among Jurisdictions

We are a Minnesota professional service firm with headquarters in the United States. Your Data may be processed, transferred to, and maintained on, servers and databases located within the U.S. and elsewhere where the privacy laws may not be as protective as your jurisdiction.  We reserve the right to transfer your Data to and from any state, province, country or other governmental jurisdiction. However, when we transfer your personal information to other countries, we will endeavor to protect that information in accordance with applicable law. Your consent to this Privacy Policy followed by your submission or our collection of such Data represents your agreement to any such transfer.

Retention & Deletion of Your Data

If we receive and process your Data for the purposes described herein, such Data shall not be kept for longer than is necessary for those purposes. However, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Data Security and Notification

Security Measures. We take commercially reasonable security measures to protect against unauthorized access to, or unauthorized alteration, disclosure or destruction of, PII that you share with us.

No Liability for Breach.  Because no data transmission is completely secure, and no system of physical or electronic security is impenetrable, we cannot guarantee the security of the Data that you send to us or the security of servers, networks or databases, and by using the Site you agree to assume all risk in connection with your Data.  We are not responsible for any loss of such Data or the consequences thereof.

Breach Notification.  In the event that we believe the security of your Data in our possession or control may have been compromised, we may seek to notify you. If notification is appropriate, we may notify you by e-mail, push notification, or otherwise.


We do not knowingly collect any personal information from children under the age of thirteen (13) unless required by law. If we learn that a child under the age of thirteen (13) has provided us with personal information, we will delete it in accordance with applicable law. If you are under eighteen (18), we request that you obtain parental consent prior to providing any information to us via our Contact page and have your parent contact us to confirm.

Notice to California Customers – Your Privacy Rights

Shine the Light.  California’s “Shine the Light” law, Civil Code Section 1798.83, gives California customers the right to prevent our disclosure of their personal information to third parties for those third parties’ direct marketing purposes, and requires certain businesses to respond to requests from California customers asking about the business’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes.  Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We do not share your information for third party direct marketing purposes.

Online Erasure.  California’s “Online Erasure” law, Business and Professions Code Sections 22580-22582, requires operators of certain websites and online services to allow registered users who are under the age of 18 and residents of California to request removal of Content they post. We do not allow the posting of Content on our Site by anyone other than those working at or for the firm regardless of age.

Notice to Residents of the European Economic Area (EEA) and Switzerland under the General Data Protection Regulation

Purposes of Processing.  As explained in Section 4 above, we process your Data to process your requests for Content or products, administer the Site, facilitate access by Third Party Providers, make marketing communications, facilitate health, safety and legal requests, respond to your requests in connection with employment opportunities, transfer or sell our business, and to combine data sets. As explained in Sections 5-7, we may also use, transfer and otherwise process Data acquired from you directly or by use of Tracking Technologies, for our marketing and other lawful and necessary purposes.

Legal Basis for Processing.  We will serve you with our marketing content with your consent, and you have the right to withdraw consent at any time as described in Section 6 above, by contacting our Data Privacy Coordinator described below.  We rely on the legitimate interest basis of processing for the other activities described in subsection a. above because processing Data may necessary to provide you with our content or products and to respond to your requests, our activities are reasonably expected by our visitors, and those activities do not unduly and negatively affect the privacy rights of our visitors. When you request content or information or engage in another type of transaction with us, we may process your Data to fulfill that contract. If you retain us for legal services, our relationship will be governed by additional privacy terms.

Transfers. As described in Section 7 above, your Data may be processed in or transferred to the U.S. or elsewhere in the world. We will work to ensure that transfers of personal data to a third country or an international organization are subject to appropriate safeguards.

Individual Rights. If you are a resident of the EEA or Switzerland, you are entitled to the following rights. Contact our Data Privacy Coordinator as described below to exercise these rights.  Please note: In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing Data.

Right to access and rectify your Data. You have the right to obtain information about our processing of Data and a copy of your Data that we store. You have the right to request that we update your Data if it is inaccurate or incomplete.

Right to request erasure of your Data. You have the right to have your Data erased from our systems if the Data is no longer necessary for the purpose for which it was collected or you withdraw consent and no other legal basis for processing exists.

Right to restrict our processing of your Data. You have the right to restrict our processing if you contest the accuracy of the Data we store about you, our processing is deemed unlawful and you oppose erasure of your Data, or we no longer need the Data for the purposes for which we collected it but we must store it to comply with our legal obligations.

Right to the portability of your Data. You have the right to receive your Data and to transmit it to another controller where our processing is based on consent you gave us and was carried out by automated means.

Right to object to our processing of your Data. You have the right to object to our processing where we process Data based on legitimate interest.

Right to lodge a complaint. You have the right to lodge a complaint about our Data collection and processing actions to your data protection authority. Contact details for data protection authorities are available at

Time for Response. We will endeavor to respond to all requests, inquiries or concerns under this section within thirty (30) days.

EEA Representative.  If you are a Data Protection Authority in the EEA with questions about this policy or the Site, please contact our Data Privacy Coordinator as described in Section 13 below.

13. Data Privacy Coordinator

If you have any concerns or questions about any aspect of this Privacy Policy, or seek to exercise any rights described herein, please contact our Data Privacy Coordinator as follows:

Data Privacy Coordinator
Grumbles Law PLLC
287 6th St. E, Suite 140
Saint Paul MN 55101

When communicating with our Data Privacy Coordinator, make sure to include enough information for us to help you, including for example your name, contact information, and the specific website and/or other service you’re contacting us about.

Note: Only inquiries about this policy or your PII should be sent to the Data Privacy Coordinator. No other communications will be accepted or responded to.

For communications on other matters, please contact us through the means described on the Site, if available (for example, in the “Contact Us” section).

* * * * * * * * * * * * * *