ON THIS PAGE

Privacy Policy

Data Privacy Framework Privacy Statement

California Privacy Notice

Cookie Policy


PRIVACY POLICY

Hughes Hubbard & Reed LLP (“HHR” or the “Firm”) respects your right to privacy. This Privacy Policy explains how we collect, use, disclose, safeguard and otherwise process your Personal Data.

Please read this Privacy Policy carefully. If you have any questions or concerns regarding this Privacy Policy, please contact us at [email protected].

If you are a California resident, please also read our California Privacy Notice for California residents.

Compliance with Law

HHR collects, uses, discloses, safeguards, and otherwise processes Personal Data in compliance with applicable data privacy and data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), UK General Data Protection Regulation (“UK GDPR”), and the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and the Virginia Consumer Data Protection Act (“VCDPA”).

As used in this Privacy Policy, the term “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Collection of Your Personal Data

We may collect or obtain your Personal Data in the following ways:

  • Automatically when you visit and interact with our website, www.hugheshubbard.com, or any affiliated websites, blogs, podcasts, media form, media channels, or mobile applications related or connected thereto (collectively, the “Site”)
  • Directly from you (e.g., when you contact us via email, phone, or mail; when you attend in-person and virtual meetings, conferences, or events; when you provide us with information through social media, business cards, or interactions on our Site)
  • In the course of our relationship with you (e.g., if you have engaged or inquired about our legal services)
  • In the course of providing legal services to our clients, we may obtain your Personal Data from our clients or third parties (e.g., when we receive information pursuant to a subpoena or a document request)
    When you sign up for or respond to Firm news, publications, or marketing communications
  • When you attend one of our seminars or events
  • When you visit one of our offices
  • When you apply for a job or position with us
  • From social media sites, news sources, directories, publications, media, and other public or commercially-available sites
  • From other sources (e.g., background checks, identity verification, law enforcement and regulatory authorities, etc.)

Categories of Personal Data We May Collect and Process

The Personal Data we may collect and process includes:

  • Identification Data: Names, phone numbers, mailing addresses, email addresses, additional contact details, job titles, organization, gender, date of birth, and identifiers (e.g., passport numbers, driver’s license numbers, social security numbers, tax IDs, user IDs)
  • Client Data: Client contact information (e.g., addresses, identifiers), and Personal Data received from clients in respect of their business and/or services, which may include Personal Data of their staff, customers, and others.
  • Data Used in Providing Legal Services: Personal Data received from clients and other sources to administer and perform our services, which may, where relevant, include special categories of Personal Data
  • Marketing Data: Contact information; newsletter requests; event/seminar registrations; marketing preferences; requests for proposals; requests for Firm marketing materials; and requests relating to events, seminars, bar association activities, and speaking and publishing opportunities
  • Financial Data: Bank and brokerage account information, billing address, payment method; invoice records; payment records; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of checks
  • Cookies and Other Automatically-Collected Information: Information relating to your website usage and technical data that is collected through tracking technologies and relationship insight tools. Our servers also automatically collect information when you access the Site, such as your IP address, geolocation, domain name, device ID, browser type, operating system, and access times to the Site (For more information about the cookies that we use, please see our Cookie Policy)
  • Job Application Data: We collect Personal Data from prospective employees, associates, counsel, freelancers and other independent contractors, contract workers, and partners to manage and evaluate job applications and employment offers

We collect the following special categories of Personal Data only when (i) you expressly consent to its collection, or (ii) such information is necessary or permitted to be collected by applicable law.

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data
  • Data concerning health
  • Data concerning sex life or sexual orientation
  • Data relating to criminal convictions and offences, to the extent it is also permitted under the laws of your jurisdiction.

Legal Bases and Purposes of Processing

We process your Personal Data in accordance with applicable law and standards. When required by applicable law, we process your Personal Data only to the extent that we have a legal basis to do so. This may include one or more of the following: when it is necessary for compliance with a legal obligation, when it is necessary for the performance of a contract, when we have obtained your prior consent, when it is necessary to protect your vital interests, or when it is necessary for the purposes of a legitimate interest that is not overridden by your interests, fundamental rights, or freedoms.

We may process your Personal Data for various purposes, including

  • To permit access, use and improvement of our Site;
  • To provide legal and professional services to you or others;
  • To respond to your request for information and communicate with you about our services, client alerts, events, news, invitations, and other marketing materials in which you may be interested, subject to obtaining your prior opt-in consent when required by applicable law;
  • To comply with our compliance, legal and regulatory obligations, such as for anti-money laundering compliance, know your customer compliance, financial and credit checks, audit requirements, fraud and crime prevention and detection, and record keeping requirements
  • To protect the security of and manage access to our premises, IT and communication systems, online platforms, Site, and other systems, including preventing and detecting security threats, fraud, or other criminal or malicious activities;
  • To help us manage health and safety risks to employees and visitors to our offices;
  • To carry out recruitment activities and manage employment applications;
  • To comply with any inquiry, subpoena, court order, or other legal or regulatory process or procedures.
  • To operate and manage the business of the Firm, including our relationships with vendors and third-party suppliers, insurers, landlords and managing agents, advisors, consultants, and financial institutions;
  • To facilitate the expansion, opening, closing or moving of Firm offices, the acquisition of practices, or the restructuring of the Firm;
  • To investigate, establish and/or protect the Firm's legal rights, property, or safety, or the rights, property, or safety of others, to bring and/or defend against legal claims, to facilitate the seeking of external legal advice;
  • To conduct other business activities of the Firm, as needed.

Direct Marketing Opt-Out

If you are receiving information or marketing communications from HHR by email, you may opt out at any time. To opt out, you can click “unsubscribe” in the relevant communication or send an email to [email protected].

Data Retention

We determine the duration for which we will keep your Personal Data according to the following criteria: We retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected or obtained and/or to fulfill the requirements of applicable law. These purposes may include:

  • To provide legal services
  • To assess claims or transactions involving the Personal Data
  • To conduct due diligence, document reviews, government or regulatory compliance, and investigations, including anti-money laundering, politically exposed persons, sanctions, counter terrorism, and know your customer compliance
  • To manage the Firm’s operations and recordkeeping, as well as for statistical purposes
  • To conduct conflict checks and financial assessments
  • To market the Firm’s services and attorneys
  • To market seminars, events, presentations, and Firm publications
  • To store, backup, and administer client files, human resource data, and other data related to the Firm’s legal services, business activities, or any of the above
  • To protect other interests or obligations that are legitimate under applicable laws or necessary to comply with legal or regulatory requirements
  • Upon expiration of the applicable retention period, we will securely destroy or delete your Personal Data in accordance with applicable laws and regulations.

Disclosure and Sharing of Your Personal Data

We do not sell your Personal Data. We may share your Personal Data with others for legitimate business purposes in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality, professional secrecy, and ethical obligations.

When required by applicable law or when it is otherwise appropriate, we safeguard your Personal Data by entering into written agreements with the third parties with whom we share it. Specifically, under the GDPR and the UK GDPR, we contract with third-party processors to ensure that they only process your Personal Data under our written instructions, that they protect the security and confidentiality of your Personal Data by implementing appropriate technical and organizational measures, and that they comply with other regulatory requirements.

We may share your Personal Data with third parties in the following circumstances:

  • We may disclose your Personal Data for the purpose of providing legal advice and services. This may involve disclosure of your Personal Data to other parties, counsel, consultants, vendors, and experts involved in transactions, litigations, arbitrations, investigations, and other legal matters that the Firm handles on behalf of its clients.
  • We may share your Personal Data with third parties that assist the Firm with its marketing activities.
  • We may share your Personal Data with vendors or other processors (such as data hosting and document review service providers, infrastructure and IT service providers, financial institutions, business analytics firms, and other cloud-based service providers).
  • We may share your Personal Data with third parties that are necessary to the operation and management of the Firm’s business, including accountants, auditors and other professional advisors, building and managing agents, consultants, external counsel, financial advisors and institutions, insurers, and those providing HR, accounting, IT and other services to the Firm.
  • We may share your Personal Data with third parties involved with the recruiting of personnel; the expansion, opening, closing or moving of offices; the acquisition of practices; the restructuring of the Firm; or other business activities of the Firm.
  • We may disclose your Personal Data to comply with an applicable court order, law, rule, regulation, or governmental request.
  • We may disclose your Personal Data if we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others. This includes exchanging information with other entities for fraud protection and credit risk reduction.

International Transfers of Personal Data

As an international law firm, HHR handles matters and provides legal services to clients throughout the world. Our firm has multiple offices in the United States, an office in France, an office in Japan, and a strategic cooperation agreement with a law firm in Brazil. Details regarding our offices can be found at www.hugheshubbard.com/contact.

We may transfer your Personal Data from the jurisdiction in which it is collected or located to other jurisdictions, including to other jurisdictions in which we have offices. In making any such transfer, we ensure that there is a legal basis and appropriate safeguards in place. Specifically, with respect to transfers of your Personal Data from the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”) to other jurisdictions, third countries and international organizations:

  • We may rely on an adequacy decision issued by the EU Commission.
  • We may rely on appropriate safeguards, such as Standard Contractual Clauses or Binding Corporate Rules approved by the EU Commission. HHR has entered into Standard Contractual Clauses for transfers of Personal Data among its offices.
  • We may rely on derogations for specific situations, such as when the transfer is necessary for the establishment, exercise, or defense of legal claims or when you give us explicit consent after having been informed of the possible risks associated with the transfer.

Your Rights with Respect to Your Personal Data

Your rights
Under certain data protection laws, you have rights you can exercise in relation to your Personal Data. If you are in the Economic European Area (EEA) or the United Kingdom (UK), you may, subject to certain conditions, exercise the following rights in respect of your Personal Data.

  • The right to access – You have the right to request copies of your Personal Data.
  • The right to rectification – You have the right to request that we correct any of your Personal Data that you believe is inaccurate. You also have the right to request that we complete your Personal Data if you believe it is incomplete.
  • The right to erasure – You have the right to request that we erase or delete your Personal Data.
  • The right to restrict processing – You have the right to request that we restrict the processing of your Personal Data.
  • The right to data portability –You have the right to request that we transfer Personal Data about you, which you have provided to us, to another organization, or directly to you.
  • The right to object – You have the right to object to our using your Personal Data until we demonstrate that we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that we are processing your Personal Data for the establishment, exercise or defense of legal claims.
  • The right to avoid automated decision-making – You have the right to object to any decision based solely on automated processing, including profiling, which produces legal consequences concerning you, or other seriously impactful consequences and to require such decision to be reviewed manually.
  • The right to withdraw consent – Where you have provided your consent to the processing of your Personal Data, you have the right to fully or partly withdraw your consent at any time. To withdraw your consent, please email us at [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data for the purpose(s) to which you originally consented unless there are legitimate grounds for further processing which override your interests, rights and freedoms, such as the need to continue processing your Personal Data for the establishment, exercise or defense of legal claims. This does not apply to the processing of your Personal Data for direct marketing purposes. With respect to such processing, you have the right to object at any time, in which case we will no longer process your Personal Data for direct marketing purposes.

Procedures for Exercising Your Rights
If you want to exercise one of these rights, please email us at [email protected].

To keep your Personal Data safe, if we cannot ascertain your identity or if we have reasonable doubts concerning your identity, then prior to processing your request, we may ask you to submit additional information for the purposes of verifying your identity

You will not be charged or have to pay a fee to exercise your rights regarding your Personal Data, including your right to access your Personal Data, your rights to rectification or erasure of your Personal Data and your right to object. However, if your request is manifestly unfounded or excessive, in particular because of its repetitive character, we may charge a reasonable fee or refuse your request.

Cookies and Tracking Technologies

We use cookies and other tracking technologies on the Site to help customize the Site and improve your experience. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser's settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis. For more information, see our Cookie Policy.

Third-Party Websites

The Site may contain links to third-party websites and applications of interest, news sites and external services that are not affiliated with HHR. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.

Security of Your Information

We use administrative, technical, and physical security measures to protect your Personal Data from unauthorized access, use and disclosure. We also require that our vendors protect such information from unauthorized access, use and disclosure. While we have taken reasonable steps to secure your Personal Data, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Thus, any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us is sent securely.

Policy for Children

We do not knowingly solicit information from or market to children under the age of 16. If you become aware of any data we have collected from children under age 16, please email us at [email protected].

Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. For this reason, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will set forth that practice in a revised version of this Privacy Policy.

Updates to Privacy Policy

We may update our Privacy Policy at any time or as required by applicable laws or regulations. We will make an updated copy of such Privacy Policy available on our website. Please check our website regularly for any changes or updates.

Contact Us

If you have any questions or concerns about this Privacy Policy or would like to report a complaint about the processing of your Personal Data or about our data protection practices or policies generally, please email us at: [email protected] or write to us at:

Hughes Hubbard & Reed LLP
Attn: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004
United States of America

Questions, comments, requests, or inquiries may also be submitted by email to the representative for our office in Paris:

Hughes Hubbard & Reed LLP
Me. Sébastien Bonnard
4 rue Cambacérès
75008 Paris
France
[email protected]

If you are an EEA, EU, Swiss, or UK data subject, you also have the right to lodge a complaint with the applicable EEA, EU, Swiss, or UK supervisory authority -- in particular, in the country of your habitual residence, place of work or place of the alleged infringement -- if you consider that the processing of your Personal Data has been or is unlawful.

(Last updated: August 20, 2024)


DATA PRIVACY FRAMEWORK PRIVACY STATEMENT

Hughes Hubbard & Reed LLP (“Hughes Hubbard” or the “Firm”) is an international law firm which handles matters and provides legal services to clients throughout the world, including the European Union (“EU”), the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland. In the course of this work, it is often necessary for current and prospective clients, adversaries in litigation, counterparties in transactional matters, and others to provide the Firm with information that is subject to the data protection laws of the EU, the EEA, the UK, and Switzerland. This Policy protects personal data that is transferred from the EU, the EEA, the UK, or Switzerland to the United States.

The Firm adheres to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the United States Department of Commerce. Hughes Hubbard has certified to the Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the EU and UK in reliance on the EU-U.S. Data Privacy Framework and the UK Extension thereto. Hughes Hubbard has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework.

If there is a conflict between this Data Privacy Framework Policy and either of those Principles, the Principles shall govern. The Firm’s compliance with the Data Privacy Framework is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. To learn more about the Data Privacy Framework Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Information We Collect and Use

For purposes of this Policy, personal data refers to any information relating to an identified or identifiable natural person that was transferred from the EU, EEA, UK, or Switzerland to the U.S.-based offices of Hughes Hubbard under the EU-U.S. Data Privacy Framework, the UK Extension thereto, or the Swiss-U.S. Data Privacy Framework.

This Policy does not apply to personal data that was or is transferred to the U.S.-based offices of Hughes Hubbard pursuant to other derogations or permissions set forth in Article 26 of the Directive EC/95/46 and in Article 49 of the General Data Protection Regulation. Nor does it apply to personal data transferred to or within Hughes Hubbard from jurisdictions or sources outside of the EU, the EEA, the UK or Switzerland.

Personal data transferred from the EU, EEA, UK and Switzerland may concern the following data subjects:

  • Clients;
  • Prospective clients;
  • Former clients;
  • Adverse parties and prospective adverse parties in litigation, arbitration, mediation or other disputes;
  • Co-parties and prospective co-parties in litigation, arbitration, mediation or other disputes;
  • Third parties, non-parties and witnesses who are involved or potentially involved in litigation, arbitration, mediation or other disputes;
  • Witnesses and others who are involved in or subject to investigations and compliance reviews;
  • Counterparties in transactional matters;
  • Co-parties, agents, joint venture partners, investors, buyers, sellers, lenders, shareholders, and others in transactional matters;
  • Professional and personal contacts of the Firm’s attorneys and staff members;
  • Vendors and suppliers;
  • Advisors, consultants, and experts;
  • Other persons involved in litigation, arbitration, mediation, other disputes, investigations or transactional matters in which the Firm is or may become involved;
  • Employees, agents, representatives, directors, officers, affiliated persons, independent contractors, sub-contractors, dependents, associates, or correspondents of any of the above; and
  • Hughes Hubbard employees or job applicants.

The Personal Data transferred may concern the following:

  • Personal information, including name, title, address, telephone number, business telephone number, business email address, country of residence, employer, employer address, billing information, payment history, job functions, and internal meeting notes;
  • Data that reveals racial or ethnic origin, political or religious opinions or beliefs, trade union membership, genetic data, sexual preferences, criminal offenses or convictions, work performance, location or movements of individuals, individual economic information, and anything related to a child or children;
  • Financial or banking information;
  • Health information;
  • Social security numbers and other identifiers;
  • Photographs or other likenesses;
  • Emails and other communications with third parties;
  • Evidence or materials that may potentially contain evidence relating to an actual or potential dispute or investigation;
  • Due diligence information and information relating to actual or prospective transactions, including financings, loans, licensing arrangements, restructurings, mergers and acquisitions, or asset purchases; and
  • Information relating to intellectual property rights, patents, copyrights and trademarks.

Personal data from the EU, EEA, UK or Switzerland may be transferred to or within the Firm for the following purposes:

  • The Firm’s provision of legal services;
  • Consultations with prospective clients;
  • Assessments of claims or transactions;
  • Conducting due diligence or document reviews;
  • Government or regulatory compliance;
  • Investigations;
  • The Firm’s operations and recordkeeping;
  • Conflict checks and financial assessments;
  • Financial or management forecasts;
  • Compliance with the Firm’s ethical, professional and legal obligations;
  • Compliance with anti-money laundering, risk management, and other compliance protocols;
  • Marketing of the Firm’s services and attorneys;
  • Seminars, presentations, and Firm publications; and
  • Storage, backup and administration of client files, HR data, and other data as described above.

The Personal Data transferred from the EU, EEA, UK or Switzerland may be disclosed to the following persons:

  • The Firm’s attorneys and staff who need to have access to such information;
  • Records management personnel, data center providers, document management professionals, IT personnel, file clerks, and archivists;
  • Adversaries, co-parties, non-parties, third parties, experts, vendors and consultants in litigation, mediation and arbitration;
  • Counterparties, agents, joint venture partners, stakeholders, and other who need to have access to the information in transactional matters;
  • Vendors, contractors, and others supporting or assisting the Firm in providing legal services;
  • Law enforcement agencies and other governmental authorities; and
  • The courts, governmental authorities, tribunals, and other parties as required by law, by court, governmental or other authorized orders, or by applicable rules or regulations.

Transfers to Third Parties

Hughes Hubbard may remain responsible and liable under the Principles for onward transfers to third parties involving the personal information of EU, EEA, UK and Swiss individuals. This does not, however, apply to links to third-party sites. This policy does not apply to the information practices of such third-party companies and organizations, and Hughes Hubbard is not responsible for their compliance with data privacy laws or the content of their sites.

When transferring personal data to third parties, Hughes Hubbard will, among other things:

  • Transfer such data only for limited and specified purposes;
  • Ascertain that the third party/agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
  • Take reasonable and appropriate steps to ensure that the third party/agent effectively processes the personal information transferred in a manner consistent with Hughes Hubbard’s obligations under the Principles;
  • Require the third party/agent to notify Hughes Hubbard if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles.

Compliance

The Firm has security and confidentiality policies that govern all information that the Firm receives, retains and transfers, including personal data from the EU, EEA, UK and Switzerland. These policies are available and apply to all Firm attorneys and personnel, and the Firm periodically conducts training to ensure that all Firm attorneys and personnel comply with these policies. Failure to adhere to the Firm’s policies for the security and confidentiality of information can result in breaches of legal and ethical requirements, and is subject to discipline, including dismissal. The Firm has also instituted procedures to review periodically its compliance with this Data Privacy Framework Policy.

Compliance with this Data Privacy Framework Policy will be verified through self-assessment. The Firm’s Chief Information Security Officer (“CISO”) shall be responsible for ensuring compliance and the CISO or the Firm’s General Counsel shall make a written report to Firm management on at least an annual basis concerning the Firm’s compliance with the Policy and the Principles.

Right of Access

EU, EEA, UK and Swiss individuals subject to the Data Privacy Framework may request confirmation regarding whether Hughes Hubbard is processing their personal data, request access to their personal data, and/or request that Hughes Hubbard rectify, delete, or limit the use of their personal data if it is inaccurate or has been processed in violation of the Principles.

Persons who have consented to Hughes Hubbard’s collection, storage, transfer, disclosure to a third party, or other use of their personal information may withdraw that consent at any time and “opt out” from any future processing based on that consent.

Prior to processing any sensitive personal information (e.g., information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, personal health data, or information concerning the sex life or sexual orientation of the individual), Hughes Hubbard will obtain any required consent from the individual.

To request access to your personal data and for other questions, comments, requests, or inquiries regarding the processing of your personal data by Hughes Hubbard, please contact us via e-mail at: [email protected]

or in writing to:

Hughes Hubbard & Reed LLP
Attn.: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004
United States of America

Questions, comments, requests, or inquiries may also be submitted by email to the representative for our office in Paris:

Hughes Hubbard & Reed LLP
Me. Sébastien Bonnard
4 rue Cambacérès
75008 Paris
France
[email protected]

All such requests will be handled in accordance with the Principles and applicable laws, including applicable data protection and privacy laws. Hughes Hubbard will make good faith efforts to comply with such requests, but there may be circumstances in which Hughes Hubbard is not able to allow access to such information; comply with a request to rectify, delete, or amend such information; and/or limit the use of their information. This may occur where complying with the request would: (i) violate a privilege or protection (such as the attorney-client privilege); (ii) compromise confidentiality obligations or the privacy, proprietary, or other legitimate rights of Hughes Hubbard, its clients, or other third parties; (iii) involve a burden or expense that would be disproportionate to the risks to the individual’s privacy; or (iv) violate applicable rules of professional responsibility or other applicable laws, regulations, court orders or other directives from a tribunal. If Hughes Hubbard determines that a request cannot be complied with for such a reason or reasons, we will endeavor to provide you with an explanation of why that determination was made. To protect your privacy, Hughes Hubbard will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

Complaints/Independent Dispute Resolution

If you have any complaints concerning Hughes Hubbard’s use or collection of your Personal Data, please contact us directly via e-mail at [email protected].

or in writing to:

Hughes Hubbard & Reed LLP
Attn: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004

or

Hughes Hubbard & Reed LLP
Me. Sébastien Bonnard
4 rue Cambacérès
75008 Paris
France

Hughes Hubbard will respond to your complaint within 45 days. As provided below, if Hughes Hubbard is unable to resolve a complaint regarding this Data Privacy Framework Policy or the processing of Personal Data covered by this Policy, it will make available, at no cost to you, an independent recourse mechanism.

Specifically, in compliance with the EU-U.S. Data Privacy Framework, the UK Extension thereto, and the Swiss-U.S. Data Privacy Framework, Hughes Hubbard commits to refer unresolved complaints concerning our handling of personal data received in reliance on those Frameworks to the ICDR-AAA, an alternative dispute resolution provider with services available in the EU, the UK, and Switzerland. If you do not receive timely acknowledgment of your Data Privacy Framework Principles-related complaint from us, or if we have not addressed your complaint to your satisfaction, please visit the ICDR-AAA at https://go.adr.org/dpf_irm.html for more information or to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, you may have a binding arbitration option. Further information can be found on the official DPF website here.

(Last updated: November 22, 2023)


CALIFORNIA PRIVACY NOTICE

This California Privacy Notice supplements Hughes Hubbard & Reed LLP’s (“HHR”, “we”, “us”, “our”) online Privacy Policy. It applies to natural persons residing in the State of California ("California Residents") who are protected by the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act of 2020 (“CPRA”).

This California Privacy Notice explains how we collect, use, disclose, safeguard, and otherwise process your Personal Information. As defined by the CCPA/CPRA, Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics. Personal information does not include publicly available information.

HHR will only disclose Personal Information to unaffiliated third parties as set forth in HHR’s Privacy Policy and in this California Privacy Notice. Under California law, California Residents have the right to request and obtain information from us about our use of their Personal Information as further described below.

HHR does not sell, rent, or trade Personal Information to or with third parties for HHR’s own marketing purposes or benefit.

Collection of Your Personal Information

We may collect or obtain your Personal Information in the following ways:

  • Automatically when you visit and interact with our website, www.hugheshubbard.com, or any affiliated websites, blogs, podcasts, media form, media channels, or mobile applications related or connected thereto (collectively, the “Site”)
  • Directly from you (e.g., when you contact us via email, phone, or mail; when you attend in-person and virtual meetings, conferences, or events; when you provide us with information through social media, business cards, or interactions on our Site)
  • In the course of our relationship with you (e.g., if you have engaged or inquired about our legal services)
  • In the course of providing legal services to our clients, we may obtain your Personal Information from our clients or third parties (e.g., when we receive information pursuant to a subpoena or a document request)
  • When you sign up for or respond to Firm news, publications, or marketing communications
  • When you attend one of our seminars or events
  • When you visit one of our offices
  • When you apply for a job or position with us
  • From social media sites, news sources, directories, publications, media, and other public or commercially-available sites
  • From other sources (e.g., background checks, identity verification, law enforcement and regulatory authorities, etc.)

Categories of Personal Information We May Collect and Process

The Personal Information we may collect and process about you includes:

  • Identification Data: Names, phone numbers, mailing addresses, email addresses, additional contact details, job titles, organization, gender, date of birth, and identifiers (e.g., passport numbers, driver’s license numbers, social security numbers, tax IDs, user IDs). 
  • Client Data: Client contact information (e.g., addresses, identifiers), and Personal Information received from clients in respect of their business and/or services, which may include Personal Information of their staff, customers, and others. 
  • Data Used in Providing Legal Services: Personal Information received from clients and other sources to administer and perform our services, which may, where relevant, include special categories of Personal Information
  • Marketing Data: Contact information; newsletter requests; event/seminar registrations; marketing preferences; requests for proposals; requests for Firm marketing materials; and requests relating to events, seminars, bar association activities, and speaking and publishing opportunities
  • Financial Data: Bank and brokerage account information, billing address, payment method; invoice records; payment records; BACS details; SWIFT details; IBAN details; payment amount; payment date; and records of checks
  • Cookies and Other Automatically-Collected Information: Information relating to your website usage and technical data that is collected through tracking technologies and relationship insight tools. Our servers also automatically collect information when you access the Site, such as your IP address, geolocation, domain name, device ID, browser type, operating system, and access times to the Site (For more information about the cookies that we use, please see our Cookie Policy)
  • Job Application Data: We collect Personal Information from prospective employees, associates, counsel, freelancers and other independent contractors, contract workers, and partners to manage and evaluate job applications and employment offers

Sensitive Personal Information

Under the CPRA, sensitive Personal Information includes any private information that divulges any of the following:

  • Personal identification numbers, including social security, driver's license, passport, or state ID card numbers
  • Account or debit or credit card numbers combined with passwords or codes that would enable access to the accounts
  • A consumer's exact geolocation
  • A consumer's racial origin, religious beliefs, or union membership
  • A consumer's mail, email, or text message content unless the information was intentionally sent to the business
  • A consumer's genetic data, such as DNA samples
  • Sensitive personal information includes the processing of any biometric data to identify a consumer, as well as personal information concerning a consumer's health or sexual orientation.

HHR may process your sensitive personal information when conducting business activities on behalf of the Firm, when providing legal services on behalf of its clients, or when such processing is required by applicable law. HHR will only process your sensitive personal information as necessary and proportionate for these purposes.

Purposes of Processing

We may process your Personal Information for various purposes, including:

  • To permit access, use and improvement of our Site;
  • To provide legal and professional services to you or others;
  • To respond to your request for information and communicate with you about our services, client alerts, events, news, invitations, and other marketing materials in which you may be interested, subject to obtaining your prior opt-in consent when required by applicable law;
  • To comply with our compliance, legal and regulatory obligations, such as for anti-money laundering compliance, financial and credit checks, audit requirements, fraud and crime prevention and detection, and record keeping;
  • To protect the security of and manage access to our premises, IT and communication systems, online platforms, Site and other systems, including preventing and detecting security threats, fraud, or other criminal or malicious activities;
  • To help us manage health and safety risks to employees and visitors to our offices;
  • To carry-out recruitment activities and manage employment applications;
  • To comply with any inquiry, subpoena, court order, or other legal or regulatory process or procedures.
  • To operate and manage the business of the Firm, including our relationships with vendors and third-party suppliers, insurers, landlords and managing agents, advisors, consultants, and financial institutions;
  • To facilitate the expansion, opening, closing or moving of Firm offices, the acquisition of practices, or the restructuring of the Firm;
  • To investigate, establish and/or protect the Firm's legal rights, property, or safety, or the rights, property, or safety of others, to bring and/or defend against legal claims, to facilitate the seeking of external legal advice;
  • To conduct other business activities of the Firm, as needed.

Within the past 12 months, we collected the following categories of Personal Information about California Residents. The specific pieces of Personal Information we collected about you may vary depending on the nature of your interactions with us and may not include all of the examples listed below.

Category of Information Collected

Source

Business Purpose

Identification Data, such as names, phone numbers, mailing addresses, email addresses, job titles, organization, gender, date of birth, identifiers (e.g., passport numbers, driver’s license, social security numbers, tax IDs, user IDs), IP address, mobile device id, cookies and or other online identifiers.

Directly from you

From your devices via cookies and other tracking technologies

From third parties in the course of providing our legal services, including counterparties to transactions or disputes authorized to disclose personal information on behalf of a California Resident

From social media sites, news sources, directories, publications, media, and other publicly available sources

Information received from third parties in connection with vendor or employment status or applications

 

Communicating with you

Performing services for our clients and to administer or otherwise carry out our obligations in relation to any agreement to which we are a party

To address compliance and legal obligations (e.g., checking identity of new clients, prevention of fraud/money laundering).

To respond to queries or requests

To provide relevant marketing to you (e.g., information about events or services that may be of interest.)

To protect our rights and meet our legal obligations

To provide for internal business administration and operations, including troubleshooting, Site customization, enhancement or development, testing, research, administration and operation of our Site and data analytics.

To comply with Firm financial responsibilities (audit, accounting and tax requirements)

As permitted or required by law or as we may notify you

Any categories of personal

information described in

subdivision CCPA Section

1798.80(e)

See above

See above

Geolocation data, such the state or country associated with your IP address

Automatically when you visit our Site

 

Internet or other electronic network activity information, such as browsing, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement

Automatically when you visit our Site

To provide for internal business administration and operations, including troubleshooting, Site customization, enhancement or development, testing, research, administration and operation of our Site and data analytics.

To keep our Site safe and secure

Financial Data, such as account information, billing address, payment method; invoice records; payment records; payment amount; payment date; and records of checks.

Directly from you or from third parties in the course of performing legal services

 

Performing legal services and to administer or otherwise carry out our obligations in relation to any agreement to which we are a party

 

Direct Marketing

If you are receiving information or marketing communications from HHR by email, you may opt-out at any time. To opt out, you can click “unsubscribe” in the relevant communication or send an email to [email protected].

Disclosure of Your Personal Information

We may share your Personal Information with others for legitimate business purposes in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality, professional secrecy, and ethical obligations.

When required by the CCPA/CPRA or when it is otherwise appropriate, we safeguard your Personal Information by entering into written agreements with the service providers, contractors, or third parties with whom we share or disclose it. 

We may share your Personal Information with third parties or disclose it to service providers or contractors in the following circumstances:

  • We may disclose your Personal Information to comply with an applicable court order, law, rule, regulation, or governmental request. 
  • We may disclose your Personal Information for the purpose of providing legal advice and services. This may involve disclosure of your Personal Information to other parties, counsel, consultants, vendors, and experts involved in transactions, litigations, arbitrations, investigations, and other legal matters that the Firm handles on behalf of its clients.
  • We may share your Personal Data with third parties or disclose it to service providers and contractors that assist the Firm with its marketing activities.
  • We may share your Personal Information with or disclose it to vendors or other processors (such as data hosting and document review service providers, infrastructure and IT service providers, financial institutions, business analytics firms, and other cloud-based service providers).
  • We may share your Personal Information with or disclose it to third parties, service providers and contractors that are necessary to the operation and management of the Firm’s business, including accountants, auditors and other professional advisors, building and managing agents, consultants, external counsel, financial advisors and institutions, insurers, and those providing HR, accounting, IT and other services to the Firm.
  • We may share your Personal Information with or disclose it to third parties, service providers and contractors involved with the recruiting of personnel; the expansion, opening, closing or moving of offices; the acquisition of practices; the restructuring of the Firm; or other business activities of the Firm.
  • We may disclose your Personal Information to comply with an applicable court order, law, rule, regulation, or governmental request.
  • We may disclose your Personal Information if we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others. This includes exchanging information with other entities for fraud protection and credit risk reduction.

Your Rights

California Residents have certain rights which they may exercise independently or through an authorized agent. Those rights include:

  • The right to know about the personal information a business collects about them and how it is used and shared: You have the right to request that we disclose to you what personal information we have collected, used, or shared about you, and why we collected, used, or shared that information. We must provide you this requested information, free of charge, for the 12-month period preceding your request. Specifically, you may request that we disclose:
    • The categories of personal information collected
    • Specific pieces of personal information collected
    • The categories of sources from which we collected personal information
    • The purposes for which we use the personal information
    • The categories of third parties with whom we share the personal information
    • The categories of information that we sell or disclose to third parties.
  • The right to delete personal information collected from them (with some exceptions): You may request that we delete personal information we collected from you and to tell our service providers to do the same.
  • The right to opt-out of the sale of their personal information: HHR does not sell your personal information to any third parties.
  • The right to non-discrimination for exercising their CPRA rights: You have the right not to be discriminated against by us for exercising your privacy rights.
  • The right to correct inaccurate information: You have the right to request that HHR correct any personal information if it is inaccurate.
  • The right to limit the use and disclosure of sensitive personal information: You have the right to direct HHR to limit the use or disclosure of your sensitive personal information.
  • The right to opt-out of automated decision-making technology: You have the right to opt out of HHR's use of, if any, automated decision-making technology, including “profiling,” in connection with decisions related to your work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Exercising Your Rights to Know or Delete

If you would like to exercise any of your rights under the CCPA/CPRA or have any questions about this section, please submit your request in writing by emailing us at [email protected]. You can also write to us at:

Hughes Hubbard & Reed LLP
Attn: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004
United States of America

You have the right to designate an authorized agent to submit a request on your behalf under the CPRA by providing that agent with your written permission and providing us with a copy of such written permission.

Your request to know or delete must provide information sufficient to allow us to reasonably verify that you are the person about whom we collected the personal information or that person’s authorized representative. Your request must also contain sufficient detail to allow us to properly understand, evaluate, and respond to it. To the extent you provide Personal Information with your request, we will use that Personal Information only to verify your identity or authority to make the request and as necessary to track and document requests and responses, unless you also provided the Personal Information to us for another purpose.

If we cannot comply with a request for any reason, we will explain the reasons in our response. We may deny your request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction or legal matter for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business or legal relationship with you or a client, or otherwise perform our contract with you
  • Exercise free speech, ensure the right of another consumer to exercise that consumer's right of free speech, or exercise another right provided for by law
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • Debug products to identify and repair errors that impair existing intended functionality
  • Comply with a legal obligation
  • Make other internal and lawful uses of that information that are compatible with the context in which the information was provided to us

Please note that under California law we are not required to delete Personal Information about an individual that was not collected directly from that individual.

Any requests that can be processed by us will be responded to in no more than 45 days from the date we receive your request, unless we notify you that an extension is required. In case of an extended completion period, we will process the request in no more than 90 days from the date of the original request. California Residents are limited to two requests to know/access their Personal Information within a 12-month period.

Retention Period

Please note that we retain Personal Information for as long as is reasonably necessary in connection with the purposes for which the Personal Information was collected.

Other California Privacy Rights

California Civil Code Section 1798.83 permits California residents to request and obtain from us, once a year and free of charge, information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided above.

Updates to Privacy Notice

We may update this California Privacy Notice at any time or as required by applicable laws or regulations. We will make an updated copy of such Privacy Notice available on our website. Please check our website regularly for any changes or updates.

Contact Information

If you have any questions in relation to this Privacy Notice, please contact:

Hughes Hubbard & Reed LLP
Attn: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004

[email protected]

 (Last updated: August 20, 2024)



COOKIE POLICY

This website uses cookies. You can choose to accept or refuse the use of cookies.

We encourage you to read this Cookie Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Cookie Policy. 

What are cookies?

Cookies are small files that are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer. These cookies allow us to distinguish you from other users of our website. This helps us provide you with the best experience and allows us to improve our website. For more information on cookies, visit www.allaboutcookies.org.

Why do we use cookies?

We use cookies to identify which pages of our website you use. This helps us analyze data about web page traffic and improve our website in order to better understand what our users want and improve the quality of our users’ experience. We only use this information for our own statistical analysis purposes. We do not share this information with anyone else.

What types of cookies do we use?

There are different types of cookies which can be grouped into two general types.

  • Session cookies or essential cookies are required for the operation of our website and help you to navigate through our website and its features. They are temporary cookies that are not stored on your computer once your browser is closed.
  • Persistent or tracking cookies helps our website remember, for example, your user setting and preferences. These cookies stay on your devices for a specific period of time even when you close your web browser until you manually delete them through your browser setting or until they expire.

In particular, we use the following cookies:

Cloudflare:

  • __cf_bm: 30 minutes: read and filter bot requests

Vimeo:

  • _cfuvid: session: video hosting/sharing
  • Vuid: 1 year: stores usage history

Google:

  • _ga: 2 years: distinguishes users
  • _ga_*: 1 year: store and count pageviews
  • _gat_*: 1 minute: read and filter bot requests
  • _gid: 1 day: distinguishes users

HotJar:

  • _hjSession_*: session: provides functions across pages
  • _hjSessionUser_*: 1 year: stores user ID
  • _hjTLDTest: session: determines cookie path

OneTrust:

  • OptanonConsent: 1 year: tracks users' cookie consent
  • OptanonAlertBoxClosed: 1 year: controls cookie notice
  • skip-animation: session: improves performance

How can you control cookies?

When you first visit our website, you may receive a message that by clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. You can also change your cookie preferences to accept or reject specific cookies by clicking on “Cookie Settings”.

All recent versions of popular browsers give users a level of control over cookies. You can set your browser to accept, reject, or disable some or all cookies, or to prompt you each time a cookie is offered. You can also delete cookies that are stored on your device using your browsing settings and preferences. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of our site.

Each browser is different, so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences. With new devices being created all the time, including tablets and phones, it is not possible to list every browser for every device. The best advice is to consult the browser publishers’ websites for further instructions regarding cookies.

Policy changes

This Cookie Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law.

Contact information

If you have any questions in relation to this Cookie Policy, please contact us at: [email protected]

or in writing to:

Hughes Hubbard & Reed LLP
Attn.: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004