Effective: January 1, 2022
Personal Information We Collect About You. We may collect (and may have collected during the 12-month period prior to the effective date of this Statement) the following key categories of personal information about you:
- Identifiers, (such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers);
- Information that identifies, relates to, describes, or is capable of being associated with, you, (such as your name, signature, social security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, passport details, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, photographic or CCTV images of you, and where legally permitted diversity, medical information or health insurance information and details of offences and related proceedings);
- Professional or employment-related information, (such as employment candidacy information, including educational qualifications, contact, resume, and salary information as part of submissions for employment opportunities).
Any other information relating to you which you may provide to us. If you do not provide certain personal information, it may delay or prevent us from providing certain services to you.
How Your Personal Information is Collected. We may collect personal information from you by telephone, text or email, in person or via our Website:
- In the course of providing legal services to you, if you are one of our clients;
- During the course of dealings with you for, or on behalf of, a client;
- When you visit, make an enquiry or make an application for employment to us, including through our Website or otherwise;
- When you attend a seminar or other event provided by us;
- When you request to receive information from us;
- When you offer or provide services to us, and/or
- Additionally, when you contact us for these or any other reason, we may monitor and keep a record of that correspondence (in whatever form).
We may also collect information:
- From publicly accessible sources (such as government databases or electronic data resources);
- Directly from a third party (such as our clients or other law firms, our service providers for the online services and our products and services, marketing and advertising partners); or
- From a third party with your consent (such as your bank, financing partners, affiliate partners).
Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and does not include personal information. It helps us to improve our Website and to deliver a better service.
We may use third party analytics, including Google Analytics. You can opt out from the use of Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add On.
How and Why We Use Your Personal Information. We may use personal information for the following purposes:
- For the performance of a contract to which you are party or in relation to services being provided to our clients;
- To respond to your requests;
- To promote our services including delivery of publications or information regarding events;
- To comply with our legal and regulatory obligations;
- For our legitimate interests or those of a third party, meaning we have a business or commercial reason to use the personal information and we can balance those needs with your interests, rights and freedom;
- Where you have given consent; and/or
- In relation to our recruitment and employment initiatives.
In addition to the foregoing, we may use your data for other related purposes which include maintaining our client relations and in relation to the furtherance and administration of our business:
- To comply with our legal obligations, for example, to comply with Money Laundering Regulations or for fraud monitoring, and prevention;
- To adhere to our business policies to ensure that we provide the best service to you and our clients;
- To maintain the integrity and security of our IT services, to keep your personal and confidential data safe;
- To improve and further our business initiatives, such as to perform data analysis, audits, enhance, improve, or modify our website or services; monitor client trends; determine the effectiveness of our promotional campaigns; and operate and expand our business activities;
- For marketing purposes where you have provided your consent or where it is in our legitimate interests for us to provide you with information about our services and to advise you of news and industry updates, events, reports and other information; and/or
- Where the processing is necessary for the establishment, exercise or defense of legal claims.
Who We Share Your Personal Information With. We will not sell any of your personal data to any outside organization. We only disclose your personal data to third parties as is reasonably necessary to carry out the permitted uses described in this policy. For example, we may share personal data with:
- Other Haynes and Boone offices including employees, agents, consultants and sub-contractors who assist us in running our business;
- Third parties engaged in the course of the services we provide to our clients including local counsel and technology service providers such as e-discovery or data room management services;
- Third parties involved in hosting, organizing or providing services for events or seminars;
- Third parties we use to help us run our business, such as benefits administrators, marketing agencies, website hosts, technical and customer support contractors, and other service providers who are required to keep the personal data confidential and are prohibited from using it other than to carry out their services on our behalf;
- Our successors in the event of a sale, merger, acquisition, or similar transaction affecting the relevant portion of our business; and/or
- Legal and governmental authorities or other third parties, to the extent required to comply with a legal order or applicable law.
- If we believe disclosure is necessary or appropriate to protect our rights, property, or the safety of our company, our customers, or others; and/or
- For any other purpose disclosed by us when you provide the information; or
- With your consent.
We may transfer information about you between countries if required for a relevant purpose, as described above. These may include countries which do not provide the same level of protection as the laws of your home country. However, we will at all times ensure a level of protection for your data at least as protective as that required in the United Kingdom, European Economic Area and the United States, as applicable. We will also require our agents, consultants and sub-contractors and others who are outside the United Kingdom, European Economic Area or United States and to whom we transfer information about you to ensure a similar level of data protection.
Where Your Personal Information is Held. We are based in the United States and the United Kingdom, with a presence in Mexico and the People’s Republic of China, and personal data collected by us worldwide (including within the United Kingdom and European Economic Area) may be transferred to the United States for the purposes of fulfilling our contractual obligations to our clients or to you or for processing and storage. We take steps to ensure that any such transfer complies with applicable data protection law and that all personal information is secure, including, where appropriate, putting in place standard contractual clauses or implementing other lawful tools and processes for transferring personal information.
How Long Your Personal Information Will Be Kept. We retain your personal data only for as long as is appropriate for our relationship with you, in accordance with our retention policies, and in accordance with applicable laws in the jurisdictions in which we operate. We will, in particular, retain your personal data where required for us to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
United Kingdom and European Economic Area (EEA) Residents. If you reside in the United Kingdom or EEA you may have the following additional rights under the GDPR or applicable regulation:
- The right to access (i.e., the right to be provided with a copy of your personal information);
- The right to rectification (i.e., the right to require us to correct any mistakes in your personal information);
- The right to be forgotten (i.e., the right to require us to delete your personal information – in certain situations);
- The right to restriction of processing (i.e., the right to require us to restrict processing of your personal information – in certain circumstances, e.g., if you contest the accuracy of the data);
- The right to data portability (i.e., the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations);
- The right to object (e.g., the right to object to your personal information being used for direct marketing, and in certain other situations, the right to object to our continued processing of your personal information, e.g., processing carried out for the purpose of our legitimate interests);
- The right to withdraw consent (i.e., where processing is based on your consent, you have the right to withdraw that consent – without affecting the lawfulness of processing based on consent before its withdrawal);
- The right to information regarding consent (i.e., to obtain information about the possibility or providing or denying your consent and the consequences of such consent or denial of consent); and/or
- The right not to be subject to automated individual decision-making (i.e., the right not to be subjected to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you).
Exercising your rights
We will not discriminate against you if you choose to exercise any of these rights.
If you are a resident of the United Kingdom or European Union or EEA, you can exercise your data protection rights by contacting us directly at the following address:
Haynes and Boone CDG LLP
1 New Fetter Lane
London EC4A 1AN
T +44 (020) 8734 2800, F +44 (020) 8734 2820
Mark Johnson, Appointed Person
email: email@example.com (include as subject line “GDPR/UK GDPR”)
Haynes and Boone CDG LLP has appointed DataRep as its EU Data Protection Representative for the purposes of the GDPR. If you are a resident of the European Union or the EEA you may exercise your data protection rights in your own country by contacting us through our Data Protection Representative.
If you have a general enquiry, you should contact Haynes Boone directly via the Contact page on our website or by sending an email to firstname.lastname@example.org (include as subject line “GDPR/UK GDPR”)
If you are an individual in the EU or the EEA and wish to exercise your data protection rights in your own country, you may do so by:
- Using the online webform at datarep.com/haynesboone
- Sending an email to DataRep at email@example.com quoting “Haynes Boone CDG LLP” in the subject line
- Mailing your request to DataRep to the most convenient address listed below. If you contact DataRep by mail, it is essential that you mark your letters for the attention of DataRep and include the BPM number where applicable below. Please clearly refer to Haynes Boone CDG LLP in the body of the letter.
Austria - DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium - DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria - DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia - DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus - DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic - DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark - DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia - DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland - DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France - DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany - DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece - DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary - DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Iceland - DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland
Ireland - DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy - DataRep, BPM 335368, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
Latvia - DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Liechtenstein - DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Lithuania - DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg - DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta - DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands - DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Norway - DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
Poland - DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal - DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania - DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia - DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia - DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain - DataRep, BPM 335368, Calle de Manzanares 4, Madrid, 28005, Spain
Sweden - DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes by using the contact details above.
We take protection of your personal data very seriously. If you have any concerns about how we process your information, please contact us in the first instance using the contact details above. If you are resident in the EU, you also have the right to make a complaint about our processing of your personal data to your national supervisory authority for data protection. Alternatively, you may contact the United Kingdom Information Commissioner’s Office at www.ico.org.uk or by telephone on +44 (0)303 123 1113. If you do have a complaint, we would welcome the opportunity to discuss it with you before you contact your national supervisory authority or the United Kingdom Information Commissioner’s Office.
California Residents. California consumers have the right to request any of the following information from us regarding personal information collected about you during the preceding 12 months:
- The categories of personal information collected about you.
- The categories of sources from which the personal information is collected.
- The business or commercial purpose for collecting or selling personal information.
- The categories of third parties with whom we share personal information, if any.
- The specific personal information collected about you.
- For personal information sold or disclosed to a third party for a business purpose, you have a right to know the categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and the categories of personal information that we disclosed about you for a business purpose.
We will provide this information free of charge up to two (2) times in any twelve (12) month period within 45 days of receiving your verifiable request (including verification of your identity and your California residency), subject to delays and exclusions permitted by law. Specific personal information about you or your account that is categorized as sensitive or confidential may be redacted.
As a California resident, you have the right to request that we delete any personal information that we have collected about you. We will honor this request subject to the range of exclusions permitted by law. For example, we are not required to delete personal information if it is necessary to complete a transaction or reasonably used for an ongoing business relationship or if it is used internally in a lawful manner that is compatible with the context in which the consumer provided the information.
As a California resident, you also have the right to opt out of the sale of your personal information to third parties. We do not sell your personal information. However, we are permitted to share your personal information with a service provider.
We will not discriminate against you if you choose to exercise any of these rights. California residents may exercise the rights described above by contacting us as follows:
Mail: 2323 Victory Avenue, Suite 700
Dallas, TX 75219
Thomas J. Williams, Appointed Person
Email: firstname.lastname@example.org (please use “CCPA” in the subject line)
Phone: 877-942-9637 or 214-651-5000
We may require verification of your identity before further processing your request. In certain instances, we may be permitted by law to decline some or all of such request.
Keeping Your Personal Information Secure. We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and on our systems. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our services. Any transmission of personal information to us is at your own risk.
Treatment of Minors’ Information. Our Website is not intended for children and we do not knowingly solicit or collect personal data from children on our website. If we are notified or discover that a child under the age of 13 has submitted personal data to us, we will take reasonable steps to delete the information.
Changes to This Privacy Notice. We may update this policy from time to time. We will always post the then-current version of this policy on our Website and will indicate at the top of the policy the date on which the latest version took effect. Please review this policy from time to time to stay updated on our privacy practices.
How to Contact Us.
Mail: 2323 Victory Avenue, Suite 700
Dallas, TX 75219
Thomas J. Williams, Appointed Person
Phone: 877-942-9637 or 214-651-5000
Do You Need Extra Help? If you would like this notice in another format (for example: audio, large print, braille) please contact us (see “How to contact us” above).