Greenberg Traurig Privacy Notice
Effective Date: August 4, 2020
Greenberg Traurig, P.A. and Greenberg Traurig, LLP (a New York registered entity) (“GT”, “we” or “us”) respect your right to privacy. This Privacy Notice applies to GT’s non-European offices and explains how GT may collect, share, use and process information about you, and how you can exercise your privacy rights. It applies to all individuals who access our website (www.gtlaw.com), mobile apps, and in connection with our blogs, alerts, newsletters, webinars, social media sites or programs and other communication services (the “Services”). If you are receiving services from or working with any of our European offices, or you are accessing GT’s European offices pages on www.gtlaw.com, please review Greenberg Traurig’s European Offices Privacy Notice (the “GT EU Privacy Notice”).
If you have any concerns or questions about your privacy or use of our Services, please contact us via email at email@example.com or via postal mail at the relevant location listed in the “How to Contact Us” section below.
We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal information about you. Those supplemental notices should be read together with this Privacy Notice.
1. Changes to this Privacy Notice
We may update this Privacy Notice from time to time. The effective date of the current Privacy Notice is noted at the top of this page.
If we make material changes to the way we collect, use, share or process the personal information that you have provided that adversely impact you, we will notify you by posting a notice of the changes in a clear and conspicuous manner on the GT website or via the most recent email address we have on file for you.
2. Information We May Collect
When you use our Services, we collect personal information about your use of our Services and information that you send us. Throughout this Privacy Notice, we use the term "personal information,” which generally mean information that identifies you or makes you identifiable, and will have the meaning throughout as defined under the applicable law. Information that has been anonymized so that it does not identify a specific individual is not “personal information.”
We may collect and store the following information when running the Service:
- Information You Provide Voluntarily. We collect information that you voluntarily provide to us, including: when you communicate via email or other channels; when you sign up for news, publications and marketing communications and events; when you seek career information; when you register for alumni communications newsletters, alerts, or other materials; when you submit an application for a position with us; when you sign up for a webinar or event; when you respond to our communications or requests for information. The information you provide may include your name, contact information, title, and information about the organization with which you are affiliated. In relation to career information, the information you provide may also include employment history and qualifications. We only collect and process the personal information we need to allow us to respond to your request and/or provide the particular service you have sought.
- Information We Collect Automatically. We may automatically collect information about you when you use our Services such as, but not limited to:
- Device Information. We may collect information about devices you use to access the Services and how you use the Services, such as your Internet Protocol (“IP”) address and which websites you visited before accessing our Services.
- Performance and Log Data. Our servers may automatically record information created by your use of our Services, which may include information such as, but not limited to, your IP address, browser type, operating system, command line information, diagnostic information related to the Services (e.g., crash activity reports), the referring web page, pages visited, location, your mobile carrier, device and application IDs, and search terms. For instance, when we send you an email, we may collect certain information including the nature of the email, whether you opened or deleted our email, action you took upon receipt of our email, or your name and contact information.
- DNT. Please note that we do not currently respond to web browser “do not track” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online services as there is no standard for how online services should respond to such signals. As standards develop, we may develop policies for responding to do-not-track signals that we will describe in this Privacy Notice.
- Device Information. We may collect information about devices you use to access the Services and how you use the Services, such as your Internet Protocol (“IP”) address and which websites you visited before accessing our Services.
- Information We Receive From Third Parties. When we receive personal information about you from third parties and use such information, this can include: your name, email address, contact information, the company you work for, your position, business and home address, identification and background information, professional experience and qualifications, previous positions, financial information, such as payment related information and shareholdings, and other personal information.
If you connect to us from a social network, such as LinkedIn or Facebook, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, friends list, follower list, and any other information you have agreed it can share or that the social network provides to us. We will assume that such social network or other third parties are entitled to collect and share such personal information with us.
- Sensitive Information. We may collect sensitive information about you when you use our Services. Any use of such information is limited to the such purposes described to you at the time of collection.
3. How and Why We Use Your Information
- To Provide Our Services to You. We may process your personal information to inform you about our Services, new legal and policy developments, relevant information in the industries we serve, and our marketing events. Without your personal information, we cannot provide such Services.
- To Respond to Your Inquiries. We process your personal information when you contact us, such as with questions, concerns, feedback, disputes or issues. Without your personal information, we cannot respond to you or ensure your continued use and enjoyment of the Services.
- To Enforce Our Terms or Agreements. We process your personal information to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities in connection with our Services; investigate, prevent, or mitigate violations of our terms, agreements or policies; and enforce our agreements with third parties and partners. We cannot perform our Services in accordance with our terms, agreements or policies without processing your personal information for such purposes.
- To Ensure the Security of the Service. We are committed to ensuring your safety and continued enjoyment of our Services. To do so, we process your personal information to: combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not access your account with us or your information we otherwise hold. We cannot ensure the security of our Services if we do not process your personal information for security purposes.
- For Research and Development Purposes. To continue to provide you with our innovative Services, we collect information about the way you use and interact with our Services for research and development purposes. Research and development help us improve our Services and build new Services and customized features or Services. We take additional security measures when processing your personal information for such purposes, by de-identifying or pseudonymizing your information, limiting access to personnel that may conduct research and development, and applying other technical, physical, and administrative security measures.
- For Potential Employment. We process your personal information when you seek employment with us to evaluate you as a candidate for the position. Without your personal information, we cannot evaluate your qualifications for employment.
- To Engage in Marketing Activities. We process your personal information to inform you about our Services, new legal and policy developments, relevant information in the industries we serve and our marketing events (including by electronic means, such as email). To do so we may process your contact information or information about your interactions on our Services to send you marketing communications; provide you with information about events, webinars, or other materials; deliver targeted marketing to you (please see our Cookie Notice for more information about digital interest-based advertising or click the “Cookie Settings” link in our website footer to update your browser’s cookie preferences for our website at any time); and keep you updated about our Services. You can opt-out of receiving our marketing information at any time by clicking an unsubscribe link in our emails.
4. Information Sharing and Disclosure
We do not sell, exchange, transfer, or give your personal information to any other company or individual for any reason except as set forth in this Privacy Notice and as described below:
- GT Affiliated Entities. As a global organization that provides global services, we may share your information with our offices and data centers throughout the world to provide our Services (e.g., the United States, Europe, Latin America, the Middle East, and Asia).
- Our Service Providers. We share information with our service providers, suppliers, subcontractors, and similar third parties who provide services to us, or act on our behalf so that they can assist us with the maintenance of our Service. Our contracts with these service providers prohibit them from sharing your personal information with others for other purposes than as directed by us.
- Your Consent. We will disclose your information to a person you have given us your consent to disclose to or as required to complete the Services.
5. Links to Third Party Services
Our Service may include links to third party services where you might be able to post comments, reviews, or view third party information. The use of these third party services may result in the collection and sharing of information about you by these third party services.
This Privacy Notice does not address the data processing practices of any third party, unless as specified otherwise. Please note, the inclusion of a link on our Service to a third party’s service does not imply endorsement of the third party’s data handling practices, and does not imply that the third party’s practices are covered by this Privacy Notice. We are not responsible for the privacy practices of these entities.
We encourage you to be aware when you leave our Services, and to read the privacy statements or notices of each website or app on which you land after you click on a link or social networking button.
6. Access to Your Information
We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. You may access and update your personal information that we hold by contacting us directly at firstname.lastname@example.org. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable.
In your request, please make clear what information you would like to have changed, whether you would like to have your personal information suppressed from our database, or other limitations you would like to put on our use of your personal information, including discontinuing any onward transfers or sharing with business partners. We may only implement requests with respect to personal information that is associated with the particular email address that you use to send your request.
However, please note that we reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or taking the action requested.
For individuals located in the European Economic Area, Switzerland or the United Kingdom during data collection, please refer to Section 11 below for more information about your rights.
7. How We Keep Your Information Secure
We seek to use reasonable technical, organizational, and administrative measures to protect user information within our organization against unauthorized or unlawful access or processing, and against accidental loss, destruction, or damage. We believe that these measures are reasonably adapted to the nature of the information in our custody. In addition to the security measures detailed above, we protect personal information by taking measures: (i) to protect the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services; (ii) to restore the availability of and access to personal information in a timely manner in the event of a physical or technical incident; and (iii) to regularly test, assess, and evaluate the effectiveness of our technical and organizational measures.
However, even though GT makes reasonable efforts to protect information in its custody, no security system or data storage or transmission over the Internet or otherwise is fully secure. Thus, we cannot guarantee the security of any information we may have collected or received from you or transmitted to you.
If you believe your information is not secure, please immediately notify us of the problem at the address provided in the “How to Contact Us” section below.
We retain information about you for as long as necessary to perform the activities described in this Privacy Notice, or where we have an ongoing legitimate business need to do so, such as for legal, regulatory, accounting or reporting requirements.
When our legitimate interest for retaining your personal information ceases to exist, we will either delete or anonymize your information so that it can no longer be attributed to a particular individual. To the extent residual information remains within our databases, back-ups or other records and we are unable to anonymize it we will isolate such information from further processing until deletion is possible. If you have any questions, please feel free to contact us.
9. Children’s Information
We do not knowingly collect any personal information from children under 16. If we become aware that an individual under the age of 16 is submitting information without consent from their parent or legal guardian or as permitted under applicable law, we will delete the information as soon as possible from our database. If you believe we are collecting information about an individual under 16, please notify us immediately so that we can take appropriate action.
10. International Transfers of Personal Information
This section only applies to individuals who do not reside in the United States, the European Economic Area, Switzerland or the United Kingdom. As a global organization, we may store, process and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.
11. Notice to Individuals in the European Economic Area, Switzerland and the United Kingdom
This section only applies to individuals using or accessing our Services while located in the European Economic Area (“EEA”), the United Kingdom and/or Switzerland (collectively, the “Designated Countries”) at the time of data collection.
We may ask you to identify which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to individuals in the Designated Countries.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the data controller for the personal information you provide or that we collect in connection with the Services is Greenberg Traurig, P.A. and Greenberg Traurig, LLP (a New York registered entity).
Legal Basis. Article 6(1) of the GDPR describes when processing can be done lawfully. When we process your personal information for a specified purpose, we shall apply one of the Article 6 legal bases described below, including any Article 9 conditions for processing special categories of personal information.
- Whenever we require your consent for the processing of your personal information such processing will be based on Article 6(1)(a) GDPR.
- If the processing of your personal information is necessary for the performance of a contract between you and GT or for taking any pre-contractual steps upon your request, such processing will be based on Article 6(1)(b) GDPR. If this data is not processed, GT will not be able to execute the contract with you.
- Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of Article 6(1)(c) GDPR, for example for complying with obligations under anti-money laundering laws.
- Where the processing is necessary for the purposes of GT’s or another party’s legitimate interests, such processing will be made in accordance with Article 6(1)(f) GDPR, for example to enforce legal claims.
Below is a chart indicating the legal bases we rely in processing personal information.
Purposes of Processing
Legal Basis for Processing
Processing is based on our contract obligations or to take steps at the request of the individual prior to entering into a contract.
Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.
Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.
If, in the future, we use your personal information in any way that is not described in this Privacy Notice, we will disclose this to you. At that time, you can choose not to allow us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your consent. If you choose to limit the ways we can use your personal information, some or all of the Services may not be available to you. Also, we may have legitimate reasons to still use your personal information even though you did not allow us to.
Marketing. We will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law, or after obtaining the individual’s consent. If you do not want us to use your personal information in this way please click an unsubscribe link in our emails or send us an email at email@example.com. You can object to direct marketing at any time and free of charge.
Individual Rights. We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. You have the right to access, correct, or delete the personal information that we collect. You are also entitled to restrict or object, at any time, to the further processing of your personal information. You have the right to receive your personal information in a structured and standard format and, where technically and legally feasible, the right to have your personal information transmitted directly to a third party. If you would like to exercise your rights under applicable law, or if you believe we have infringed or violated your privacy rights, please contact us at firstname.lastname@example.org so that we may resolve your dispute directly. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence or place of alleged infringement.
International Transfers of Personal Information. If we share your personal information with entities located in the United States or other non-EEA jurisdictions which, according to the European Commission, do not offer an adequate level of protection to personal information we implement specific contracts, approved by the European Commission, which ensure the same protection to personal information as granted in the EEA, or other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the GDPR. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us.
12. EU-/Swiss-U.S. Privacy Shield Frameworks Participation
As of July 16, 2020, Greenberg Traurig, P.A. and Greenberg Traurig, LLP no longer rely on our EU-US Privacy Shield Framework certification for transfers of personal information from the European members countries to the US. Instead, we rely on other appropriate safeguards recognized by the GDPR to effectuate such transfers. We will continue to apply the Privacy Shield Principles to the personal information that we received from the European member countries prior to July 16, 2020.
Greenberg Traurig, P.A. and Greenberg Traurig, LLP participate in and have certified their compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. By participating in the Privacy Shield Frameworks, Greenberg Traurig, P.A. and Greenberg Traurig, LLP agree to subject their compliance to the regulatory enforcement of the Federal Trade Commission ("FTC") or any other statutory body empowered to enforce compliance with the Principles.
If there is any conflict between the policies in this Privacy Notice and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern in relation to Greenberg Traurig, P.A. and Greenberg Traurig, LLP. On a case-by-case basis, we will comply with certain lawful requests to disclose personal information from public authorities, including to meet national security or law enforcement requirements. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Our contractual accountability for personal information we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process personal information on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event(s) giving rise to the damage.
If you believe we have infringed or violated your privacy rights, please contact us at email@example.com so that we may resolve your dispute directly. If you are a data subject with an unresolved complaint or dispute arising under the requirements of the Privacy Shield Framework, we agree to refer your complaint under the Framework to an independent dispute resolution mechanism. Our independent dispute resolution mechanism is the International Centre for Dispute Resolution (“ICDR”), operated by the American Arbitration Association (“AAA”). For more information and to file a complaint, you may contact the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website https://go.adr.org/privacyshield.html. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
13. Notice to California Residents
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), below is a summary for the last twelve (12) months of the “Personal Information” categories, as identified and defined by the CCPA (see California Civil Code section 1798.140(o)), that we collect, the reason we collect the Personal Information, where we obtain the Personal Information, and the other entities with whom we may share the Personal Information. Under the CCPA, Personal Information is defined as any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”).
We generally collect the following categories of Personal Information in providing our Services:
- identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
- characteristics of protected classifications under California or federal law, such as gender;
- commercial information such as records of products or services purchased, obtained, or considered by you;
- Internet or other electronic information regarding you browsing history, search history, the webpage visited before you came to our website, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
- professional or employment-related information;
- your geolocation, to the extent you have configured your device to permit us to collect such information; and
- inferences about your preferences, characteristics, behavior and attitudes.
For more information about the Personal Information we collect and how we collect it, please refer to section 2 above, and our Cookie Notice.
We collect Personal Information for the business purposes described in section 3 above, and in our Cookie Notice. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The categories of other individuals or entities with whom we may share your Personal Information are listed in section 4 above.
If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us, or the security of our network systems.
To assert your right to know, to access, or to delete your Personal Information, please contact us by email at firstname.lastname@example.org or contact us at 1-202.533.2300. To confirm your identity, we may ask you to verify Personal Information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
- Right Against Discrimination. You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, delete or opt-out of sales.
- Right to Know. You have the right to request in writing: (i) a list of the categories of Personal Information, such as name, address, email address, that a business has disclosed to third parties during the immediately preceding calendar year for the third parties' direct marketing purposes, and (ii) the names and addresses of all such third parties. In addition, you have the right to request: (i) the categories of Personal Information we have collected about you, (ii) the categories of sources from which Personal Information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared Personal Information, and (v) the specific pieces of Personal Information we hold about an individual.
- Right to Access. You have the right to request a copy of the specific Personal Information we collected about you during the 12 months before your request.
- Right to Delete. You have the right to request us delete any Personal Information we have collected from you or maintain about you, subject to certain exceptions.
- Right to Opt-Out of Selling. California residents have the right to opt-out of having their Personal Information sold. We do not sell your Personal Information.
GT is comprised of several separate legal entities that may be considered “third party affiliated entities” for purposes of California Civil Code Section 1798.83. California law requires us to inform California residents who have provided us with personal information that they may request of us information about our disclosures to third parties (including GT Affiliated Entities) for their direct marketing purposes. To do so, contact us at email@example.com and indicate in the subject line “California Privacy Rights.”
14. How to Contact Us
You can contact us via email at firstname.lastname@example.org. If you prefer to contact us by postal mail, and you are in the United States or in any country other than the countries listed in the chart below, please contact us at: Office of the General Counsel, Greenberg Traurig, MetLife Building, 200 Park Avenue, New York, NY 10166. Otherwise please use one of the following addresses based on your location.
Greenberg Traurig, LLP
14F, Meiji Yasuda Seimei Building
23F, Seoul Finance Center
Greenberg Traurig, S.C.