Updated June 15, 2020
If you are a resident of the European Economic Area (“EEA”), which includes the member states of the European Union (“EU”) or control or process the Personal Information of EEA Residents, you should consult the sections of this policy relating to the “Rights of EEA Residents” and “International Data Transfers” for provisions that may apply to you.
If you are a resident of the State of California or have or control Personal Information of California residents, you should consult the sections of this policy pertaining to the “California Privacy Rights” including rights under the California Consumer Privacy Act (“CCPA”), which came into effect on January 1, 2020.
Information We Collect
“Personal Information” is information that may be used to directly or indirectly identify an individual (which in some cases, may include certain Device Information). The Personal Information we collect may include: (a) names, aliases, postal addresses, unique personal identifiers, online identifiers, Internet Protocol (IP) address, email address, account name, social security numbers, driver’s license numbers, passport numbers or other similar identifiers; (b) bank account numbers, insurance policy numbers, education, employment, employment history, financial information, medical information, or health insurance information; (c) characteristics of protected classifications under California or federal law; (d) commercial information, including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies; (e) internet or other electronic network activity information; (f) audio, electronic, visual or similar information; (g) professional or employment-related information; and (h) education information that is not publicly available. We may combine the Personal Information that we obtain about individuals from more than one source.
Most of the Personal Information we collect about individuals is provided to us either by the individuals themselves or by clients who have or control Personal Information about individuals, such as the employees of a business. It is your obligation to provide such individuals with any required notices and to obtain any necessary consents from the individuals before providing us with their Personal Information.
We collect and process Personal Information about individuals to (i) provide the Services for our clients; (ii) provide answers to inquiries or questions; (iii) maintain regular communication with clients and others as may be necessary to inform them of updates and other information regarding us and our Services; (iv) provide information to third parties with your consent; and (v) to fulfill our legal and professional obligations.
How and When Personal Information Is Shared With Other Parties
We do not sell, trade or license Personal Information about our clients or any individuals for marketing purposes. We do, however, work with a number of trusted partners who perform vital functions as part of our operations, including managing client support, facilitating marketing communications by e-mail and post, and other functions. We do not share Personal Information unless it is necessary to fulfill our responsibilities, including providing information or Services to clients.
Additional Sharing of Information
We may engage third parties to help us carry out certain other internal functions such as account processing, client services, or other data collection relevant to our business. Personal Information is shared with these third parties only to the extent necessary for us to process the transactions you initiate or perform other specific Services. Our partners are legally required to keep Personal Information private and secure.
We may share Personal Information with law enforcement or other government agencies as required by law or for the purposes of limiting fraud. We reserve the right to disclose Personal Information when we believe that disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order or legal process. Subject to our legal and ethical obligations, including the obligation to preserve client confidentiality and attorney-client privileged communications, we further reserve the right to disclose any Personal Information that we believe, in good faith, appropriate or necessary to take precautions against liability, to investigate and defend against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of the Services, or to protect the rights, property or personal safety of us, our clients or others.
We will not share Personal Information if such sharing is prohibited by applicable privacy and data protection laws, including, without limitation, the EEA’s General Data Protection Regulation effective May 25, 2018 (“GDPR”) or the CCPA.
Notifications and Communications from Greenberg Glusker
We will send clients email notifications from time to time. Some notifications are marketing communications relating to us or our Services. You may always stop receiving marketing communications from us by following the “Unsubscribe” link provided on the bottom of an email or contacting us at [email protected].
Legal or Security Communications
We also send out notices that are required for legal or security purposes. For example, certain notifications are sent for your own protection. In other cases, these notifications involve changes to various legal agreements or policies. Generally, you may not opt-out of such emails. We may also send out communications for verification purposes to comply with the CCPA.
We may also send you responses to emails you send us, if appropriate.
Opting Out of Communications
As described above, we may use the Personal Information we collect from clients to send you newsletters or other communications from us, including those promotional in nature. If you do not want to receive such communications, you can opt out by using the unsubscribe link at the bottom of our communications. You may also at any time opt out of receiving communications from us by sending an e-mail to [email protected] with the subject line “Opt Out.”
California Privacy Rights
The following section pertains to the rights of individuals or households in California (“California consumers”).
Civil Code Section 1798.83
Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California consumer, a business may be required to provide detailed information regarding how that business has shared that customer’s Personal Information with third parties for direct marking purposes. However, the foregoing does not apply to businesses like ours that do not disclose Personal Information to third parties for direct marketing purposes without prior approval or give customers a free mechanism to opt out of having their Personal Information disclosed to third parties for their direct marketing purposes.
Rights under the CCPA
As of January 1, 2020, the CCPA (California Civil Code Section 1798.100 et seq.) provides California consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household. The categories of Personal Information are generally described above but differ for individual consumers depending on the Services used by such consumers.
Under the CCPA, qualifying California consumers may have the following rights:
Right to Know and Right to Delete.
A California consumer has the right to request that we disclose what Personal Information we collect, use, disclose and sell. A California consumer also has the right to submit requests to delete Personal Information.
When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 business days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.
Our obligation to delete Personal Information is not required regarding information necessary, among other things: (1) to provide Services to our clients; (2) to detect and resolve issues related to security or functionality; (3) to comply with legal obligations, including our responsibilities under ethical and other rules, obligations and privileges relating to the legal profession; (4) to exercise free speech or to ensure another’s exercise of free speech; or (5) for internal purposes that a consumer might expect.
Right for Disclosure of Information.
A California consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.
Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable and unreasonable risk to the security of that Personal Information, clients’ accounts of information, or the security of our systems or networks. We also will not disclose California consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers. Our obligations to disclose information are also subject to legal and ethical restrictions placed on us, including our duty to protect client information from disclosure, the attorney-client privilege, or restrictions placed by legal or court authority.
In the event that we receive requests from a California consumer who has a relationship with a client (for example, from an employee or customer of a client), we will inform the client.
If you are a California consumer and would like to make any requests under the CCPA, please direct them as follows:
2049 Century Park East, Suite 2600
Los Angeles, California 90067
If we receive any request we will use a two-step process for online requests where the California consumer must first, clearly submit the request and then second, separately confirm the request. We will use other appropriate measures to verify requests received by mail or telephone.
In submitting a request, a California consumer must provide sufficient information to identify the consumer, such as name, e-mail address, home or work address, or other such information that is on record with us so that we can match such information to the Personal Information that we maintain. Do not provide social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, medical information or health information with requests. If requests are unclear or submitted through means other than outline above, we will provide the California consumer with specific directions on how to submit the request or remedy any deficiencies. If we cannot verify the identity of the requestor, we may deny the request.
California Do Not Track Disclosures
Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT exists. We therefore do not currently commit to responding to browsers’ DNT signals.
Rights of EEA Residents
From May 25, 2018, all processing of Personal Information of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Information and on the free movement of such data (“GDPR”).
Although we are based and operated in the United States, we may obtain the Personal Information of EEA Residents. Under the GDPR, we are a processor or co-processor of the Personal Information of EEA Residents. Our purpose for collecting and processing Personal Information from or about EEA Residents is to authenticate contacts and to provide our Services to our clients, who in turn may be controllers or processors of Personal Information about EEA Residents. The legal basis for collecting Personal Information is to fulfill these purposes, including contracts between us and those for whom we provide Services. We also rely on the consent of our clients and others to use our Services, including receiving communications regarding us and our Services.
We will not share the Personal Information that we obtain about residents of the EEA with third parties except as described above regarding Personal Information.
Under the GDPR EEA Residents may also have the right to: obtain confirmation that we hold Personal Information about the resident, request access to and receive information about the Personal Information we maintain about the resident, receive copies of the Personal Information we maintain about the resident, update and correct inaccuracies in Personal Information, object to the continued processing of Personal Information, and have the Personal Information blocked, anonymized or deleted, as appropriate. The right to access Personal Information may be limited in some circumstances by local law and by our ethical and legal obligations. We are also limited by the terms of our agreements with our clients in responding to such requests and may refer any requests received from EEA Residents to our clients.
If you qualify, in order to exercise these rights, please contact us through one of the methods below:
2049 Century Park East, Suite 2600
Los Angeles, California 90067
We may ask individuals making requests to provide additional information for identity verification purposes.
Please understand, however, that we reserve the right to retain an archive of such Personal Information for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information.
For information regarding opt-out rights to communications from us please see above section regarding “Notifications and Communications from Greenberg Glusker” and “Opting Out of Communications.”
International Data Transfers
If you are resident outside the United States, including in the EEA, we transfer Personal Information provided by clients for processing in the United States. Under the GDPR, we are considered a processor or co-processor of the Personal Information of EEA Residents and provide processing of data at the request of our clients, who may be controllers or processors of such data. By providing Personal Information to us for the purpose of obtaining information about us and our Services, clients consent to the processing of such data in the United States. The transfer of Personal Information to the United States is necessary for the performance of a contract between clients and us. Please note that you may always remove yourself from our mailing list by contacting us at [email protected].
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
Personal Information Retention
We limit access to the Personal Information we have about clients or other individuals to those employees who have a legitimate business need to access such information. We take commercially reasonable steps to protect our customers’ Personal Information against unauthorized disclosure or loss. However, no data transmission over the Internet or any security measures can be guaranteed to be 100% secure. Therefore, while we strive to protect user information we cannot ensure or warrant the security of any information you transmit to us. You engage in such transmissions at your risk.
If you believe your Personal Information is being improperly used by us or any third party, please immediately notify us via email at [email protected].
We ask that you keep the Personal Information that you provide to us current and that you correct any information you have provided us by contacting us at [email protected].