Privacy Policy

Scope and Definitions

Gelman, Rosenberg & Freedman, a Professional Corporation d/b/a GRF (the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers, visitors to our website. This policy describes the personal information we collect, use, and disclose about individual consumers who visit or interact with this website, visit any of our offices, stores, facilities or locations, purchase or inquire about any of our products or services, contract with us to provide services or otherwise interact or do business with us.

Whenever you visit our website, we will collect some information from you automatically simply by you visiting and navigating through this site, and some voluntarily when you submit information using a form on the website, enroll in or subscribe to our newsletter or marketing communications, request information about our products or services, or use any of the other interactive portions of our website. Through this website, we will collect information that can identify you and/or your activity.

Additionally, whenever you communicate, interact or do business with us, whether online or at any of our physical locations or facilities, or whether you are contracted to perform services for us we will be collecting personal information from you or about you in the course of our interaction or dealings with you.

The meaning of “personal information” may be defined based on your state of residence: in this policy, it means any information that can reasonably be used to identify an individual.

This privacy policy applies to “Consumers” as defined under various U.S. State consumer privacy laws, and all laws implementing or supplementing, or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws”).

This policy does not apply to information collected from or about job applicants regarding their application for employment or candidacy. If you are a job applicant, click HERE for our Job Applicant Notice and Privacy Policy.

This policy does not apply to our current and former employees and their family members, dependents, and beneficiaries; if you are a California resident who is a current or former employee of the Company or a family member, dependent, or beneficiary of any of our current or former employees, you may request access to our Employee Privacy Policy by sending an email to Marketing@grfcpa.com.

Collection of Personal Information and Sensitive Personal Information

Based on your specific transactions and interactions with us or our website, we will or may collect, and we have in the last 12 months collected, the following categories of personal information about you. For each category of information, the categories of third parties and service providers to whom we have disclosed the information in the last 12 months are referenced below. In jurisdictions where required by law, we limit our collection of personal information to what is reasonably necessary and proportionate to provide or maintain the services you have requested or reasonably expect in the context of your relationship with us. The examples provided for each category are not intended to be an exhaustive list or an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category.

Category: Personal Identifiers

Examples

  • Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number, Company ID number.

Disclosed to in last 12 months:

  • Financial institutions
  • Government agencies
  • Promotional or other fulfilment vendors
  • Marketing support vendors and vendors that support managing or hosting the website
  • Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email or phone
  • Lead providers (referral sources)
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Data analytics vendors, such as Google and Matomo
  • Social media platforms
  • Video content hosts and providers
  • Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
  • Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
  • Professional tax preparation and compliance software used to manage tax filings and related workflows

We May Collect, Process, and Disclose for the Following Business Purposes

  • To fulfill or meet the purpose for which you provided the information.
  • Marketing and sales activities.
  • To process, complete, and maintain records on transactions.
  • To schedule, manage and keep track of customer appointments.
  • To respond to consumer inquiries, including requests for information, customer support online, and phone calls.
  • To provide interest-based advertising.
  • To contact you by email, telephone calls, mail, or other equivalent forms of communication regarding updates or informative communications.
  • To improve user experience on our website.
  • To understand the demographics of our website visitors.
  • To detect security incidents.
  • To protect against malicious or illegal activity and prosecute those responsible.
  • To verify and respond to consumer requests.
  • To prevent identity theft.
  • To monitor security controls for electronic networks.
  • To process customer payments.
  • To perform background checks.
  • To allow access to the internet at our properties, stores, or facilities.

Sold To / Shared With

For data collected through our website, we sell some of this data to Data Analytics Vendors (not for monetary consideration but for other valuable consideration), and we also share the data with Data Analytics Vendors for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising.

Category: Contact Information

Examples

  • Home, postal or mailing address, email address, home phone number, cell phone number.

Disclosed To in Last 12 Months

  • Financial institutions
  • Government agencies
  • Promotional or other fulfilment vendors
  • Marketing support vendors and vendors that support managing or hosting the website
  • Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email or phone
  • Lead providers (referral sources)
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Data analytics vendors, such as Google and Matomo
  • Social media platforms
  • Video content hosts or providers
  • Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
  • Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
  • Professional tax preparation and compliance software used to manage tax filings and related workflows

We May Collect, Process, and Disclose for the Following Business Purposes

  • To fulfill or meet the purpose for which you provided the information.
  • Marketing and sales activities.
  • To process, complete, and maintain records on transactions.
  • To schedule, manage and keep track of customer appointments.
  • To respond to consumer inquiries, including requests for information, customer support online, and phone calls.
  • To provide interest-based advertising.
    To contact you by email, telephone calls, mail, or other equivalent forms of communication regarding updates or informative communications.
  • To understand the demographics of our website visitors.
    To detect security incidents.
  • To protect against malicious or illegal activity and prosecute those responsible.
  • To verify and respond to consumer requests.
  • To prevent identity theft.
  • To monitor security controls for electronic networks.
  • To process customer payments.
  • To perform background checks.
  • To allow access to the internet at our properties, stores, or facilities.

Sold To / Shared With

For data collected through our website, we sell some of this data to Data Analytics Vendors (not for monetary consideration but for other valuable consideration), and we also share the data with Data Analytics Vendors for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website, this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising.

Category: Account Information

Examples

  • Username and password for Company accounts and systems and any required security or access code, password, security questions, or credentials allowing access to your Company accounts.

Disclosed To in Last 12 Months

  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process, and Disclose for the Following Business Purposes

  • To grant access to Company accounts and systems
  • To ensure security of Company data accessed through Company account and systems

Sold To /Shared With

Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising.

Category:Protected Classifications

Examples

  • Age, disability, medical or mental condition, familial status

Disclosed To in Last 12 Months

  • Financial institutions
  • Government agencies
  • Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)

We May Collect, Process, and Disclose for the Following Business Purposes

  • To report applicant demographics to government agencies
  • Marketing activities
  • For marketing and sales activity, relating to product specials or other promotional events
  • For customer service related activities

Sold To / Shared With

Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising.

Category: Commercial or Transactional Data

Examples

  • Information regarding services provided, purchasing history.

Disclosed To in Last 12 Months

  • Financial Institutions
  • Promotional or other fulfilment vendors
  • Marketing support vendors and vendors that support managing or hosting the website
  • Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email or phone
  • Lead providers (referral sources)
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
  • Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
  • Professional tax preparation and compliance software used to manage tax filings and related workflows

We May Collect, Process, and Disclose for the Following Business Purposes

  • To fulfill or meet the purpose for which you provided the information.
  • Marketing and sales activities
  • To process, complete, and maintain records on transactions.
  • To respond to consumer inquiries, including requests for information, customer support online, and phone calls
  • To provide interest-based advertising.
  • To verify and respond to consumer requests.
  • To process customer payments.

Sold To / Shared With

Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising.

Category: Internet Network and Computer Activity, Mobile Device Data

Examples

  • Date and time of your visit to this website; webpages visited; links clicked on the website; session identifiers; browser ID; browser type and characteristics; device ID and characteristics or attributes; referring URLs; mobile phone make, model and serial number; mobile service provider; operating system; form information downloaded; domain name from which our site was accessed; search history; interaction-level telemetry; cookies; and internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, as well as Company-owned computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history.

Disclosed To in Last 12 Months

  • Marketing tracking and retargeting vendors and vendors that support managing or hosting the website
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Data analytics vendors, such as Google and Matomo
  • Behavior analytics vendors
  • Video content hosts and platforms (e.g., YouTube)
  • Social media platforms (e.g., Facebook, LinkedIn)
    Ad Trackers (e.g., Google Ads)
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process, and Disclose for the Following Business Purposes

  • To fulfill or meet the purpose for which you provided the information.
  • To engage in marketing and sales activities
  • To process, complete, and maintain records on transactions.
  • To schedule, manage and keep track of customer appointments.
  • To respond to consumer inquiries, including requests for information, customer support online, and phone calls
  • To provide interest-based advertising.
  • To process for targeted advertising.
  • To improve user experience on our website.
  • To understand the demographics of our website visitors.
  • To detect security incidents.
  • To protect against malicious or illegal activity and prosecute those responsible.
  • To monitor security controls for electronic networks.
  • To allow access to the internet at our properties, stores, or facilities.

Sold To / Shared With

For data in this category collected through our website or app, we sell some of this data (not for monetary consideration but for other valuable consideration) to Data Analytics Vendors, Behavior Analytics Vendors, Social Media Platforms, Video Content Hosts and Platforms, Ad Trackers, and other marketing, tracking, and retargeting vendors or providers, including, for example, Google Analytics, Google, Google Ads, Instagram, Facebook, LinkedIn, YouTube, Matomo and ZoomInfo, and we also share the data with these third parties for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising.

Category: Form and other Electronic Submission Data

Examples

  • Data submitted through the website, including Contact Us forms, and search bar queries.

Disclosed To in Last 12 Months

  • Government agencies
  • Promotional or other fulfilment vendors
  • Marketing, tracking, and retargeting vendors and vendors that support managing or hosting the website
  • Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email or phone
  • Lead providers (referral sources)
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Behavior analytics vendors
  • Data analytics vendors, such as Google and Matomo
  • Video content hosts and platforms (e.g., YouTube)
  • Social media platforms (e.g., Facebook, LinkedIn)
    Ad Trackers (e.g., Google Ads)
  • Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process, and Disclose for the Following Business Purposes

  • To fulfill or meet the purpose for which you provided the information.
  • To engage in marketing and sales activities.
  • To process, complete, and maintain records on transactions.
  • To schedule, manage and keep track of customer appointments.
  • To respond to consumer inquiries, including requests for information, customer support online, and phone calls.
  • To provide interest-based advertising.
  • To process for targeted advertising.
  • To improve user experience on our website.
  • To understand the demographics of our website visitors.
  • To detect security incidents.
  • To protect against malicious or illegal activity and prosecute those responsible.
  • To monitor security controls for electronic networks.
  • To allow access to the internet at our properties or facilities.

Sold To or Shared With

For data in this category collected through our website or app, we sell some of this data (not for monetary consideration but for other valuable consideration) to Data Analytics Vendors, Behavior Analytics Vendors, Social Media Platforms, Video Content Hosts and Platforms, Ad Trackers, and other marketing, tracking, and retargeting vendors or providers, including, for example, Google Analytics, Google, Google Ads, Instagram, Facebook, LinkedIn, YouTube, Matomo and ZoomInfo, and we also share the data with these third parties for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising.

Category: Geolocation Data

Examples

  • IP address and/or GPS location (latitude & longitude).

Disclosed To in Last 12 Months

  • Behavior analytics vendors
  • Video content hosts and platforms (e.g., YouTube)
  • Social media platforms (e.g., Facebook, LinkedIn)
  • Ad Trackers (e.g., Google Ads)
  • Data analytics vendors, such as Google and Matomo
  • Marketing, tracking, and retargeting vendors and vendors that support managing or hosting the website
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process, and Disclose for the Following Business Purposes

  • To fulfill or meet the purpose for which you provided the information.
  • To engage in marketing and sales activities
  • To provide interest-based advertising.
  • To process for targeted advertising.
  • To understand the demographics of our website visitors.
  • To detect security incidents.
  • To protect against malicious or illegal activity and prosecute those responsible.
  • To monitor security controls for electronic networks.

Sold To / Shared With

For data in this category collected through our website or app, we sell some of this data (not for monetary consideration but for other valuable consideration) to Data Analytics Vendors, Behavior Analytics Vendors, Social Media Platforms, Video Content Hosts and Platforms, Ad Trackers, and other marketing, tracking, and retargeting vendors or providers, including, for example, Google Analytics, Google, Google Ads, Instagram, Facebook, LinkedIn, YouTube, Matomo and ZoomInfo, and we also share the data with these third parties for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising.

Category: Video Content Analytics Information

Examples

  • Video content hosts and platforms (e.g., YouTube) that may collect or receive user interaction data when videos are played, paused, or viewed on our Site.

Disclosed To in Last 12 Months

  • Third-party platforms that host or stream videos.

We May Collect, Process, and Disclose for the Following Business Purposes

  • To embed and display video content hosted on third-party platforms.
  • To enable user interaction with hosted video content.
  • To provide interest-based advertising.
  • To process for targeted advertising.
  • To improve user experience on our Site.
  • To understand the demographics of our Site visitors.

Sold To / Shared With

For data in this category collected through our website or app, we sell some of this data (not for monetary consideration but for other valuable consideration) to Data Analytics Vendors, Behavior Analytics Vendors, Social Media Platforms, Video Content Hosts and Platforms, Ad Trackers, and other marketing, tracking, and retargeting vendors or providers, including, for example, Google Analytics, Google, Google Ads, Instagram, Facebook, LinkedIn, YouTube, Matomo and ZoomInfo, and we also share the data with these third parties for cross-context behavioral advertising. For all other data in this category collected through other sources (not through this website), this data is neither sold for monetary or other valuable consideration, nor shared for cross-context behavioral advertising.

Category: Online Portal and Usage Information

Examples

  • Username and password, account history, usage history, file access logs, security clearance level, and any information submitted through the account.

Disclosed To in Last 12 Months

  • Not Disclosed.

We May Collect, Process, and Disclose for the Following Business Purposes

  • To grant access to Company accounts and systems.
  • To ensure security of Company data accessed through Company account and systems.
  • To improve user experience on our website.

Sold To / Shared With

Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising.

Category: Visual and Audio

Examples

  • Audio recordings of calls and virtual meetings as disclosed to you at the time of the call.

Disclosed To in Last 12 Months

  • Consulting and investigation firms, including human resources consultants, safety consultants, and workplace investigators
    Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
    AI call recording vendors whom we engage to record, transcribe, summarize, and process calls or meetings

We May Collect, Process, and Disclose for the Following Business Purposes

  • To fulfill or meet the purpose for which you provided the information.
  • To detect security incidents.
  • To protect against malicious or illegal activity and prosecute those responsible.
  • We engage an AI vendor to record, transcribe, summarize, and process calls or meetings and integrate the data into our database, and the vendor may use the recording and transcripts for purposes consistent with the services they provide and, if they anonymize the data, they can then use it to train their AI model.

Sold To / Shared With

Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising.

Category: Facility & Systems Access Information

Examples

  • Information identifying you, if you accessed our secure Company facilities, systems, networks, computers, and equipment, and at what times, using keys, badges, fobs, login credentials, or other security access method.

Disclosed To in Last 12 Months

  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants

We May Collect, Process, and Disclose for the Following Business Purposes

  • To grant access to facilities and systems.
  • To detect security incidents.
  • To protect against malicious or illegal activity and prosecute those responsible.

Sold To / Shared With

Not sold for monetary or other valuable consideration. Not shared for cross-context behavioral advertising.

Category: Inferences

Examples

  • Based on analysis of your activity on the website, we may develop inferences regarding your preferences, patterns, or behavior.

Disclosed To in Last 12 Months

  • Not Disclosed.

Sold To or Shared With

For data collected through our website, we sell some of this data to Data Analytics Vendors (not for monetary consideration but for other valuable consideration), and we also share the data with Data Analytics Vendors for cross-context behavioral advertising.

Categories of Sensitive Personal Information Collected or Processed

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about consumers:

  1. Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
  2. Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
  3. Personal data revealing age, familial status, disability, or medical, mental, or physical health condition or diagnosis.
  4. Personal data collected from a known child

Personal information does not include:

  • Publicly available information from government records.
  • Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer, independent contractor, or applicant, or from widely distributed media.
  • Information made available by a person to whom the consumer, independent contractor, or applicant has disclosed the information if the consumer, independent contractor, or applicant has not restricted the information to a specific audience.
  • Deidentified or aggregated information.

Sources of Personal Information

We may collect your personal information from the following sources:

  • You the consumer, when you provide information for our tax organizers, applications, or other forms.
  • You the consumer, when you visit the website and voluntarily submit information through forms on the website or social media, when you visit any of our physical locations, when you purchase or inquire about any of our products or services.
  • Our employees, contractors, vendors, suppliers, guests, visitors, other consumers, and customers based on your interactions with them (if any).
  • We utilize cookies to automatically collect information about our website visitors
  • Surveillance cameras at our physical locations
  • Lead generators and referral sources
  • Social media platforms
  • Company systems, networks, software applications, and databases you log into or use
  • Third-party customer databases

To Whom We Disclose Personal Information

We may disclose, sell, or chare your personal information to/with the following categories of service providers, contractors, or third parties:

  • Financial institutions
  • Government agencies
  • Promotional or other fulfilment vendors
  • Marketing, tracking, and retargeting vendors and vendors that support managing or hosting the website.
  • Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, phone, or that record, transcribe, summarize, or process phone calls and meetings
  • AI call recording vendors whom we engage to record, transcribe, summarize, and process calls or meetings
  • Lead providers (referral sources)
  • Transaction support vendors (e.g., check guaranty, payment processors)
  • Behavior analytics vendors
  • Video content hosts and platforms (e.g., YouTube)
  • Social media platforms (e.g., Facebook, LinkedIn)
  • Ad trackers (e.g., Google Ads)
  • Data analytics vendors, such as Google and Matomo
  • Consulting and investigation firms, including HR consultants, safety consultants, and workplace investigators
  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
  • Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)
  • Professional tax preparation and compliance software used to manage tax filings and related workflows

Reasons Why We Collect, Use, Retain, and Disclose Personal Information

We may collect, use, and disclose your personal information for any of the following purposes:

  1. To fulfill or meet the purpose for which you provided the information, or a purpose reasonably associated with the context in which you provided the information and consistent with reasonable consumer expectations.
  2. To provide you or our customers with the requested products or services.
  3. To process and submit financing applications, including to apply for credit, or credit pre-qualification.
  4. To process, complete, and maintain records on transactions.
  5. To retain your selection for Text opt in/opt out to ensure customers who opted out are not sent any text messages.
  6. To schedule, manage and keep track of customer appointments.
  7. To maintain records of when customers decline a service or sale.
  8. To respond to consumer inquiries, including requests for information, customer support online, phone calls, and in-store inquiries.
  9. To provide interest-based and targeted advertising.
  10. To comply with our contractual obligations to our marketing partners and vendors.
  11. To engage in corporate transactions, including mergers, acquisitions, and joint ventures, as well as due diligence in proposed or pending corporate transactions.
  12. To contact you by email, telephone calls, mail, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked the Company to provide to you.
  13. To record, transcribe, summarize, and process calls or meetings and integrate the data into our database, and the AI vendor may use the recording and transcripts for purposes consistent with the services they provide and, if they anonymize the data, they can then use it to train their AI model.
  14. To embed and display video content hosted on third-party platforms.
  15. To enable user interaction with hosted video content.
  16. To improve user experience on our website and client portals.
  17. To understand the demographics of our website visitors.
  18. To detect security incidents.
  19. To debug, identify, and repair errors that impair existing intended functionality of our website.
  20. To protect against malicious or illegal activity and prosecute those responsible.
  21. To verify and respond to consumer requests.
  22. To prevent identity theft.

Do We Sell Your Information?

We do NOT and will not sell or share your personal information in exchange for monetary consideration.

However, we may sell or share some of your information to third parties for other valuable consideration, as noted in the table above.

Notice of Right to Opt-Out of the Selling and Sharing of Your Information

Depending on the state where you reside, you may have the right to tell us NOT to sell or share your personal information. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defines by specific state laws. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling and sharing of your information, meaning we will not disclose your information to third parties for any monetary or other valuable consideration, you can do any of the following: Click HERE to be taken to an online opt-out submission form. Visit our website at: https://www.grfcpa.com/. Click on “Do Not Sell or Share My Personal Information” to be taken to an online submission form.

  • If you are unable to submit an opt-out through the above methods, please call our toll-free privacy line at 877-437-4771 for assistance and a representative will assist in meeting your needs.

You can have an authorized agent submit a request on your behalf. To submit an opt-out through use of an authorized agent, you must provide that agent with written permission signed by you to submit an opt-out on your behalf. The authorized agent may call our toll-free privacy line at 877-437-4771 to make the opt-out request and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to the Company. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

Notice of Rights of California Residents to Limit the Use of Your Sensitive Personal Information

We do not use or disclose your sensitive personal information for purposes that give rise to a right to limit the use and disclosure of your sensitive personal information under the California Consumer Privacy Act (CCPA).

Notice of Right to Opt-Out of Profiling, Automated Decision Making, and Targeted Advertising

Depending on your state of residence, you may have the right to opt out of targeted advertising and selling of your data. You may submit a request to exercise this right by submitting a request through one of the two options provided in the “Submitting a Consumer Request” section below.

We may create a profile regarding your interests and preferences for our products and services including your potential to purchase a product or service. For job applicants or independent contractors, we may create a profile regarding predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for recruiting and hiring assessments and decisions. Depending on your state of residence, you may have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.

U.S. Consumer Privacy Rights

Under the applicable U.S. Privacy Laws, depending on state of residence, Consumers may have the following rights, which can be exercised directly or, in certain cases, through an authorized agent:

Right to Know

You may, depending on your state of residence, have the right to request, (1) the categories of personal information we have collected about you, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information, (5) as applicable, the categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, (6) the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose, (7) a list of the specific third parties to whom we sell personal data, and (8) the reasons behind any profiling decisions made about you, the data used in making those decisions, and the actions you can take to secure a different decision in the future.

Right to Access

You may, depending on your state of residence, have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.

Right to Portability

You may, depending on your state of residence, have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.

Right to Confirm

You may, depending on your state of residence, have the right to confirm if we are processing your Personal Information and to access your Personal Information, as just stated above.

Right to Delete

You may, depending on your state of residence, have the right to request that we delete personal information that we collected from you, subject to certain exceptions.

Right to Correct

You may, depending on your state of residence, have the right to request we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you.

Right to Opt-Out

You may, depending on your state of residence, have the right to opt-out of certain uses or disclosures of your personal information, including opting out of the selling of your personal information or the sharing of such information for cross-context behavioral advertising purposes. To learn more about this right and how to exercise it, please refer to the detailed discussion in the section above.

Right to Limit Sensitive Personal Information Processing

You may, depending on your state of residence, have the right to direct businesses to limit their use and disclosure of Sensitive Personal Information if we use or disclose it beyond certain internal business purposes. Where applicable, we will treat such a request as a revocation of any consent that you may have provided to your processing of Sensitive Personal Information.

Right to Non-Discrimination

You have the right to not be discriminated or retaliated against for exercising any of the above rights.

Right to Appeal

You may, depending on your state of residence, have the right to appeal our refusal to take action on a request.

Submitting a Consumer Request

You can submit any of the above types of consumer requests through either of the options below:

  1. Submit an online request on our website by clicking HERE.
  2. Call our privacy toll-free line at 877-437-4771.

How We Will Verify That It Is Really You Submitting The Request:

When you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will need to confirm your state of residence to determine which rights apply and then we will need to verify your identity.

We will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. This process may require us to request additional personal information from you, including, but not limited to, your first name, last name, email address, phone number, state/province of residence, and/or country. During verification, we will only request the minimum personal information necessary to correctly identify you for the purpose of fulfilling your request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where these rights are not available in your state, or when we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with your request.

Designated Authorized Agent:

You may, depending on your state of residence, have the right to designate an authorized agent to submit one of the above requests on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.

Retention of Personal Information

We will retain each category of personal information in accordance with our established data retention policy and practice. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including but not limited to the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statute of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

Third Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose.

Business Transfers

In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Consent to Use of AI Technology

Certain Company services and website features may be supported by third party vendors that utilize AI technology. When calling or meeting with the Company, our AI vendor(s) Microsoft Corporation and Zoom may record and transcribe information and may access the information in real-time and use the information for their own purposes, including to train their AI model. By calling or meeting with the Company, you consent to the collection and analysis of any personal information provided. If you do not consent to such use and disclosure, please provide instruction immediately on the call. For more information on how Microsoft Corporation and Zoom may use or disclose personal information, please review their privacy policy HERE and HERE.

Compliance with Law and Safety

We may disclose specific personal and/or Sensitive Personal Information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use of Cookies, Pixels, and Other Tracking Technologies

Our website may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data (text file) that a website – when visited by a user – places on the user’s device to remember information about the user, such as the user’s language preference or login information.

This type of cookie is set by us and is referred to as a “first-party cookies.” Our website uses first-party cookies primarily to make the website work as you expect it to. For example, we use the information we collect through first-party cookies to allow you to navigate between pages efficiently, analyze how well our website is performing, and understand the content that you spent the most time reviewing. In some cases, we use first-party cookies to store information that we use for targeted advertising.

We also incorporate cookies and similar technologies, such as pixels, tags, and web beacons, from outside our website’s domain (“third-party cookies”). Third-party cookies gather information to enable our vendors to provide a range of services to us, including targeted advertising and measuring the success of our advertising campaigns.

Below is a detailed list of the categories of first- and third-party cookies we use on our website.

How we use cookies

We make use of cookies under the following circumstances and for the following reasons:

  • Provide you with services available through the website and to enable you to use some of its features
  • Authenticate users and prevent fraudulent use of user accounts
  • Identify if users have accepted the use of cookies on the website
  • Compile data about website traffic and how users use the website to offer a better website experience
  • Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience, or to avoid you having to re-enter your preferences every time you use the website
  • Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website

Essential Cookies

Essential cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the website from working correctly or might prevent the Website from working at all.

Non-Essential Cookies

Non-Essential cookies are not essential to the website functionality but serve some other unique purpose in three subcategories:

1. “Performance” cookies (sometimes referred to as static cookies) collect information about the user’s behavior on the website without collecting personal information, for example:

• Pages the user visits.
• Ads the user views.
• Ads or site features that the user clicks.

2. “Functional” cookies (sometimes called preference cookies) track and remember the user’s preferences and past choices on the website to provide a personalized user experience. For example, functional cookies can collect:

• Usernames
• Passwords
• Regions

3. “Targeting” cookies (sometimes called preference cookies) can track:

• Content the user views
• Links the user follows
• The user’s browser and device information and IP address

Please note: Organizations can use targeting cookies to track and influence users by building user profiles or displaying advertisements.

Information on Some of the Cookies in Use on our Site

For information on some of the cookies we use on our site and apps, please review the policies from our some of our vendors:
Google Analytics
HubSpot, Inc.
Matomo
LinkedIn

Cookie Management

You can control and manage cookies associated with your browser. If you are interested in controlling and managing cookies from your browser including any set by our Website, please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on different ways to configure your browser’s cookie settings.
If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three third party programs that clean out tracking cookies.

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance on commonly used browsers:

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals.

You can adjust your advertising preferences on mobile devices through your device settings. Below you can find some guidance based on your type of mobile device:

DAA and NAI

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain self-regulatory programs along with websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.

  • To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering found here: https://youradchoices.com/appchoices.

Non-Participant Opt-Out Options

  • Some of our vendors do not participate in the DAA or NAI self-regulatory programs for online behavioral advertising or have developed their own processes for allowing consumers to opt-out: https://branch.app.link/optout
  • Some devices and apps do not have access to web-based browser cookie opt-outs. To learn more about the advertising opt-outs provided by your mobile device’s operating system (like iOS and Android) or the device manufacture, click here.

External Links

Our website contains links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created through your registration with our website can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Children Under the Age of 16

We do not knowingly sell or share the personal information of consumers under 16 years of age.

How We Protect the Information that We Collect

The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

  • We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
  • We restrict access to private information to those who need such access in the course of their duties for us.
  • We use internal encryption on all data stores that house voluntarily captured data.

International Visitors

If you reside in the European Economic Area, European Union, Great Britain, or Switzerland, submitted personally identifiable information to the Company, and want to request a copy of, correct, delete, or limit the ways the Company uses the information, send an email to marketing@grfcpa.com indicating your request. The Company will use reasonable and appropriate measures to honor your request.

Consent to Terms and Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy.

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Consumers With Disabilities

This policy is in a form that is accessible to consumers with disabilities.

Questions About the Policy

This website is owned and operated by GRF CPAs & Advisors. If you have any questions about this Privacy Policy, please contact us at marketing@grfcpa.com or call 877-437-4771.

**This policy was last updated September 22, 2025.

Scope of this Policy

Gelman, Rosenberg & Freedman, a Professional Corporation d/b/a GRF CPAs & Advisors (collectively, the “Company” or “we”) has developed this Privacy Policy out of respect for the privacy of our job applicants. This policy describes the personal information we collect, use, and disclose about individuals who apply for a position of employment. This is also to provide you with notice at or before the point at which we collect personal information from you informing you of what information we collect, how we use it, how long we retain it, and whether we sell it or share it for cross-context behavioral advertising purposes (we don’t by the way).
This Privacy Policy applies only to your interaction with the Company in the capacity of a job applicant. It does not apply to other contexts, such as if you are hired for employment, in which case you would be provided access to a privacy policy that covers information collected in the employment context, or if you visit our public-facing website or engage in transactions with the Company in other capacities (as a client, customer, or independent contractor), in which case the privacy policy on our website https://www.grfcpa.com/privacy-policy would apply to those interactions.

Collection of Personal Information and Sensitive Personal Information

When you apply for a position or interact with us regarding potential job openings, we may collect Personal Information from you in a variety of different situations and using a variety of different methods, including, but not limited to, on our website, your mobile device, through email, in physical locations, through written applications, through the mail, and/or over the telephone. Generally, we may collect, and we have in the last 12 months collected, the following categories of personal information from or about job applicants. For each category of information, we identify below the categories of third parties, service providers, and contractors to whom we have disclosed the information in the last 12 months. The examples provided for each category are not intended to be an exhaustive list or an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category.

Category: Personal Identifiers

Examples

  • Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number, employee ID number.

Disclosed in Last 12 Months To

  • Government agencies
  • Talent acquisition management systems
  • Vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
  • Recruiting and staffing firms or agencies
  • Social media platforms
  • IT, cybersecurity, and privacy vendors and consultants

Category: Contact Information

Examples

  • Home, postal or mailing address, email address, home phone number, cell phone number.

Disclosed in Last 12 Months To

  • Government agencies
  • Talent acquisition management systems
  • Vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
  • Recruiting and staffing firms or agencies
  • Social media platforms
  • IT, cybersecurity, and privacy vendors and consultants

Category: Pre-Hire Information

Examples

  • Information provided in your job application or resume, information gathered as part of background screening and reference checks, information recorded in job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, information in work product samples you provided, and voluntary disclosures by you, such as protected classifications.

Disclosed in Last 12 Months To

  • Talent acquisition management systems
  • Vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
  • Recruiting and staffing firms or agencies

Category: Employment History

Examples

  • Information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations.

Disclosed in Last 12 Months To

  • Talent acquisition management systems
  • Vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
  • Recruiting and staffing firms or agencies

Category: Education Information

Examples

  • Information from resumes regarding educational history; information obtained from transcripts or records of degrees and vocational certifications obtained.

Disclosed in Last 12 Months To

  • Talent acquisition management systems
  • Vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
  • Recruiting and staffing firms or agencies

Category: Mobile Device Security Information

Examples

  • Data identifying a job applicant’s device accessing Company networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider.

Disclosed in Last 12 Months To

  • IT, cybersecurity, and privacy vendors and consultants

Category: Online Portal and Mobile App Access and Usage Information

Examples

  • Where job applicant or candidate must create an account to apply for a job, collect the applicant’s username and password, account history, usage history, and any information submitted through the account.

Disclosed in Last 12 Months To

  • IT, cybersecurity, and privacy vendors and consultants

Category: Geolocation Data

Examples

  • IP address and/or GPS location (latitude & longitude).

Disclosed in Last 12 Months To • To fulfill or meet the purpose for which you provided the information.

  • To engage in marketing and sales activities
  • To provide interest-based advertising.
  • To process for targeted advertising.
  • To understand the demographics of our website visitors.

Category: Visual and Audio

Examples

  • Audio recordings of calls and virtual meetings as disclosed to you prior to and at the time of the call.

Disclosed To in Last 12 Months

  • AI call recording vendors whom we engage to record, transcribe, summarize, and process calls or meetings

Category: Inferences

Examples

  • Based on analysis of the personal information collected, we may develop inferences regarding job applicants’ predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for purposes of recruiting and hiring assessments and decisions.

Disclosed in Last 12 Months To

  • Talent acquisition management systems
  • Vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
  • Recruiting and staffing firms or agencies

What Sensitive Personal Information We Collect

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect:

  • Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
  • Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)

Personal information does not include:

  • Publicly available information from government records.
  • Information that a business has a reasonable basis to believe is lawfully made available to the general public by the job applicant or from widely distributed media.
  • Information made available by a person to whom the job applicant has disclosed the information if the job applicant has not restricted the information to a specific audience.
  • De-identified or aggregated information.

Sources of Personal Information

We may collect your personal information from the following sources:

  • You, the applicant, when you apply for a position of employment or voluntarily submit information
  • Company systems, networks, software applications, and databases you log into or use in the course of applying for a position with the Company, including from vendors the Company engages to manage or host such systems, networks, applications or databases
  • Credit and consumer reporting agencies
  • HR support vendors
  • Social media platforms
  • Recruiters
  • Staffing agencies
  • Job platforms and career sites like Indeed, LinkedIn, etc.
  • Personal references and former employers
  • Schools, universities, or other educational institutions which you attended
  • From friends, family, or colleagues who choose to email you jobs that they think you may be interested in from our application platform
  • Our employees, contractors, vendors, suppliers, guests, visitors, and customers based on your interactions with them (if any)

To Whom We Disclose Personal Information

We may disclose your personal information to the following categories of service providers, contractors, or third parties:

  • Government agencies
  • Talent acquisition management systems
  • Vendors providing services for purposes of our human resources information system (HRIS) and management of job applicant data and recruiting process
  • Recruiting and staffing firms or agencies
  • Social media platforms
  • IT, cybersecurity, and privacy vendors and consultants
  • AI call recording vendors whom we engage to record, transcribe, summarize, and process calls or meetings

Reasons Why We Collect, Use, Retain, and Disclose Personal Information

We may collect, use, and disclose your personal information for any of the following business purposes:

1. To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to apply for a job with the Company, we will use that Personal Information in connection with your candidacy for employment.
2. To comply with local, state, and federal law and regulations requiring employers to maintain certain records (such as immigration compliance records, accident or safety records, and tax records).
3. To evaluate, make, and communicate decisions regarding your job application and candidacy for employment.
4. To obtain and verify background checks, references, and employment history.
5. To communicate with you regarding your candidacy for employment.
6. To permit you to create a job applicant profile, which you can use for filling out future applications if you do not get the job you are apply for.
7. To keep your application on file even if you did not get the job applied for, in case there is another position for which we want to consider you as a candidate even if you do not formally apply.
8. To evaluate and improve our recruiting methods and strategies.
9. To engage in lawful monitoring of job applicant activities and communications when they are on Company premises, or utilizing Company internet and WiFi connections, computers, networks, devices, software applications or systems.
10. To engage in corporate transactions requiring review or disclosure of job applicant records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.
11. To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company related to recruiting or processing of data from or about job applicants.
12. To improve job applicant experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
13. To protect against malicious or illegal activity and prosecute those responsible.
14. To prevent identity theft.
15. To verify and respond to consumer requests from job applicants under applicable consumer privacy laws.

We do NOT and will not sell your personal information in exchange for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.

We do NOT and will not use or disclose your sensitive personal information for any purposes that give rise to a right to limit the use or disclosure of your sensitive personal information under the California Consumer Privacy Act (CCPA), if it applies and you are a California resident.

Retention of Personal Information

We will retain each category of personal information in accordance with our established data retention policy. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statute of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.
We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

Third-Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail and payroll services. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose.

Business Transfers

In the event we sell or transfer a particular portion of our business assets, employee information may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, employee information may be transferred as part of the acquisition.

Compliance With Law and Safety

We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Passwords

The personal data record created through your registration for your Company account can only be accessed with the unique password associated with those records. To protect the integrity of the information contained in those records, you should not disclose or otherwise reveal your passwords to third parties.

Job Applicants Under the Age of 16

We do not knowingly collect or disclose, let alone sell or share, the personal information of job applicants under 16 years of age.

How We Protect the Information That We Collect

The protection of the information that we collect about employees is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

  • We use internal encryption on all data stores that house voluntarily captured data.
  • We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
  • We restrict access to private information to those who need such access in the course of their duties for us.

Rights Under the CCPA

This section of the Privacy Policy applies only to California residents. If you are a California resident, you have the following rights pursuant to the California Consumer Privacy (CCPA).

  1. Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected, shared or sold about you, (2) the categories of sources from which the personal information was collected, (3) the business purpose for which we use this information, and (4) the categories of third parties with whom we disclose or have disclosed your personal information;
  2. Right to Access. The right to request, up to 2 times in a 12-month period, that we provide you access to or disclose to you the specific pieces of personal information we have collected about you;
  3. Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we have collected from you, subject to certain exceptions;
  4. Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;
  5. The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and
  6. The right to not be discriminated or retaliated against for exercising any of the above rights.

You Can Submit Any of the Above Types of Requests by Any of the Options Below:

  1. Submit an online request on our website HERE.
  2. Call our privacy toll-free line at 877-437-4771.

How We Will Verify That it is Really You Submitting the Request:

If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular information in our possession, which depends on the nature of your relationship and interaction with us.

Responding to your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests

Upon receiving a verifiable request from a California resident, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we cannot comply with a request, if applicable.

If You Have an Authorized Agent:

If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney, or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf. We will also contact you and ask you for information to verify your own identity directly and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

Consent to Terms and Conditions

By applying for a position with the Company or submitting any information for purposes of being considered for or inquiring about employment with the Company, you consent to all terms and conditions expressed in this Privacy Policy.

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Individuals With Disabilities

This Policy is in a form that is or will be made accessible to individuals with disabilities.

Questions About the Policy

If you have any questions about this Privacy Policy, please contact us at marketing@grfcpa.com or call 877-437-4771.

**This Policy was last updated September 22, 2025.