Effective Date: May 25, 2018
Greenberg Traurig Germany, LLP, Greenberg Traurig, LLP (a UK registered entity), Greenberg Traurig Grzesiak sp. k. and the Amsterdam office of Greenberg Traurig LLP (a New York registered entity) (collectively “GT EU”, “we” or “us”) respect your right to privacy. This Privacy Notice explains how GT EU, as a data controller, may collect, share, use and process information about you, and how you can exercise your privacy rights. It applies to all services delivered by GT EU when individuals access the GT EU’s offices pages on www.gtlaw.com, its subdomains or GT’s mobile apps and in connection with our blogs, alerts, newsletters, social media sites or programs and other communication services provided on or through the Internet, by email or other means, and any data received on our clients and other individuals in relation to or in connection with our legal services or otherwise (collectively the “Services”).
For the Privacy Notice governing your access to the www.gtlaw.com (“Website”), mobile apps, blogs, alerts, newsletters, social media sites or programs and other communication services provided on or through the Internet (collectively the “Website Services”), please see the GT Privacy Notice (Website).
We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal information about you. Those supplemental notices should be read together with this Privacy Notice.
If you have any concerns or questions about your privacy or use of our Services, please contact us via email at email@example.com or via postal mail at the relevant location listed in the “How to Contact Us” section below.
1. Changes to this Privacy Notice
We may update this Privacy Notice from time to time. The effective date of the current Privacy Notice is noted at the top of this page.
If we make any material changes to the way we collect, use, share or process the personal information that you have provided, we will notify you by posting a notice of the changes in a clear and conspicuous manner on the GT Website or via the most recent email or mailing address we have on file for you.
2. Responsibility for Your Personal Information
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the "GDPR”), the data controllers for the personal information you provide or that we collect in connection with the GT Website Services is Greenberg Traurig, P.A. and Greenberg Traurig LLP (a New York registered entity) except where the GT Website specifically relates to an office, lawyer or other employee or representative of GT EU where the respective GT EU office may be (also) a controller. For more information about Greenberg Traurig LLP data processing activities related to the GT Website Services, please see Greenberg Traurig’s Privacy Notice (Website).
Where we are providing you with legal services or where you are engaging with us in other circumstances (such as to attend an event, to engage in a matter with one of our clients or to join us as an employee), for the purposes of the GDPR, the identity of the data controller will depend on the GT office with which you are engaging. Each office is listed in the first paragraph of this Privacy Notice and is regarded as an independent data controller. This Privacy Notice applies to all such entities in the EU.
3. Information We May Collect
When we provide our Services, we may collect personal information about your use of our Services, personal information that you send us or that we receive from other sources. Throughout this Privacy Notice, we use the term "personal information" to describe information that identifies you or makes you identifiable. Information that has been anonymized so that it does not identify a specific individual is not “personal information.”
We may collect and process the following information when providing the Services:
- Information You Provide Voluntarily. We may collect information that you voluntarily provide to us. If you communicate or correspond with us by email, through postal mail, via phone or through other forms of communication, or if you meet with us at our offices or at other places, we may collect and process the information you provide as part of this communication or meeting. We only collect and process the personal information we need to allow us to respond to your request and/or provide the particular service you have sought.
- Information We Collect Automatically. We may automatically collect information about you when you use our Services such as, but not limited to:
- Device Information. We may collect information about devices you use to access the Services and how you use the Services, such as your Internet Protocol (“IP”) address and which websites you visited before accessing our Services.
- Performance and Log Data. Our servers may automatically record information created by your use of our Services, which may include information such as, but not limited to, your IP address, browser type, operating system, command line information, diagnostic information related to the Services (e.g., crash activity reports), the referring web page, pages visited, location, your mobile carrier, device and application IDs, and search terms. For instance, when we send you an email, we may collect certain information including whether you opened or deleted our email, action you took upon receipt of our email, or your name and contact information.
- Information We Receive About You from Third Parties. When we receive personal information about you from third parties and use such information, this can include: your name, email address, contact information, the company you work for, your position; business and home address, identification and background information, professional experience and qualifications, previous positions, financial information, such as payment related information and shareholdings, and other personal information.
If you connect to us from a social network, such as LinkedIn or Facebook, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, friends list, follower list, and any other information you have agreed it can share or that the social network provides to us. We will assume that such social network or other third parties are entitled to collect and share such personal information with us. If you wish to change your privacy settings, you should check your privacy settings and consult with the relevant social network or third party.
- Special Categories of Personal Information. In connection with an event, a seminar or a meeting we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is limited to the purposes described to you at the time of collection. In connection with legal advice we deliver, we may also receive or collect, and use, special categories of personal information relating to you (i.e., racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, details of criminal offences or genetic or biometric data).
4. How and Why We Use Your Information
- To Provide Our Services to You or Others. We may process your personal information to deliver our Services, including legal advice, to you or third parties, comply with regulatory or other legal obligations, and perform the contract we have with you, your employer or other third parties, and to stay in touch and be able to contact you. Without your personal information, we cannot provide such Services.
- To Respond to Your Inquiries. We process your personal information when you contact us, such as with questions, concerns, feedback, disputes, issues or requests for advice. Without your personal information, we cannot respond to you or ensure your continued use and enjoyment of the Services.
- To Enforce Our Terms or Agreements. We process your personal information to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities in connection with our Services; investigate, prevent, or mitigate violations of our terms, agreements or policies; and enforce our agreements with third parties and partners. We cannot perform our Services in accordance with our terms, agreements or policies without processing your personal information for such purposes.
- To Ensure the Security of the Service. We are committed to ensuring your safety and continued enjoyment of our Services. To do so, we process your personal information to improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not access your account with us or your information we otherwise hold. We cannot ensure the security of our Services if we do not process your personal information for security purposes.
- For Potential Employment. We process your personal information when you seek employment with us to evaluate you as a candidate for the position. Without your personal information, we cannot evaluate your qualifications for employment.
- To Engage in Marketing Activities. We want to inform you about our Services, new legal and policy developments, relevant information in the industries we serve and our marketing events (including by electronic means, such as email). To do so we may process your contact information or information about your interactions on our Services to send you marketing communications; provide you with information about events, webinars, or other materials; deliver targeted marketing to you (please see our Cookie Notice for more information about digital interest-based advertising); and keep you updated about our Services. We will do so based on our legitimate interests, as permitted by applicable law, or your consent. You can opt-out of receiving our marketing information at any time by clicking an unsubscribe link in our emails.
If, in the future, we use your personal information in any way that is not described in this Privacy Notice, we will disclose this to you. At that time, you can choose not to allow us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected or received it or subsequently obtained your consent. If you choose to limit the ways we can use your personal information, some or all of the Services may not be available to you. Also, we may have legitimate reasons to still use your personal information even though you did not allow us to.
5. Information Sharing and Disclosure
We do not sell, exchange, transfer, or give your personal information to any third party for any reason except as set forth in this Privacy Notice, or when specifically agreed to by you, or if we are required to share this information to complete your request, or if it ensures to serve legitimate purposes or legal obligations. In particular, we share personal information in the following circumstances:
- Public Institutions. We may share your personal information with certain public institutions such as courts, commercial registers, land registers, regulatory and other public authorities, especially in the course of providing legal services as part of the Services. Your personal information may also be shared with opponents, their advisors and other third parties involved in a matter we advise on.
- GT Affiliated Entities. As we are a global organization that provides a global service, we may share your information with our offices and data centers throughout the world to provide our Services (e.g., the United States, Europe, Latin America, Middle East, and Asia).
- Our Service Providers. We share your information with certain of our service providers, suppliers, subcontractors, and similar third parties who provide services to us, or act on our behalf so that they can assist us with the maintenance of our Service. Our contracts with these service providers prohibit them from sharing your personal information with others for other purposes than as directed by us.
- Corporate Reorganization. Subject to the rules of professional conduct applicable to us and applicable data protection laws, we may transfer information to a third party in case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset or stocks, including in the event of corporate restructuring. Except as otherwise provided by a bankruptcy or other court, the use and disclosure of all transferred personal information will be subject to policies that are consistent with the policies described in this Privacy Notice.
6. Links to Third Party Services
Our Services may include links, or introductions, to third party services. The use of these third party services may result in the collection and sharing of information about you by these third party services.
This Privacy Notice does not address the data processing practices of any third party, unless as specified otherwise. Please note, the inclusion of a link on any of our Services to a third party’s service does not imply endorsement of the third party’s data handling practices, and does not imply that the third party’s practices are covered by this Privacy Notice. We are not responsible for the privacy practices of these entities.
We encourage you to be aware when you leave our Services, and to read the privacy statements or notices of each website or app on which you land after you click on a link or social networking button.
7. Your Rights in Relation to Your Information
We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. You have the right to access, correct, or delete the personal information that we collect. You are also entitled to restrict or object, at any time, to the further processing of your personal information. You have the right to receive your personal information in a structured and standard format and, where technically and legally feasible, the right to have your personal information transmitted directly to a third party controller. You may contact us at firstname.lastname@example.org or the contacts listed in Section 14 below to exercise your rights.
We will respond to your request in a reasonable timeframe. To protect the privacy and the security of your personal information, we may request information from you to enable us to confirm your identity and right to access such information, as well as to search for and provide you with the personal information we maintain. There are instances where applicable laws or regulatory requirements allow or require us to refuse to provide or delete some or all of the personal information that you have asked to be provided or deleted.
If you believe we have infringed or violated your privacy rights, please contact us at email@example.com or the contacts listed in the Section 14 below so that we may resolve your dispute directly. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence or place of alleged infringement.
8. How We Keep Your Information Secure
We use reasonable technical, organizational, and administrative measures to protect your personal information within our organization against unauthorized or unlawful access or processing, and against accidental loss, destruction, or damage. In addition to the security measures detailed above, GT EU takes the following steps to protect personal information: It (i) takes measures to ensure the ongoing confidentiality, integrity, availability, and resilience of GT EU’s processing systems and services; (ii) takes measures to ensure GT EU’s ability to restore the availability of and access to personal information in a timely manner in the event of a physical or technical incident; and (iii) has a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures.
However, even though GT EU makes reasonable efforts to protect your personal information in its custody, no security system or data storage or transmission over the Internet or otherwise is fully secure. Thus, we cannot guarantee the security of any information we may have collected or received from you or transmitted to you.
If you believe your information is not secure, please immediately notify us of the problem at the address provided in Section 14 below.
We retain personal information about you for as long as necessary to perform the activities described in this Privacy Notice, or where we have a legitimate interest to do so, or as long as is set out in any relevant contract you hold with us, or to meet applicable legal, regulatory, accounting or reporting requirements.
When our legitimate interest for retaining your personal information ceases to exist, we will either delete or anonymize your information so that it can no longer be attributed to a particular individual. A longer retention period may be required or permitted by tax, accounting or other applicable law or rules of professional conduct. To the extent personal information remains within our databases, back-ups or other records and we are unable to anonymize it, we will isolate such information from further processing until deletion is possible. If you have any questions, please feel free to contact us.
10. Children’s Information
We do not knowingly collect any personal information from children under 16. In the course of us providing legal advice, we may collect and use personal information about children under 16 as permitted under the applicable law or with consent from their parent or legal guardian. If we become aware that an individual under 16 is submitting information, and this is not related to any Services that we provide to our clients, we will delete the information as soon as possible. If you believe we are collecting information about an individual under 16, please notify us immediately so that we can take appropriate action.
11. International Transfers of Personal Information
As a global organization, we may transfer your personal information to countries outside the European Economic Area (“EEA”). When we transfer your personal information to countries outside the EEA, we will ensure an adequate level of protection is guaranteed by making sure - where required by law - that at least one of the following appropriate guarantees have been implemented:
- Transfer of personal information to countries which, according to the European Commission, offer an adequate level of protection to personal information (so-called “adequacy decision”);
- Use of specific contracts, approved by the European Commission, which ensure the same protection to personal information as granted in the EEA;
- Transfer of personal information to an establishment that complies with the Privacy Shield Framework and has a valid Privacy Shield certification and thus offers a level of protection for personal information that is similar to the EU standard; or
- Transfer of personal information to an establishment which has approved internal binding corporate rules that are in line with the level of data protection granted by the EU.
If we share your data with Greenberg Traurig, P.A. and Greenberg Traurig LLP (a New York registered entity), the following applies: Greenberg Traurig, P.A. and Greenberg Traurig LLP comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. Greenberg Traurig, P.A and Greenberg Traurig LLP have certified that they adhere to the Privacy Shield Principles with respect to such data. To learn more about the Privacy Shield program, and to view the certification page of Greenberg Traurig, P.A. and Greenberg Traurig LLP, please visit https://www.privacyshield.gov/.
12. Legal Basis for the Processing of Personal Information
Article 6(1) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) describes when processing can be done lawfully. When we process your personal information for a specified purpose, we shall apply one of the Article 6 legal bases described below, including any Article 9 legal bases for special categories of personal information.
(i) Whenever we require your consent for the processing of your personal information such processing will be based on Article 6(1) lit. (a) GDPR.
(ii) If the processing of your personal information is necessary for the performance of a contract between you and GT or for taking any pre-contractual steps upon your request, such processing will be based on Article 6(1) lit. (b) GDPR. If this data is not processed, GT will not be able to execute the contract with you.
(iii) Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of Article 6(1) lit. (c) GDPR, for example for complying with obligations under anti-money laundering laws.
(iv) Where the processing is necessary for the purposes of GT’s or another party’s legitimate interests, such processing will be made in accordance with Article 6(1) lit. (f) GDPR, for example to enforce legal claims.
Here are some examples of typical processing activities and their legal basis:
Purposes of Processing
Legal Basis for Processing
Processing is based on our contract obligations or to take steps prior to entering into a contract.
Processing is based on our or a third party’s legitimate interest.
Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.
Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.
We will only contact individuals by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law, or the individual’s consent. If you do not want us to use your personal information in this way please click an unsubscribe link in our emails or send us an email at firstname.lastname@example.org. You can object to direct marketing at any time and free of charge.
14. How to Contact Us
You can contact us via email at email@example.com. For all personal information collected, processed and used through Greenberg Traurig Germany, LLP, you may contact the German Data Protection Officer Carsten Kociok at firstname.lastname@example.org.
If you prefer to contact us by postal mail, please identify the relevant data controller(s) you wish to contact and use the relevant address below.
Greenberg Traurig Germany, LLP
Greenberg Traurig Santa Maria
Greenberg Traurig Grzesiak sp. k.
Greenberg Traurig, LLP
Greenberg Traurig LLP