Last Updated April 25, 2018

Transparency is important to us at Cohen & Gresser. That’s why our Privacy Policy (the “Policy”) aims to be clear about the types of information we collect, what we do with that information, and our data protection and storage practices. The Policy describes our privacy practices regarding information collected from our website, social media and other sources, and HTML-formatted emails that link to the Policy, as well as your choices with regard to use, access, and amendments of information relating to you as an identified or identifiable natural person (“Personal Data”). We collect some Personal Data automatically, for statistical purposes only; otherwise, all of your Personal Data is given directly to us by you. We only share this information with other Cohen & Gresser entities and to third parties to the extent necessary to help us serve or market to you more effectively. By using our website, interacting with us on social media, clicking on our HTML-formatted emails, or by providing Personal Data to us in any other way, you agree to the collection and processing of your Personal Data as set out in this Policy. Please note that we do not request or collect or otherwise process Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

1. How do we collect and process your Personal Data

1.1 Information you provide We collect the Personal Data you voluntarily provide to us from time to time via email or other means of communication, in particular when:

  1. we (or a member of our firm) handle a legal matter on your behalf; or
  2. we (or a member of our firm) otherwise enter into a business relationship with you; or
  3. you give your business card to a member of our firm;
  4. you apply for a position at our firm;
  5. you send an email to us (or a member of our firm) for any reason.

Such Personal Data may include your first/last name, address, company/organization name, your functions, telephone numbers, email address, country, type of assistance required and/or your message, CV, letter of motivation, letter of recommendation, qualifications, etc. Such information is used for the following purposes:

  • Answering your inquiries and requests, including questions regarding our firm and policies, requests for marketing communications, and recruitment queries;
  • During the course of our business, including in relation to legal services and advice;
  • Contact you via marketing communications, such as client alerts, press releases, and event invitations;
  • Updating our contact lists to ensure accurate information and areas of interest;
  • Recruitment purposes;
  • Improving our services, including through data analytics, audits, and fraud detection.

This processing is necessary:

  1. for the provision of our services and the fulfillment or performance of an agreement with you; or
  2. for our other legitimate purposes under applicable laws.

Personal Data is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.

1.2 Direct marketing We may, from time to time, send you direct communications including news regarding our firm, invitations to events or articles written by our attorneys. You must communicate an email address in order to subscribe to any of our newsletters and client alerts. You can chose to unsubscribe at any time, either by clicking on the link provided at the bottom of our newsletters or client alerts, or by sending us a request to that effect.

1.3 Information collected automatically and cookies When you visit our website, the following information about your visit is automatically collected by us:

  • your computer’s or mobile device’s operating system;
  • the application or software that you used to access our website;
  • your Internet Protocol (“IP”) address;
  • the time you accessed our website;
  • the device type with which you accessed our website;
  • your browser type and language configuration;
  • the website you visited before accessing our website.

Our website may also contain social media features, such as a LinkedIn ‘Follow’ button. These features may collect your IP address and the page of origin from our website, and may set a cookie to enable the feature to function properly. The aim of the automatic collection and processing of the information described above is to obtain visit statistics in order to improve our website and your experience as a client or user of our website. In particular, we use IP addresses to analyze trends, administer the website, and gather broad demographic information for aggregate use. Such Personal Data is processed to further our legitimate purposes. Personal Data is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.

1.4 Cookies A cookie is a piece of data stored on your device containing information related to your visit on our website. You may, at any time, modify, delete, or block the cookies stored on your device when visiting our website. Please note that some functionality of the website may be impaired as a result.  Please refer to your browser’s documentation to learn how to proceed. The use of cookies facilitates the operation of the website and improves the website. By visiting the website without disabling this function, you expressly consent to the use of cookies. The storage duration of cookies differs depending on the cookie, but is never longer than ninety (90) days.

2. Links to third party sites and Google Analytics

Our website contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to read the privacy statements of each and every website that collects Personal Data. Please note that we use a tool called “Google Analytics” to collect information about the use of our website. Google Analytics collects website use information regarding how often users visit the website, what pages they visit when they do so, and what other sites they used prior to coming to our website. We use the information we get from Google Analytics to improve our website. Google Analytics collects only the IP address assigned to you on the date you visit our website, rather than your name. Google’s ability to use and share information collected by Google Analytics about your visits to the website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to the website by disabling cookies on your browser.

3. Sharing with third parties

As members of a global firm, we will share your Personal Data with other Cohen & Gresser entities throughout the world. We may disclose your Personal Data to another Cohen & Gresser entity (i) for purposes of outsourcing one or more of the functions described above; (ii) to confirm or update information provided by you; or (iii) for other purposes disclosed at or before the time the information is collected. We may also share your Personal Data with some selected third parties including software providers and vendors:

  1. when legally required to do so; or
  2. when utilizing third party vendors to host and secure – but not process – data during the regular course of doing business.

4. Transfers

We operate our services through Cohen & Gresser LLP in the United States. This means that your Personal Data is processed and stored on a server located in the United States. By accessing our website or otherwise voluntarily providing us with information, you consent to having your data transferred and processed in the United States. In order to ensure the lawfulness of these transfers, we have executed and implemented the European Commission Standard Contractual Clauses for controller-to-controller transfers set by Decision 2004/915/EC. The Standard Contractual Clauses provide for adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights, and are fully implemented by all entities of Cohen & Gresser.

5. Security measures

We attempt to protect against the loss, misuse and alteration of your Personal Data and have implemented reasonable administrative, technical, and physical measures to protect your Personal Data, both online and offline. While we have strict procedures in place to safeguard your Personal Data, we cannot guarantee the safety of Personal Data or any transfer of such data which takes place outside of C&G networks. If you have specific questions regarding our security measures, please email privacygroup@cohengresser.com

6. Rights with regard to your Personal Data

You have the following rights regarding your Personal Data processed by us.

(a) Right of access: You may request access to your Personal Data that we collect and process about you. This is called a data subject access request and you can make a request about your Personal Data by writing to us using the contact details below.  We may require further information from you in order to verify your identity before giving you access to or disclosing any Personal Data to you.  Should you request such an access, we will provide you with a copy of all your Personal Data in our possession as well as all legally required information, including:

  • the purposes of the processing;
  • the categories of Personal Data concerned;
  • the recipients to whom the Personal Data have been or will be disclosed;
  • the duration of storage of the Personal Data; and
  • further information on your rights regarding your Personal Data.

(b) Right to data portability: You have the right to data portability of your Personal Data. This right differs from your right to access, since it only relates to the Personal Data you provided us with (for example, automatically collected data is not included). This right allows you to receive this Personal Data in a structured, commonly used and machine-readable format in order for you to be able to transfer this Personal Data to another data controller or processor.

(c) Right to rectification: You may, at any time, request that we rectify inaccurate or incomplete Personal Data concerning you, and we will proceed accordingly and promptly.

(d) Right to deletion (‘right to be forgotten’): You may request the deletion of your Personal Data provided that one of the following conditions apply:

  • your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • there is no statutory or legal basis requiring us to maintain your Personal Data;
  • you withdraw your consent for the processing and there is no other legal ground for the processing (this only relates to the Personal Data collected via the contact form or for our newsletter purposes);
  • you exercise your right to object to the processing of your Personal Data, as detailed in section 6.5;
  • your Personal Data was unlawfully processed; or
  • your Personal Data has to be erased to comply with a legal obligation to which we are subject.

(e) Right to object: Where your personal situation justifies it, you may object to the processing of your Personal Data by us when this processing is carried out in our legitimate interests. You may also, at any time, object to the processing of your Personal Data by us when this processing is carried out for marketing purposes.

(f) Right to restriction of processing: You may ask for the restriction of the processing of your Personal Data when one of the following applies:

  • where you dispute the accuracy of your Personal Data, you can request the restriction of the processing of your Personal Data for the period required to verify your claim;
  • where the processing is unlawful, you may choose to request the restriction of the use of your Personal Data instead of requesting its erasure;
  • if we no longer need your Personal Data for the purpose of the processing, but you require this data for the establishment, exercise or defense of legal claims; or
  • where you objected to the processing of your Personal Data carried out in our legitimate interests, you may request the restriction of this processing while we investigate your claim.

If and when you notify us of a rectification or deletion of your personal data or a restriction of processing, we will attempt to notify each recipient to whom your Personal Data has been disclosed (unless this proves impossible or involves a disproportionate effort).

(g) Right to lodge a complaint: Please note that you always have the right to lodge a complaint regarding a breach of your rights in relation to your Personal Data with the competent supervisory authority.

7. Children and minors

Children under the age of 18 are not eligible to use our website or to provide their Personal Data to us in any way. We recognize the privacy interest of children. In accordance with the relevant provisions of the Children’s Online Privacy Protection Act, we do not knowingly collect any information, including any personally identifiable information, from anyone under 13 years of age. Our website and services are directed to persons who are at least 13 years old or older.

8. Changes to this Policy

When necessary, we will make changes to the Policy.  When we do so, we will note the date of update at the top of the Policy, and the changes are effective as of that date. If you have any questions relating to the changes we make to the Policy, please email privacygroup@cohengresser.com.

Contact us / Exercise your rights

If you have any questions regarding this Policy or wish to exercise one of your rights detailed above, including to make a subject access request, please email privacygroup@cohengresser.com. You may also contact us in writing at: Attn: Privacy Group Cohen & Gresser LLP 800 Third Avenue New York, New York 10022