Last Updated April 25, 2018
1. How do we collect and process your Personal Data
1.1 Information you provide We collect the Personal Data you voluntarily provide to us from time to time via email or other means of communication, in particular when:
- we (or a member of our firm) handle a legal matter on your behalf; or
- we (or a member of our firm) otherwise enter into a business relationship with you; or
- you give your business card to a member of our firm;
- you apply for a position at our firm;
- you send an email to us (or a member of our firm) for any reason.
Such Personal Data may include your first/last name, address, company/organization name, your functions, telephone numbers, email address, country, type of assistance required and/or your message, CV, letter of motivation, letter of recommendation, qualifications, etc. Such information is used for the following purposes:
- Answering your inquiries and requests, including questions regarding our firm and policies, requests for marketing communications, and recruitment queries;
- During the course of our business, including in relation to legal services and advice;
- Contact you via marketing communications, such as client alerts, press releases, and event invitations;
- Updating our contact lists to ensure accurate information and areas of interest;
- Recruitment purposes;
- Improving our services, including through data analytics, audits, and fraud detection.
This processing is necessary:
- for the provision of our services and the fulfillment or performance of an agreement with you; or
- for our other legitimate purposes under applicable laws.
Personal Data is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.
1.2 Direct marketing We may, from time to time, send you direct communications including news regarding our firm, invitations to events or articles written by our attorneys. You must communicate an email address in order to subscribe to any of our newsletters and client alerts. You can chose to unsubscribe at any time, either by clicking on the link provided at the bottom of our newsletters or client alerts, or by sending us a request to that effect.
1.3 Information collected automatically and cookies When you visit our website, the following information about your visit is automatically collected by us:
- your computer’s or mobile device’s operating system;
- the application or software that you used to access our website;
- your Internet Protocol (“IP”) address;
- the time you accessed our website;
- the device type with which you accessed our website;
- your browser type and language configuration;
- the website you visited before accessing our website.
Our website may also contain social media features, such as a LinkedIn ‘Follow’ button. These features may collect your IP address and the page of origin from our website, and may set a cookie to enable the feature to function properly. The aim of the automatic collection and processing of the information described above is to obtain visit statistics in order to improve our website and your experience as a client or user of our website. In particular, we use IP addresses to analyze trends, administer the website, and gather broad demographic information for aggregate use. Such Personal Data is processed to further our legitimate purposes. Personal Data is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.
2. Links to third party sites and Google Analytics
3. Sharing with third parties
As members of a global firm, we will share your Personal Data with other Cohen & Gresser entities throughout the world. We may disclose your Personal Data to another Cohen & Gresser entity (i) for purposes of outsourcing one or more of the functions described above; (ii) to confirm or update information provided by you; or (iii) for other purposes disclosed at or before the time the information is collected. We may also share your Personal Data with some selected third parties including software providers and vendors:
- when legally required to do so; or
- when utilizing third party vendors to host and secure – but not process – data during the regular course of doing business.
We operate our services through Cohen & Gresser LLP in the United States. This means that your Personal Data is processed and stored on a server located in the United States. By accessing our website or otherwise voluntarily providing us with information, you consent to having your data transferred and processed in the United States. In order to ensure the lawfulness of these transfers, we have executed and implemented the European Commission Standard Contractual Clauses for controller-to-controller transfers set by Decision 2004/915/EC. The Standard Contractual Clauses provide for adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights, and are fully implemented by all entities of Cohen & Gresser.
5. Security measures
We attempt to protect against the loss, misuse and alteration of your Personal Data and have implemented reasonable administrative, technical, and physical measures to protect your Personal Data, both online and offline. While we have strict procedures in place to safeguard your Personal Data, we cannot guarantee the safety of Personal Data or any transfer of such data which takes place outside of C&G networks. If you have specific questions regarding our security measures, please email firstname.lastname@example.org
6. Rights with regard to your Personal Data
You have the following rights regarding your Personal Data processed by us.
(a) Right of access: You may request access to your Personal Data that we collect and process about you. This is called a data subject access request and you can make a request about your Personal Data by writing to us using the contact details below. We may require further information from you in order to verify your identity before giving you access to or disclosing any Personal Data to you. Should you request such an access, we will provide you with a copy of all your Personal Data in our possession as well as all legally required information, including:
- the purposes of the processing;
- the categories of Personal Data concerned;
- the recipients to whom the Personal Data have been or will be disclosed;
- the duration of storage of the Personal Data; and
- further information on your rights regarding your Personal Data.
(b) Right to data portability: You have the right to data portability of your Personal Data. This right differs from your right to access, since it only relates to the Personal Data you provided us with (for example, automatically collected data is not included). This right allows you to receive this Personal Data in a structured, commonly used and machine-readable format in order for you to be able to transfer this Personal Data to another data controller or processor.
(c) Right to rectification: You may, at any time, request that we rectify inaccurate or incomplete Personal Data concerning you, and we will proceed accordingly and promptly.
(d) Right to deletion (‘right to be forgotten’): You may request the deletion of your Personal Data provided that one of the following conditions apply:
- your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- there is no statutory or legal basis requiring us to maintain your Personal Data;
- you withdraw your consent for the processing and there is no other legal ground for the processing (this only relates to the Personal Data collected via the contact form or for our newsletter purposes);
- you exercise your right to object to the processing of your Personal Data, as detailed in section 6.5;
- your Personal Data was unlawfully processed; or
- your Personal Data has to be erased to comply with a legal obligation to which we are subject.
(e) Right to object: Where your personal situation justifies it, you may object to the processing of your Personal Data by us when this processing is carried out in our legitimate interests. You may also, at any time, object to the processing of your Personal Data by us when this processing is carried out for marketing purposes.
(f) Right to restriction of processing: You may ask for the restriction of the processing of your Personal Data when one of the following applies:
- where you dispute the accuracy of your Personal Data, you can request the restriction of the processing of your Personal Data for the period required to verify your claim;
- where the processing is unlawful, you may choose to request the restriction of the use of your Personal Data instead of requesting its erasure;
- if we no longer need your Personal Data for the purpose of the processing, but you require this data for the establishment, exercise or defense of legal claims; or
- where you objected to the processing of your Personal Data carried out in our legitimate interests, you may request the restriction of this processing while we investigate your claim.
If and when you notify us of a rectification or deletion of your personal data or a restriction of processing, we will attempt to notify each recipient to whom your Personal Data has been disclosed (unless this proves impossible or involves a disproportionate effort).
(g) Right to lodge a complaint: Please note that you always have the right to lodge a complaint regarding a breach of your rights in relation to your Personal Data with the competent supervisory authority.
7. Children and minors
Children under the age of 18 are not eligible to use our website or to provide their Personal Data to us in any way. We recognize the privacy interest of children. In accordance with the relevant provisions of the Children’s Online Privacy Protection Act, we do not knowingly collect any information, including any personally identifiable information, from anyone under 13 years of age. Our website and services are directed to persons who are at least 13 years old or older.
8. Changes to this Policy
When necessary, we will make changes to the Policy. When we do so, we will note the date of update at the top of the Policy, and the changes are effective as of that date. If you have any questions relating to the changes we make to the Policy, please email email@example.com.
Contact us / Exercise your rights
If you have any questions regarding this Policy or wish to exercise one of your rights detailed above, including to make a subject access request, please email firstname.lastname@example.org. You may also contact us in writing at: Attn: Privacy Group Cohen & Gresser LLP 800 Third Avenue New York, New York 10022