Our Privacy Policy explains what information we collect through the DABLO Law Firm website (the “Site”), how we use and store that information, and your rights regarding your personal data. We adhere to the Personal Data Protection Proclamation No. 1321/2024 (PDPP 2024) of Ethiopia and international best practices (including principles mirrored from the EU General Data Protection Regulation). In summary, we collect only what is necessary for legitimate purposes, protect it diligently, and respect your rights over your data.

1. Information We Collect

Personal Data You Provide: If you contact us through our online forms (e.g. “Contact Us” form) or sign up for our newsletter, we will collect personal identifiers such as your name, email address, phone number, and any information you include in your message or inquiry. We collect this information only when you voluntarily provide it for specific purposes – for example, to seek legal services or to subscribe to updates. We do not ask for sensitive personal data (such as government ID numbers or financial information) on our website, and we advise you not to include confidential details about your legal matter in initial communications (see Legal Disclaimer Section for more on confidentiality).

Automated Data Collection: Our Site may use standard web technologies to collect technical information automatically. This includes your IP address, browser type, pages visited, and the date/time of your visit. This data is typically collected via cookies or similar tracking technologies for the purpose of understanding user engagement and improving website functionality. We do not use these technologies to identify you as an individual, but rather to gather aggregate usage statistics. You will be notified of any cookies upon visiting the site, and where required, we will obtain your consent for non-essential cookies in accordance with applicable laws (for instance, EU users will see a cookie consent banner). (Note: As of the current policy, our Site’s use of cookies is limited to essential operations; we do not use third-party advertising or targeting cookies.).

2. Use of Collected Information

We use the personal information you provide strictly for the purpose for which you provide it. For example:

• If you fill out a contact or consultation request form, we will use your contact information and the content of your inquiry to respond to you regarding your legal question or to schedule a consultation. We will not automatically add you to any marketing list – we will only follow up regarding the specific inquiry, unless you separately opt-in to newsletters or updates.
• If you subscribe to our newsletter or legal updates, we will use your name and email to send you the requested publications. Each newsletter email will offer you the ability to “unsubscribe” or opt out easily at any time. We will not use your newsletter subscription information for any other purpose.
• If you apply for a job through the website (e.g., by emailing a resume), personal information in your application will be used for recruitment and hiring decisions and handled in accordance with separate recruiting privacy practices (you will be informed of any additional policy if applicable at the time of application).

We do not sell or rent your personal information to any third party for any purpose. We do not use the information you provide to make automated decisions about you. In short, personal data is collected and used only for legitimate business purposes of the firm (such as communicating with prospective clients or those interested in our services) and with your knowledge and consent.

3. Storage and Security of Your Data

Data Security: DABLO Law Firm employs appropriate technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. We utilize industry-standard security protocols. For instance, our website is encrypted via SSL/TLS (HTTPS) to secure data in transit, and internally we restrict access to personal data only to those in our team who need to process it for the above-mentioned purposes. We also have in place confidentiality agreements and data protection training for our staff, reinforcing the importance of safeguarding client data.

Despite our efforts to protect information, please be aware that no method of transmission over the Internet or electronic storage is 100% secure or error-free. We cannot guarantee absolute security of information. However, we strive to use commercially acceptable means to protect your personal information and we continuously update our practices in line with evolving security standards. In the unlikely event of a data breach involving your personal information, we will comply with applicable notification laws – for example, Ethiopian law requires that we inform the authorities and affected individuals within 72 hours of becoming aware of certain breaches . We have internal procedures to address such situations and will act promptly to mitigate any risk.

Data Storage Location and Retention: Personal data collected via our website is stored on secure servers. As an Ethiopian law firm, we abide by any local data residency requirements; notably, the PDPP 2024 emphasizes that personal data collected in Ethiopia should preferably be stored in-country. We primarily use servers located in Ethiopia or jurisdictions with adequate data protection standards. If in any case your data is stored or processed in another country (for example, if we use a trusted email or cloud service provider), we ensure that appropriate safeguards are in place in line with PDPP and GDPR standards (such as contractual clauses or that the destination jurisdiction has an adequate privacy law).

We retain personal information only for as long as necessary to fulfill the purpose for which it was collected, unless a longer retention period is required or permitted by law. For example, if you contact us but do not ultimately engage our legal services, we will retain your inquiry correspondence for a limited time in case you reconnect or for our own records, but we will periodically delete such data. Newsletter subscriber information is retained until you unsubscribe, at which point we remove your contact from our list promptly. Data that becomes part of a client file (if you become a client) will be retained in accordance with our client data retention policies, which often are dictated by regulatory or professional rules (typically for a number of years after a matter concludes). We securely delete or anonymize personal data when it is no longer needed.

4. Disclosure of Information to Third Parties

No Unauthorized Third-Party Disclosures: We do not share your personal information with third parties, except in the few situations described below or as authorized by you. Specifically, we will never sell your data, and we do not disclose client or user information to third-party marketers. Any service providers we use (such as our website hosting company or an email newsletter service) are bound by confidentiality and data protection obligations to ensure your information remains protected.

Service Providers: We may employ reputable third-party companies or individuals to facilitate our website and related services – for example, IT support, email newsletter distribution, or cloud backup services. These providers may process personal data only on our behalf and for the purposes we specify (e.g., sending out the newsletter you signed up for). In line with Ethiopian law, whenever we engage a data processor, we enter into a written contract that imposes strict obligations on the processor to safeguard personal data and use it only for the contracted purpose. They are not permitted to use or disclose your information for any other purpose. For instance, if we use an email delivery service, that service cannot independently market to you or share your email address – it acts purely under our instructions.

Legal Requirements: We may disclose personal information if required to do so by law or in response to a valid court order, subpoena, or government request. DABLO Law Firm is subject to Ethiopian laws and professional regulations; if an obligation arises (for example, to report certain transactions under anti-money laundering laws or to cooperate with law enforcement), we will only disclose what is legally necessary. We will attempt to notify you if your data is sought by a third-party request, to the extent allowed by law and appropriate.

Business Transfers: It is highly unlikely, but in the event that the law firm undergoes a significant business transaction (such as a merger with another firm or reorganization), user information could be among the assets transferred. If this were to happen, we would ensure the new entity continues to handle your information in accordance with this Privacy Policy or provide notice and choice if it will be handled differently.

Otherwise, DABLO will not disclose your personal information to any third party without your explicit consent, except as outlined above. If you direct us or give consent (for example, you ask us to refer you to an affiliate or partner firm and share your contact details), we will, of course, share the data as instructed by you.

5. International Data Transfers

As noted, we primarily process personal data within Ethiopia. If you are located outside Ethiopia, be aware that when you submit information to us, it will be transferred to Ethiopia where our firm is based. By providing us personal data, you consent to the transfer and processing of your data in Ethiopia. We apply a high standard of privacy protection to all user data, regardless of country of origin, and the principles of this Privacy Policy will apply to international transfers.

For personal data originating from jurisdictions with strict data export rules (for instance, the European Economic Area under GDPR), we will ensure a lawful basis for transfer. This may include verifying that the receiving environment provides “adequate protection” comparable to GDPR, or implementing EU Standard Contractual Clauses where appropriate. We will also seek your consent for cross-border transfers when required by applicable law. Notably, PDPP 2024 prohibits transfer of personal data to countries lacking sufficient protection unless certain conditions (like explicit consent or necessity) are met. DABLO will abide by those rules: we will not, for example, host your data on a foreign server in a country with weak privacy laws unless we have taken measures to protect the data or obtained your consent after informing you of any risks.

6. Your Rights and Choices

Under Ethiopian law and international standards, you have several important rights regarding your personal data that we respect and uphold:

• Right to Access: You may request confirmation whether we are processing personal data about you, and if so, request a copy of that data. We will provide you with your information, subject to some legal exceptions (for example, we might not be able to share data that includes someone else’s personal information without their consent). Generally, if you want to know what information we have about you from website interactions (like a contact form submission), we will tell you and provide a copy.
• Right to Rectification: If any personal information we have is incorrect or outdated, you have the right to request a correction. We encourage you to contact us if you believe we have inaccurate data (e.g., you see a misspelling of your name in our communications). We will promptly correct inaccuracies as required.
• Right to Deletion: You can ask us to delete the personal data we hold about you. This is sometimes known as the “right to be forgotten.” If you withdraw your inquiry or no longer wish to be on our mailing list, you can request that we remove your information. We will do so except to the extent we are required to retain certain data (for instance, if you became a client, we may need to keep records of our representation as per legal profession rules). For newsletter subscribers, an unsubscribe or deletion request will result in removal from our list and our active database generally within a short time frame.
• Right to Object or Restrict Processing: You have the right to object to certain types of processing. For example, you can object to receiving marketing emails (which is why we always provide an opt-out). You can also request that we restrict processing of your data in certain circumstances – for instance, if you contest the accuracy of data, you can ask us to pause processing until it’s resolved.
• Right to Data Portability: To the extent applicable, you may request a copy of personal data you provided to us in a machine-readable format, or that we transmit it to a third party. Given the limited data we collect (often just contact info and messages), this right may not be frequently invoked, but we will honor it if applicable.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can unsubscribe from newsletters or ask us to stop processing information you submitted via the website. Note that withdrawing consent will not affect the lawfulness of any usage of your data that occurred prior to withdrawal.

These rights may be subject to certain conditions or legal limitations. To exercise any of these rights, you may contact us at the contact information provided at the end of this policy. We will require you to verify your identity (to ensure we don’t disclose your data to someone else) and then we will respond within a reasonable time. For requests under the PDPP 2024, we understand we should respond within 30 days unless it’s particularly complex. There is generally no fee for making such requests, unless they are manifestly unfounded or excessive.

7. Newsletter and Marketing Communications

If you subscribe to our firm’s newsletter or updates, we want to clarify how your data is used in that context (some of this was mentioned above but is reiterated for transparency):

• We will collect only your name and email address for the purpose of sending you the newsletter. We do not collect other information about you when you sign up, apart from perhaps your company or title if you choose to provide it (optional).
• Your consent is required for us to send newsletters. By subscribing, you are giving us permission to send emails to you. You can revoke this permission at any time by clicking the “unsubscribe” link in any email or by contacting us directly.
• We treat our mailing list with confidentiality. We handle it in-house or via a secure email service provider, and we do not disclose our subscriber list to any outside entity without consent. We certainly do not sell these contacts.
• If at any point we decide to introduce different kinds of marketing communications, we will update this policy and provide a clear opt-in choice. For now, we simply send periodic newsletters/legal updates which you have to voluntarily sign up for (or be manually added only with your consent, such as if you explicitly ask a lawyer to include you).
• We aim to ensure any marketing emails are compliant with applicable anti-spam laws. They will clearly identify the sender as DABLO Law Firm, and not be misleading in subject or content.

8. Children’s Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16 years old. If you are under 16, please do not provide any personal data on this site. If we become aware that we have inadvertently received personal information from a child under 16, we will delete it. Parents or guardians who believe a minor may have provided us personal information can contact us to request removal.

(Note: Under Ethiopian law, a “minor” for data protection purposes is defined as someone under 16. We align with that standard. We require any users of our contact forms to confirm they are 16 or older.)

9. Links to External Sites

For your convenience, our Site may include links to third-party websites or resources (for example, an external blog post, legal database, or social media page). If you click on a link to a site that is not operated by DABLO Law Firm, be aware that we have no control over the content or privacy practices of those external sites. This Privacy Policy and our responsibilities apply only to our own website. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the protection of your data on any site that is not under our control, and a link on our Site does not imply our endorsement of the external content or its privacy/security. (This is further addressed in the Legal Disclaimer below as well.)

10. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to ensure compliance with new laws and regulations. If we make material changes, we will post the revised policy on this page and update the “Effective Date” at the top. For significant changes, we may also provide a more prominent notice (such as a banner on our site or an email notification to subscribers, if appropriate). We encourage you to periodically review this Policy to stay informed about how we are protecting the personal information we collect. Your continued use of the Site after any changes to this Policy constitutes acceptance of those changes.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

DABLO Law Firm LLP

Attn: Privacy Officer (General Manager)

Adwa Street, Arada Sub-city, Nib Bank Building 2nd Floor, Office No. 201

Addis Ababa, Ethiopia

Email:

Phone: +251 (0)91 125 9224

We will be happy to assist you and will respond to any privacy-related inquiries as promptly as possible, in accordance with applicable law.