PRIVACY POLICY

Effective May 21, 2018
Last Updated August 23, 2018

Hughes Hubbard & Reed LLP (“HHR” or the “Firm”) respects the privacy of our users (“user” or “you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your  information  when you visit our website https://www.hugheshubbard.com, including any other affiliate websites, blogs, media form, media channel, or mobile application related or connected thereto (collectively, the “Site”).  Please read this Privacy Policy carefully.  If you do not agree with the terms of this Privacy Policy, please do not access the Site.

COLLECTION OF YOUR INFORMATION
We may collect information about you in various ways. The information we may collect on the Site includes:

Personal Data
HHR collects, uses, shares and otherwise processes Personal Data in compliance with data privacy laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”).  As used in this Privacy Policy and on the Site, the term “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

You are under no obligation to provide us with Personal Data of any kind.  We may collect Personal Data about you for various purposes, including

  • Access and use of the HHR website – HHR’s website collects Personal Data such as names and addresses only from visitors who voluntarily input such information. The website also uses “cookies” to collect certain information – for more information, see our Cookie Policy.
  • HHR collects email addresses from the emails that are sent to us
  • Responding to your request for information – If you contact us to request information, we may collect your name, contact information such as email address or phone number, and details about your inquiry.
  • In working with clients, prospective clients and others, we may receive and collect business or personal contact information (such as name, business contact details, position or title).
  • Visitor information – We register individuals visiting our offices and events.
  • Marketing – Most information we collect about you comes from our direct interactions with you. We collect the Personal Data you choose to provide to us if you contact us by letter, telephone, email or any other means of electronic or personal communication, such as meeting at an event.
  • You can choose to receive information by email.  If after choosing to do so, you wish to opt-out you can do so at any time by clicking “unsubscribe” or sending an email to privacy@hugheshubbard.com.

Basis and Requirements for Processing Personal Data
We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so.  We may disclose any information, including Personal Data, we deem necessary, in our sole discretion, to comply with an applicable court order, law, regulation, legal process or governmental request.
We will retain your Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected and processed, satisfy the Firm’s professional responsibilities, and protect the Firm’s legitimate interests.  We may also retain your information to comply with legal or regulatory requirements.  Upon expiration of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.


Withdrawal of Consent to Process Personal Data
In case you have provided your consent to the processing of your Personal Data, you have the right to fully or partly withdraw your consent at any time.  To withdraw your consent, please contact privacy@hugheshubbard.com.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. This does not apply to the processing of your Personal Data for direct marketing purposes.  With respect to such processing, you have the right to object at any time, in which case we will no longer process your Personal Data for direct marketing purposes.

Transfers of Personal Data within HHR
HHR is an international law firm comprising multiple offices in several jurisdictions.  Details regarding our offices can be found at https://www.hugheshubbard.com/contact.  Any information received by us through the Site, including Personal Data, may be transferred to or shared across our integrated computer networks with one or more of our offices. Specifically, HHR may transfer Personal Data within the Firm to our offices in the United States, Europe, and Japan, as well as to Brazil, where HHR has a strategic cooperation agreement with the Brazilian law firm Saud Advogados.

International Transfers of Personal Data
We may have to transfer your Personal Data from the European Economic Area (EEA) to an HHR office or a third party outside of the EEA.  We will seek to ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with EU laws and other applicable laws and regulations on data protection.  Such measures include:

  • We may use Standard Contractual Clauses approved by the EU Commission, when asked to do so by vendors and others.
  • HHR has joined the EU-US Privacy Shield Framework.  Please see our Privacy Shield Privacy Statement for further information.

Derivative Data
Our servers automatically collect information when you access the Site, such as your IP address, your browser type, your operating system and your access times to the Site.

USE OF YOUR INFORMATION
Having accurate information about you is important to us.  Specifically, we may use information collected about you via the Site to:

  • Send you client alerts, news items and invitations to events that may be of interest to you.
  • Perform other business activities as needed.

DISCLOSURE OF YOUR INFORMATION
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable court order, law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

Third Parties
We may also share your information with such third parties for marketing purposes, as permitted by law.
We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations or communications. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

TRACKING TECHNOLOGIES

Cookies and Web Beacons
We will use cookies and other tracking technologies on the Site to help customize the Site and improve your experience. When you access the Site, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser's settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

THIRD-PARTY WEBSITES
The Site may contain links to third-party websites and applications of interest, news sites and external services that are not affiliated with HHR.  Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.

SECURITY OF YOUR INFORMATION
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide any personal information.

POLICY FOR CHILDREN
We do not knowingly solicit information from or market to children under the age of 16.  If you become aware of any data we have collected from children under age 16, please contact us at privacy@hugheshubbard.com

CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Site, you have the right to request removal of unwanted data that you publicly post on the Site. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Site, but please be aware that the data may not be completely or comprehensively removed from our systems.

FEES
Under many circumstances you will not have to pay a fee to exercise any of your right to request information concerning your personal data from us or to remove unwanted personal data from our Site.  However, we may charge a reasonable fee if your request for access is unfounded or excessive – we may also refuse your request in such circumstances.

UPDATES
We may update our Privacy Policy at any time, and we will make an updated copy of such Privacy Policy available on our website.  Please check our website regularly for any changes or updates.

COMPLAINTS
You have the right to lodge a complaint with the applicable European supervisory authority, in particular in the European Country of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your Personal Data is unlawful.

CONTACT US
If you have questions or comments about this Privacy Policy, please contact us at: privacy@hugheshubbard.com


PRIVACY NOTICE

General
Hughes Hubbard & Reed LLP (HHR or the Firm) recognizes the importance of your privacy. This privacy notice is meant to inform you about the Personal Data we collect, use, share, or otherwise possess in the course of providing legal services to our clients. If you have additional questions about our data collection privacy practices after reading this notice, please contact us at privacy@hugheshubbard.com.

HHR will not sell, share or otherwise disclose any of the information it collects without your permission, except as permitted or required by applicable law, regulations, courts or other tribunals. 

Data Privacy
HHR collects, uses, shares and otherwise processes Personal Data in compliance with data privacy laws, including EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).  If you have any questions about this Privacy Notice, please contact us at   privacy@hugheshubbard.com.

We may provide supplemental Privacy Notices on specific occasions when we obtain or collect Personal Data, so that data subjects are more fully aware of how and why we are using their Personal Data.  Those notices should be read together with this Privacy Notice.

Personal Data
As used in this Privacy Notice, the term “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What information do we collect about you, how do we collect it and what do we use it for?
We may collect Personal Data about you for various purposes, including:

  • Access and use of the HHR website – HHR’s website collects Personal Data such as names and email addresses only from visitors who voluntarily input such information. The website also uses “cookies” to collect certain information – for more information, see our Cookie Policy.
  • HHR collects email addresses from the emails that are sent to us
  • Responding to your request for information – If you contact us to request information, we may collect your name, contact information such as email or phone number, and details about your inquiry.
  • In working with clients, prospective clients and others, we may receive and collect business or personal contact information (such as name, business contact details, position or title).
  • Visitor information – We register individuals visiting our offices and events.
  • Marketing – most information we collect about you comes from our direct interactions with you. We collect the Personal Data you choose to provide to us if you contact us by letter, telephone, email or any other means of electronic or personal communication such as meeting at an event.
  • You can choose to receive information by email. If you wish to opt-out following giving your consent, you can do so by clicking “unsubscribe” or sending an email to privacy@hugheshubbard.com.

We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so.  Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal processes.  Please see our Privacy Policy for more information.

What may we need from you?
We may need to request specific information from you from time to time to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is done to ensure that Personal Data is not disclosed to any person who does not have the right to receive it.

What if you do not provide the Personal Data we request?
Absent any other legal obligation, it is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to respond to your requests or send you firm updates, industry news and invitations to our events. 

How can you transfer my Personal Data?
HHR is an international law firm comprised of multiple offices in several jurisdictions.  Details regarding our offices can be found at https://www.hugheshubbard.com/... .  Any information received by us, including Personal Data, may be transferred to or shared across our integrated computer networks with one or more of our offices in other countries that may not be subject to data protections laws similar to those prevailing in the jurisdiction in which such information is provided to or received by us. 

In addition, we may have to transfer your Personal Data from the European Economic Area (EEA) to an HHR office or a third party outside of the EEA.  We will always seek to ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with EU laws and other applicable laws and regulations on data protection.

How do you keep my Personal Data safe?
We take precautions to protect your Personal Data and to maintain its accuracy. HHR implements physical, administrative and technical safeguards to help us protect your Personal Data from unauthorized access, use and disclosure.  We also require that our vendors protect such information from unauthorized access, use and disclosure.

How long will we retain your Personal Data?
We will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected and processed, satisfy the Firm’s professional responsibilities, and protect the Firm’s legitimate interests.  This includes the Firm’s provision of legal services, privacy and proprietary interests of the Firm, assessment of claims or transactions involving the personal data, conducting due diligence or document reviews, government or regulatory compliance, investigations, archiving purposes related to the public interest, statistical purposes, and scientific or historical research purposes, the Firm’s operations and recordkeeping, conflict checks and financial assessments, marketing of the Firm’s services and attorneys, seminars, presentations, and Firm Publications, storage, backup, and administration of client files, Human Resource data, and other data as described above; and any other interests or obligations that is legitimate under applicable laws.  We may also retain your information to comply with legal or regulatory requirements.  Upon expiration of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.

What rights do I have with respect to my Personal Data?
You have rights you can exercise under certain circumstances in relation to your Personal Data that we hold. You can request access, rectification, erasure and restriction to your Personal Data and request certain information in relation to its processing.  You also have the right, under certain circumstances, to receive copies of your personal data, which you may have provided to the Firm.  If you want to exercise one of these rights, please contact us at privacy@hugheshubbard.com.

Right to withdraw consent
In case you have provided your consent to the processing of your Personal Data, you have the right to fully or partly withdraw your consent. To withdraw your consent, please contact privacy@hugheshubbard.com.

Fees
Under many circumstances you will not have to pay a fee to exercise any of these rights. However, we may charge a reasonable fee if your request for access is unfounded or excessive – we may also refuse your request in such circumstances.

Changes to Privacy Policy
We may update our Privacy Policy at any time, and we will make an updated copy of such Privacy Policy available on our website.  Please check our website regularly for any changes or updates.


Privacy Shield Privacy Statement

Hughes Hubbard & Reed LLP (“Hughes Hubbard” or the “Firm”) is an international law firm, which handles matters and provides legal services to clients throughout the world, including the European Union (“EU”), the European Economic Area (“EEA”) and Switzerland.  In the course of this work, it is often necessary for current and prospective clients, adversaries in litigation, counter-parties in transactional matters, and others to provide the Firm with information that is subject to the data protection laws of the EU, the EEA and Switzerland.  This Policy protects personal data that is transferred from the EU, the EEA or Switzerland to the United States.        

The Firm adheres to the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the United States Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States.  Hughes Hubbard has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (“Principles”).  If there is a conflict between this Privacy Shield Policy and the Principles, the Principles shall govern.  The Firm’s compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and/or the Department of Transportation. To learn more about the Privacy Shield program, and to view our certification, please visit http://privacyshield.gov.

Information we collect and use

For purposes of this Policy, personal data refers to any information relating to an identified or identifiable natural person that is transferred from the EU, EEA or Switzerland to or within Hughes Hubbard under the EU-U.S. Privacy Shield or the U.S.-Swiss-U.S. Privacy Shield. 

This Policy does not apply to personal data that is transferred to or within Hughes Hubbard pursuant to other derogations or permissions set forth in Article 26 of the Directive EC/95/46 and in Article 49 of the General Data Protection Regulation.  Nor does it apply to personal data transferred to or within Hughes Hubbard from any other jurisdiction or source.

Personal data transferred from the EU, the EEA and Switzerland may concern the following data subjects:

  • Clients;
  • Prospective clients;
  • Former clients;
  • Adversaries in litigation, mediation or arbitration;
  • Co-parties in litigation, mediation or arbitration;
  • Third-parties and non-parties involved in litigation, mediation or arbitration;
  • Witnesses in litigation, mediation, arbitration or investigations;
  • Counter-parties in transactional matters;
  • Co-parties, agents, joint venture partners, and others in transactional matters;
  • Professional and personal contacts of the Firm’s attorneys and staff members;
  • Vendors and suppliers;
  • Advisors, consultants, and experts;
  • Other persons involved in litigation, mediation, arbitration, investigations or transactional matters; and
  • Employees, agents, representatives, affiliated persons, independent contractors, sub-contractors, dependents, associates, or correspondents of any of the above.

The Personal Data transferred may concern the following:

  • Personal information, including name, title, address, telephone numbers, business telephone number, business email address, country of residence, employer, employer address, billing information, payment history, job functions, and internal meeting notes;
  • Data that reveals racial or ethnic origin, political or religious opinions or beliefs, trade union membership, genetic data, sexual preferences, criminal offenses or convictions, work performance, location or movements of individuals, individual economic information, and anything related to a child or children;
  • Financial or banking information;
  • Health information;
  • Social security numbers and other identifiers;
  • Photographs or other likenesses;
  • Emails and other communications with third parties;
  • Evidence or materials that may potentially contain evidence relating to an actual or potential dispute or investigation;
  • Due diligence information and information relating to actual or prospective transactions, including financings, loans, licensing arrangements, restructurings, mergers and acquisitions, asset purchases; and
  • Information relating to intellectual property rights, patents, copyrights and trademarks.

Personal data from the EU, EEA or Switzerland may be transferred to or within the Firm for the following purposes:

  • The Firm’s provision of legal services;
  • Consultations with prospective clients;
  • Assessments of claims or transactions;
  • Conducting due diligence or document reviews;
  • Government or regulatory compliance;
  • Investigations;
  • The Firm’s operations and recordkeeping;
  • Conflict checks and financial assessments;
  • Financial or management forecasts;
  • Compliance with the Firm’s ethical, professional and legal obligations;
  • Compliance with anti-money laundering, risk management, and other compliance protocols;
  • Marketing of the Firm’s services and attorneys;
  • Seminars, presentations, and Firm publications; and
  • Storage, backup and administration of client files, HR data, and other data as described above.

The Personal Data transferred from the EU, EEA or Switzerland may be disclosed to the following persons:

  • The Firm’s attorneys and staff who need to have access to such information;
  • Records management personnel, data center providers, document management professionals, IT personnel, file clerks, and archivists;
  • Adversaries, co-parties, non-parties, third-parties, experts, vendors and consultants in litigation, mediation and arbitration;
  • Counter-parties, agents, joint venture partners, stakeholders, and other who need to have access to the information in transactional matters;
  • Vendors, contractors, and others supporting or assisting the Firm in providing legal services;
  • Law enforcement agencies and other governmental authorities; and
  • The courts, governmental authorities, tribunals, and other parties as required by law, by court, governmental or other authorized orders, or by applicable rules or regulations.

Hughes Hubbard may remain responsible and liable under the Principles for onward transfers to third parties involving the personal information of EU and Swiss individuals. This does not, however, apply to links to third party sites. This policy does not apply to the information practices of such third-party companies and organizations, and Hughes Hubbard is not responsible for their compliance with data privacy laws or the content of their sites.

Compliance

The Firm has security and confidentiality policies that govern all information that the Firm receives, retains and transfers. These policies are available and apply to all attorneys and personnel, and the Firm periodically conducts training to ensure that all attorneys and personnel comply with these policies. Failure to adhere to the Firm’s policies for the security and confidentiality of these policies can result in breaches of legal and ethical requirements, and be subject to discipline, including dismissal.  The Firm has also instituted procedures to review periodically its compliance with this Privacy Shield Policy.

Compliance with this Privacy Shield Policy will be verified through self-assessment. The Firm’s Chief Information Officer shall be responsible for ensuring compliance and shall make a written report to Firm management on at least an annual basis concerning the Firm’s compliance with the Policy and the Principles. 

Right of access

EU and Swiss individuals subject to the Privacy Shield may request confirmation regarding whether Hughes Hubbard is processing their personal data, request access to their personal data, and/or request that Hughes Hubbard rectify, delete, or limit the use of their personal data if it is inaccurate or has been processed in violation of the Principles. 

Persons who have consented to Hughes Hubbard’s collection, storage, transfer, disclosure to a third party, or other use of their personal information may withdraw that consent at any time and “opt out” from any future processing. 

Prior to processing any sensitive personal information (e.g., information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, personal health data, or information concerning the sex life or sexual orientation of the individual), Hughes Hubbard will obtain any required consent from the individual.

To request access to your personal data and for other questions, comments, requests, or inquiries regarding the processing of your personal data by Hughes Hubbard, please contact us via e-mail at:

privacy@hugheshubbard.com

or in writing to:

Hughes Hubbard & Reed LLP
Attn.: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004
United States of America

Questions, comments, requests, or inquiries may also be submitted by email to the representative for our office in Paris:

Stefan.Naumann@hugheshubbard.com

All such requests will be handled in accordance with the Principles and applicable laws, including applicable data protection and privacy laws.  Hughes Hubbard will make good faith efforts to comply with such requests, but there may be circumstances in which Hughes Hubbard is not able to allow access to such information; comply with a request to rectify, delete, or amend such information; and/or limit the use of their information.  This may occur where complying with the request would: (i) violate a privilege or protection (such as the attorney-client privilege); (ii) compromise confidentiality obligations or the privacy, proprietary, or other legitimate rights of Hughes Hubbard, its clients, or other third parties; (iii) involve a burden or expense that would be disproportionate to the risks to the individual’s privacy; or (iv) violate applicable rules of professional responsibility or other applicable laws, regulations, court orders or other directives from a tribunal.  If Hughes Hubbard determines that a request cannot be complied with for such a reason or reasons, we will endeavor to provide you with an explanation of why that determination was made.  To protect your privacy, Hughes Hubbard will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

Independent dispute resolution

If Hughes Hubbard is unable to resolve a complaint regarding this Privacy Shield Policy or the processing of personal data covered by this Policy, it will make available, at no cost to the data subject, an independent recourse mechanism.

Unresolved Privacy Shield complaints may be submitted to the American Arbitration Association in the United States.  If the data subject does not receive timely acknowledgement of their complaint from Hughes Hubbard, or if Hughes Hubbard has not resolved the complaint, the data subject may contact or visit the American Arbitration Association at http://go.adr.org/privacyshield.html for more information or to file a complaint.

In certain circumstances, individuals may invoke binding arbitration.

(Effective date: May 11, 2018)