Greenberg Traurig Privacy Notice
Effective Date: September 18, 2023
If you are receiving services from or working with any of our European offices, or you are accessing GT’s European offices pages on www.gtlaw.com, please review Greenberg Traurig’s European Offices Privacy Notice (the “GT EU Privacy Notice”).
We may provide additional or supplemental privacy notices for specific products or services that we offer at the time of collection. Unless otherwise noted, those supplemental notices should be read together with this Privacy Notice.
Table of Contents
- Personal Information We Collect
- How and Why We Use Your Information
- Information Sharing and Disclosure
- Children’s Information
- Privacy Rights and Choices
- International Transfers of Personal Information
- Notice to Individuals in the European Economic Area, Switzerland and the United Kingdom
- Data Privacy Frameworks Participation
- Notice to California Residents
- Links to Third Party Services
- Changes to this Privacy Notice
- How to Contact Us
When you use our Service, we collect personal information about your use of our Service and information that you send us.
We may collect and store the following information when running the Service:
- Information You Provide Voluntarily. We collect information that you voluntarily provide to us, including: when you communicate via email or other channels; when you sign up for news, publications and marketing communications and events; when you seek career information; when you register for alumni communications newsletters, alerts, or other materials; when you submit an application for a position with us; when you sign up for a webinar or event; when you respond to our communications or requests for information. The information you provide may include: your name, contact information, title, and information about the organization with which you are affiliated. In relation to career information, the information you provide may also include employment history and qualifications. We only collect and process the personal information we need to allow us to respond to your request and/or provide the particular service you have sought.
- Information We Collect Automatically. We may automatically collect information about you when you use our Services such as, but not limited to:
- Device Information. We may collect information about devices you use to access the Services and how you use the Services, such as your Internet Protocol (“IP”) address and which websites you visited before accessing our Services.
- Performance and Log Data. Our servers may automatically record information created by your use of our Services, which may include information such as, but not limited to, your IP address, browser type, operating system, command line information, diagnostic information related to the Services (e.g., crash activity reports), the referring web page, pages visited, location, your mobile carrier, device and application IDs, and search terms. For instance, when we send you an email, we may collect certain information including the nature of the email, whether you opened or deleted our email, action you took upon receipt of our email, or your name and contact information.
- Information We Receive From Third Parties. When we receive personal information about you from third parties and use such information, this can include: your name, email address, contact information, the company you work for, your position, business and home address, identification and background information, professional experience and qualifications, previous positions, financial information, such as payment related information and shareholdings, and other personal information.
If you connect to us from a social network, such as LinkedIn or Facebook, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, friends list, follower list, and any other information you have agreed it can share or that the social network provides to us. We will assume that such social network or other third parties are entitled to collect and share such personal information with us.
- Sensitive Information. We may collect sensitive information about you when you use our Services. Any use of such information is limited to such purposes described to you at the time of collection.
- To Provide Our Services to You. We may process your personal information to inform you about our Services, new legal and policy developments, relevant information in the industries we serve, and our marketing events. Without your personal information, we cannot provide such Services.
- To Respond to Your Inquiries. We process your personal information when you contact us, such as with questions, concerns, feedback, disputes or issues. Without your personal information, we cannot respond to you or ensure your continued use and enjoyment of the Services.
- To Enforce Our Terms or Agreements. We process your personal information to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities in connection with our Services; investigate, prevent, or mitigate violations of our terms, agreements or policies; and enforce our agreements with third parties and partners. We cannot perform our Services in accordance with our terms, agreements or policies without processing your personal information for such purposes.
- To Ensure the Security of the Service. We are committed to ensuring your safety and continued enjoyment of our Services. To do so, we process your personal information to: combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not access your account with us or your information we otherwise hold. We cannot ensure the security of our Services if we do not process your personal information for security purposes.
- For Research and Development Purposes. To continue to provide you with our innovative Services, we collect information about the way you use and interact with our Services for research and development purposes. Research and development help us improve our Services and build new Services and customized features or Services. We take additional security measures when processing your personal information for such purposes, by de-identifying or pseudonymizing your information, limiting access to personnel that may conduct research and development, and applying other technical, physical, and administrative security measures.
- For Potential Employment. We process your personal information when you seek employment with us to evaluate you as a candidate for the position. Without your personal information, we cannot evaluate your qualifications for employment.
- To Engage in Marketing Activities. We process your personal information to inform you about our Services, new legal and policy developments, relevant information in the industries we serve and our marketing events (including by electronic means, such as email). To do so we may process your contact information or information about your interactions on our Services to send you marketing communications; provide you with information about events, webinars, or other materials; deliver targeted marketing to you (please see our Cookie Notice for more information about digital interest-based advertising or click the “Cookie Settings” link in our website footer to update your browser’s cookie preferences for our website at any time); and keep you updated about our Services. You can opt-out of receiving our marketing information at any time by clicking an unsubscribe link in our emails.
We do not sell, exchange, transfer, or give your personal information to any other company or individual for any reason except as set forth in this Privacy Notice and as described below:
- GT Affiliated Entities. As a global organization that provides global services, we may share your information with our offices and data centers throughout the world to provide our Services (e.g., the United States, Europe, Latin America, the Middle East, and Asia).
- Our Service Providers. We share information with our service providers, suppliers, subcontractors, and similar third parties who provide services to us, or act on our behalf so that they can assist us with the maintenance of our Service. Our contracts with these service providers prohibit them from sharing your personal information with others for other purposes than as directed by us.
- Your Consent. We will disclose your information to a person you have given us your consent to disclose to or as required to complete the Services.
We seek to use reasonable technical, organizational, and administrative measures to protect user information within our organization against unauthorized or unlawful access or processing, and against accidental loss, destruction, or damage. We believe that these measures are reasonably adapted to the nature of the information in our custody. In addition to the security measures detailed above, we protect personal information by taking measures: (i) to protect the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services; (ii) to restore the availability of and access to personal information in a timely manner in the event of a physical or technical incident; and (iii) to regularly test, assess, and evaluate the effectiveness of our technical and organizational measures.
However, even though GT makes reasonable efforts to protect information in its custody, no security system or data storage or transmission over the Internet or otherwise is fully secure. Thus, we cannot guarantee the security of any information we may have collected or received from you or transmitted to you.
If you believe your information is not secure, please immediately notify us of the problem at the address provided in the “How to Contact Us” section below.
We retain information about you for as long as necessary to perform the activities described in this Privacy Notice, or where we have an ongoing legitimate business need to do so, such as for legal, regulatory, accounting or reporting requirements.
When our legitimate interest for retaining your personal information ceases to exist, we will either delete or anonymize your information so that it can no longer be attributed to a particular individual. To the extent residual information remains within our databases, back-ups or other records and we are unable to anonymize it we will isolate such information from further processing until deletion is possible. If you have any questions, please feel free to contact us.
We do not knowingly collect any personal information from children under 16. If we become aware that an individual under the age of 16 is submitting information without consent from their parent or legal guardian or as permitted under applicable law, we will delete the information as soon as possible from our database. If you believe we are collecting information about an individual under 16, please notify us immediately so that we can take appropriate action.
Depending on applicable law where you reside or are located, you may be able to assert certain rights identified below with respect to your personal information. Any rights you may have in relation to your personal information are not absolute. We reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or taking the action requested.
- Right to Know/Access. You may have the right to obtain a copy, or a list of categories of the personal information that we hold about you, as well as other supplementary information, such as the purposes of processing, and the entities to whom we disclose your personal information.
- Right to Correct. You may have the right to correct any of your personal information in our records and systems. You may request us to rectify, correct or update any of your personal information held by us that is inaccurate.
- Right to Delete. Under certain circumstance, you may have the right to request that we delete the Personal Information that we hold about you. This right is not absolute, and we may refuse such a request if there are compelling legitimate grounds for keeping your personal information, for legitimate purposes, or as required by law. In addition, in the event your deletion request is honored, we may retain a record of your deletion request as required under applicable law.
- Right to Portability. You have the right to receive a copy of the personal information we have collected about you in a structured, commonly used and machine-readable format.
- Right to Opt-Out of Automated Decision-making or Profiling. You may have the right not to be subject to a decision which significantly impact your rights that is based solely on automated processing (where a decision is taken about you using an electronic system without human involvement). No decision will be made by us about you solely on the basis of automated decision making which has a significant impact on you.
- Right to Appeal. In certain jurisdictions, you may have the right to appeal if we refuse to take action on your rights request. Instructions on how to appeal will be provided to you upon such a denial, but in any event, such instructions will be substantially similar to those provided below for submitting requests.
- Right Against Discrimination. You may have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.
We do not sell your personal information. We do not share your personal information for targeted advertising. We do not process any information that may be considered “sensitive personal information”, under certain laws, to infer characteristics about you.
To make a privacy rights request, please contact us by email at firstname.lastname@example.org or contact us at 1-202.533.2300. To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
In your request, please make clear what information you would like to have changed, whether you would like to have your personal information correct, deleted, or other limitations you would like to put on our use of your personal information. We may only implement requests with respect to personal information that is associated with the particular email address that you use to send your request.
You may use an authorized agent to submit a rights request on your behalf. If you use an authorized agent to submit requests on your behalf, we will require you to directly verify your identity with us, or have you directly confirm with us that the authorized agent has been authorized to act on your behalf.
Depending upon the applicable law, access to your rights may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or vexatious, or for other reasons.
For individuals located in the European Economic Area, Switzerland or the United Kingdom during data collection, please refer to Section 9 below for more information about your rights.
This section only applies to individuals who do not reside in the United States, the European Economic Area, Switzerland or the United Kingdom. As a global organization, we may store, process and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.
This section only applies to individuals using or accessing our Services while located in the European Economic Area (“EEA”), the United Kingdom and/or Switzerland (collectively, the “Designated Countries”) at the time of data collection.
We may ask you to identify which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to individuals in the Designated Countries.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the data controller for the personal information you provide or that we collect in connection with the Services is Greenberg Traurig, P.A. and Greenberg Traurig, LLP (a New York registered entity).
Legal Basis. Article 6(1) of the GDPR describes when processing can be done lawfully. When we process your personal information for a specified purpose, we shall apply one of the Article 6 legal bases described below, including any Article 9 conditions for processing special categories of personal information.
- Whenever we require your consent for the processing of your personal information such processing will be based on Article 6(1)(a) GDPR.
- If the processing of your personal information is necessary for the performance of a contract between you and GT or for taking any pre-contractual steps upon your request, such processing will be based on Article 6(1)(b) GDPR. If this data is not processed, GT will not be able to execute the contract with you.
- Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of Article 6(1)(c) GDPR, for example for complying with obligations under anti-money laundering laws.
- Where the processing is necessary for the purposes of GT’s or another party’s legitimate interests, such processing will be made in accordance with Article 6(1)(f) GDPR, for example to enforce legal claims.
Below is a chart indicating the legal bases we rely in processing personal information.
Purposes of Processing
Legal Basis for Processing
Processing is based on our contract obligations or to take steps at the request of the individual prior to entering into a contract.
Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.
Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.
If, in the future, we use your personal information in any way that is not described in this Privacy Notice, we will disclose this to you. At that time, you can choose not to allow us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your consent. If you choose to limit the ways we can use your personal information, some or all of the Services may not be available to you. Also, we may have legitimate reasons to still use your personal information even though you did not allow us to.
Marketing. We will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law, or after obtaining the individual’s consent. If you do not want us to use your personal information in this way please click an unsubscribe link in our emails or send us an email at email@example.com. You can object to direct marketing at any time and free of charge.
Individual Rights. We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. You have the right to access, correct, or delete the personal information that we collect. You are also entitled to restrict or object, at any time, to the further processing of your personal information. You have the right to receive your personal information in a structured and standard format and, where technically and legally feasible, the right to have your personal information transmitted directly to a third party. If you would like to exercise your rights under applicable law, or if you believe we have infringed or violated your privacy rights, please contact us at firstname.lastname@example.org so that we may resolve your dispute directly. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence or place of alleged infringement.
International Transfers of Personal Information. If we share your personal information with entities located in the United States or other non-EEA jurisdictions which, according to the European Commission, do not offer an adequate level of protection to personal information we implement specific contracts, approved by the European Commission, which ensure the same protection to personal information as granted in the EEA, or other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the GDPR. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us.
If you believe we have infringed or violated your privacy rights, please contact us at email@example.com so that we may resolve your dispute directly. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Greenberg Traurig, P.A. and Greenberg Traurig, LLP commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to the International Centre for Dispute Resolution (“ICDR”), an alternative dispute resolution provider based in the United States that is operated by the American Arbitration Association (“AAA”). For more information and to file a complaint, you may contact the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website.. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR are provided at no cost to you. Please note that if your complaint is not resolved through these channels, under limited circumstances, you may have a binding arbitration option. Further information can be found on the official DPF website here.
The Federal Trade Commission has jurisdiction over Greenberg Traurig, P.A. and Greenberg Traurig, LLP’s compliance with EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
The California Consumer Privacy Act of 2018, as amended by the Consumer Privacy Rights Act of (“CCPA”), requires us to explain the “Personal Information” categories, as identified and defined by the CCPA (see California Civil Code section 1798.140(o)), that we collect, the reason we collect the Personal Information, where we obtain the Personal Information, and the other entities with whom we may share the Personal Information. Under the CCPA, Personal Information is defined as any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”).
We generally collect the following categories of Personal Information in providing our Services:
- identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
- characteristics of protected classifications under California or federal law, such as gender;
- commercial information such as records of products or services purchased, obtained, or considered by you;
- Internet or other electronic information regarding you browsing history, search history, the webpage visited before you came to our website, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
- professional or employment-related information;
- your geolocation, to the extent you have configured your device to permit us to collect such information; and
- inferences about your preferences, characteristics, behavior and attitudes.
For more information about the Personal Information we collect and how we collect it, please refer to section 1 above, and our Cookie Notice.
We collect Personal Information for the business purposes described in section 2 above, and in our Cookie Notice. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The categories of other individuals or entities with whom we may share your Personal Information are listed in section 4 above.
GT is comprised of several separate legal entities that may be considered “third party affiliated entities” for purposes of California Civil Code Section 1798.83. California law requires us to inform California residents who have provided us with personal information that they may request of us information about our disclosures to third parties (including GT Affiliated Entities) for their direct marketing purposes. To do so, contact us at firstname.lastname@example.org and indicate in the subject line “California Privacy Rights.”
Do Not Track. Please note that we do not currently respond to web browser “do not track” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online services as there is no standard for how online services should respond to such signals.
Our Service may include links to third party services where you might be able to post comments, reviews, or view third party information. Please note, the inclusion of a link on our Service to a third party’s service does not imply endorsement of the third party’s data handling practices, and does not imply that the third party’s practices are covered by this Privacy Notice. We are not responsible for the privacy practices of these entities.
We may update this Privacy Notice from time to time. The effective date of the current Privacy Notice is noted at the top of this page.
If we make material changes to the way we collect, use, share or process the personal information that you have provided that adversely impact you, we will notify you by posting it on the Service or other appropriate means. Any modifications to this Privacy Notice will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Notice indicates your acknowledging that the modified content of the Privacy Notice applies to your interactions with the Service and our business.
14. How to Contact Us
You can contact us via email at email@example.com. If you prefer to contact us by postal mail, and you are in the United States or in any country other than the countries listed in the chart below, please contact us at: Office of the General Counsel, Greenberg Traurig, One Vanderbilt Avenue, New York, NY 10017. Otherwise please use one of the following addresses based on your location.
Greenberg Traurig, LLP
14F, Meiji Yasuda Seimei Building
23F, Seoul Finance Center
Greenberg Traurig, S.C.