Effective May 21, 2018
Last Updated August 23, 2018
COLLECTION OF YOUR INFORMATION
We may collect information about you in various ways. The information we may collect on the Site includes:
You are under no obligation to provide us with Personal Data of any kind. We may collect Personal Data about you for various purposes, including
Basis and Requirements for Processing Personal Data
We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We may disclose any information, including Personal Data, we deem necessary, in our sole discretion, to comply with an applicable court order, law, regulation, legal process or governmental request.
We will retain your Personal Data only for as long as it is necessary to fulfill the purposes for which it was collected and processed, satisfy the Firm’s professional responsibilities, and protect the Firm’s legitimate interests. We may also retain your information to comply with legal or regulatory requirements. Upon expiration of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.
Withdrawal of Consent to Process Personal Data
In case you have provided your consent to the processing of your Personal Data, you have the right to fully or partly withdraw your consent at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. This does not apply to the processing of your Personal Data for direct marketing purposes. With respect to such processing, you have the right to object at any time, in which case we will no longer process your Personal Data for direct marketing purposes.
Transfers of Personal Data within HHR
HHR is an international law firm comprising multiple offices in several jurisdictions. Details regarding our offices can be found at https://www.hugheshubbard.com/contact. Any information received by us through the Site, including Personal Data, may be transferred to or shared across our integrated computer networks with one or more of our offices. Specifically, HHR may transfer Personal Data within the Firm to our offices in the United States, Europe, and Japan, as well as to Brazil, where HHR has a strategic cooperation agreement with the Brazilian law firm Saud Advogados.
International Transfers of Personal Data
We may have to transfer your Personal Data from the European Economic Area (EEA) to an HHR office or a third party outside of the EEA. We will seek to ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with EU laws and other applicable laws and regulations on data protection. Such measures include:
Our servers automatically collect information when you access the Site, such as your IP address, your browser type, your operating system and your access times to the Site.
USE OF YOUR INFORMATION
Having accurate information about you is important to us. Specifically, we may use information collected about you via the Site to:
DISCLOSURE OF YOUR INFORMATION
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable court order, law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
We may also share your information with such third parties for marketing purposes, as permitted by law.
We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations or communications. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.
Cookies and Web Beacons
SECURITY OF YOUR INFORMATION
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide any personal information.
POLICY FOR CHILDREN
We do not knowingly solicit information from or market to children under the age of 16. If you become aware of any data we have collected from children under age 16, please contact us at email@example.com.
CONTROLS FOR DO-NOT-TRACK FEATURES
CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with the Site, you have the right to request removal of unwanted data that you publicly post on the Site. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Site, but please be aware that the data may not be completely or comprehensively removed from our systems.
Under many circumstances you will not have to pay a fee to exercise any of your right to request information concerning your personal data from us or to remove unwanted personal data from our Site. However, we may charge a reasonable fee if your request for access is unfounded or excessive – we may also refuse your request in such circumstances.
You have the right to lodge a complaint with the applicable European supervisory authority, in particular in the European Country of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your Personal Data is unlawful.
Hughes Hubbard & Reed LLP (HHR or the Firm) recognizes the importance of your privacy. This privacy notice is meant to inform you about the Personal Data we collect, use, share, or otherwise possess in the course of providing legal services to our clients. If you have additional questions about our data collection privacy practices after reading this notice, please contact us at firstname.lastname@example.org.
HHR will not sell, share or otherwise disclose any of the information it collects without your permission, except as permitted or required by applicable law, regulations, courts or other tribunals.
HHR collects, uses, shares and otherwise processes Personal Data in compliance with data privacy laws, including EU Regulation 2016/679 General Data Protection Regulation (“GDPR”). If you have any questions about this Privacy Notice, please contact us at email@example.com.
We may provide supplemental Privacy Notices on specific occasions when we obtain or collect Personal Data, so that data subjects are more fully aware of how and why we are using their Personal Data. Those notices should be read together with this Privacy Notice.
As used in this Privacy Notice, the term “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What information do we collect about you, how do we collect it and what do we use it for?
We may collect Personal Data about you for various purposes, including:
What may we need from you?
We may need to request specific information from you from time to time to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is done to ensure that Personal Data is not disclosed to any person who does not have the right to receive it.
What if you do not provide the Personal Data we request?
Absent any other legal obligation, it is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to respond to your requests or send you firm updates, industry news and invitations to our events.
How can you transfer my Personal Data?
HHR is an international law firm comprised of multiple offices in several jurisdictions. Details regarding our offices can be found at https://www.hugheshubbard.com/... . Any information received by us, including Personal Data, may be transferred to or shared across our integrated computer networks with one or more of our offices in other countries that may not be subject to data protections laws similar to those prevailing in the jurisdiction in which such information is provided to or received by us.
In addition, we may have to transfer your Personal Data from the European Economic Area (EEA) to an HHR office or a third party outside of the EEA. We will always seek to ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with EU laws and other applicable laws and regulations on data protection.
How do you keep my Personal Data safe?
We take precautions to protect your Personal Data and to maintain its accuracy. HHR implements physical, administrative and technical safeguards to help us protect your Personal Data from unauthorized access, use and disclosure. We also require that our vendors protect such information from unauthorized access, use and disclosure.
How long will we retain your Personal Data?
We will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected and processed, satisfy the Firm’s professional responsibilities, and protect the Firm’s legitimate interests. This includes the Firm’s provision of legal services, privacy and proprietary interests of the Firm, assessment of claims or transactions involving the personal data, conducting due diligence or document reviews, government or regulatory compliance, investigations, archiving purposes related to the public interest, statistical purposes, and scientific or historical research purposes, the Firm’s operations and recordkeeping, conflict checks and financial assessments, marketing of the Firm’s services and attorneys, seminars, presentations, and Firm Publications, storage, backup, and administration of client files, Human Resource data, and other data as described above; and any other interests or obligations that is legitimate under applicable laws. We may also retain your information to comply with legal or regulatory requirements. Upon expiration of the applicable retention period, we will securely destroy your Personal Data in accordance with applicable laws and regulations.
What rights do I have with respect to my Personal Data?
You have rights you can exercise under certain circumstances in relation to your Personal Data that we hold. You can request access, rectification, erasure and restriction to your Personal Data and request certain information in relation to its processing. You also have the right, under certain circumstances, to receive copies of your personal data, which you may have provided to the Firm. If you want to exercise one of these rights, please contact us at firstname.lastname@example.org.
Right to withdraw consent
In case you have provided your consent to the processing of your Personal Data, you have the right to fully or partly withdraw your consent. To withdraw your consent, please contact email@example.com.
Under many circumstances you will not have to pay a fee to exercise any of these rights. However, we may charge a reasonable fee if your request for access is unfounded or excessive – we may also refuse your request in such circumstances.
Privacy Shield Privacy Statement
Hughes Hubbard & Reed LLP (“Hughes Hubbard” or the “Firm”) is an international law firm, which handles matters and provides legal services to clients throughout the world, including the European Union (“EU”), the European Economic Area (“EEA”) and Switzerland. In the course of this work, it is often necessary for current and prospective clients, adversaries in litigation, counter-parties in transactional matters, and others to provide the Firm with information that is subject to the data protection laws of the EU, the EEA and Switzerland. This Policy protects personal data that is transferred from the EU, the EEA or Switzerland to the United States.
The Firm adheres to the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the United States Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. Hughes Hubbard has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (“Principles”). If there is a conflict between this Privacy Shield Policy and the Principles, the Principles shall govern. The Firm’s compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and/or the Department of Transportation. To learn more about the Privacy Shield program, and to view our certification, please visit http://privacyshield.gov.
Information we collect and use
For purposes of this Policy, personal data refers to any information relating to an identified or identifiable natural person that is transferred from the EU, EEA or Switzerland to or within Hughes Hubbard under the EU-U.S. Privacy Shield or the U.S.-Swiss-U.S. Privacy Shield.
This Policy does not apply to personal data that is transferred to or within Hughes Hubbard pursuant to other derogations or permissions set forth in Article 26 of the Directive EC/95/46 and in Article 49 of the General Data Protection Regulation. Nor does it apply to personal data transferred to or within Hughes Hubbard from any other jurisdiction or source.
Personal data transferred from the EU, the EEA and Switzerland may concern the following data subjects:
The Personal Data transferred may concern the following:
Personal data from the EU, EEA or Switzerland may be transferred to or within the Firm for the following purposes:
The Personal Data transferred from the EU, EEA or Switzerland may be disclosed to the following persons:
Hughes Hubbard may remain responsible and liable under the Principles for onward transfers to third parties involving the personal information of EU and Swiss individuals. This does not, however, apply to links to third party sites. This policy does not apply to the information practices of such third-party companies and organizations, and Hughes Hubbard is not responsible for their compliance with data privacy laws or the content of their sites.
The Firm has security and confidentiality policies that govern all information that the Firm receives, retains and transfers. These policies are available and apply to all attorneys and personnel, and the Firm periodically conducts training to ensure that all attorneys and personnel comply with these policies. Failure to adhere to the Firm’s policies for the security and confidentiality of these policies can result in breaches of legal and ethical requirements, and be subject to discipline, including dismissal. The Firm has also instituted procedures to review periodically its compliance with this Privacy Shield Policy.
Compliance with this Privacy Shield Policy will be verified through self-assessment. The Firm’s Chief Information Officer shall be responsible for ensuring compliance and shall make a written report to Firm management on at least an annual basis concerning the Firm’s compliance with the Policy and the Principles.
Right of access
EU and Swiss individuals subject to the Privacy Shield may request confirmation regarding whether Hughes Hubbard is processing their personal data, request access to their personal data, and/or request that Hughes Hubbard rectify, delete, or limit the use of their personal data if it is inaccurate or has been processed in violation of the Principles.
Persons who have consented to Hughes Hubbard’s collection, storage, transfer, disclosure to a third party, or other use of their personal information may withdraw that consent at any time and “opt out” from any future processing.
Prior to processing any sensitive personal information (e.g., information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, personal health data, or information concerning the sex life or sexual orientation of the individual), Hughes Hubbard will obtain any required consent from the individual.
To request access to your personal data and for other questions, comments, requests, or inquiries regarding the processing of your personal data by Hughes Hubbard, please contact us via e-mail at:
or in writing to:
Hughes Hubbard & Reed LLP
Attn.: Office of the General Counsel
Michael Salzman, Esq.
One Battery Park Plaza
New York, New York 10004
United States of America
Questions, comments, requests, or inquiries may also be submitted by email to the representative for our office in Paris:
All such requests will be handled in accordance with the Principles and applicable laws, including applicable data protection and privacy laws. Hughes Hubbard will make good faith efforts to comply with such requests, but there may be circumstances in which Hughes Hubbard is not able to allow access to such information; comply with a request to rectify, delete, or amend such information; and/or limit the use of their information. This may occur where complying with the request would: (i) violate a privilege or protection (such as the attorney-client privilege); (ii) compromise confidentiality obligations or the privacy, proprietary, or other legitimate rights of Hughes Hubbard, its clients, or other third parties; (iii) involve a burden or expense that would be disproportionate to the risks to the individual’s privacy; or (iv) violate applicable rules of professional responsibility or other applicable laws, regulations, court orders or other directives from a tribunal. If Hughes Hubbard determines that a request cannot be complied with for such a reason or reasons, we will endeavor to provide you with an explanation of why that determination was made. To protect your privacy, Hughes Hubbard will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.
Independent dispute resolution
If Hughes Hubbard is unable to resolve a complaint regarding this Privacy Shield Policy or the processing of personal data covered by this Policy, it will make available, at no cost to the data subject, an independent recourse mechanism.
Unresolved Privacy Shield complaints may be submitted to the American Arbitration Association in the United States. If the data subject does not receive timely acknowledgement of their complaint from Hughes Hubbard, or if Hughes Hubbard has not resolved the complaint, the data subject may contact or visit the American Arbitration Association at http://go.adr.org/privacyshield.html for more information or to file a complaint.
In certain circumstances, individuals may invoke binding arbitration.
(Effective date: May 11, 2018)