The purposes for which we use Personal Data, and the legal bases for such processing, are as follows:
ANONYMOUS AND AGGREGATED WEB TRAFFIC INFORMATION
General traffic, site usage, browser information, length-of-stay information, and location data, is collected and stored in log files. This type of information is collected and used on an anonymous, aggregated basis meaning that we do not connect this information to your name or other personal information.
PERSONAL INFORMATION (NON-FINANCIAL)
We collect all or some of the following personal information: first and last name, email address, company and other information, in the following contexts:
Alerts and Announcements: We use your contact information to provide you with e-alerts about legal developments and information about Cross-Border sponsored seminars and events. We always give you the opportunity to opt-out of these communications.
Extranet Site: When you log into our client extranet site to upload documents, we ask you for the Username and Password that have been previously provided to you.
Employment Information: When you apply for a position with the firm under our "Careers" section, you are directed to our third party human capital management processor, ADP. ADP collects your application information and securely transfers it to the firm. Collection of your information on the ADP portal is subject to ADP's privacy policy posted on the portal.
Other Requests: When you report a problem with our website or services we will collect contact information along with a description of your problem. When you contact us via the firm email addresses, we will collect your contact information and any information you include in your email.
FINANCIAL INFORMATION
When you pay a bill online under our "Online Payments" section, we ask for transaction information including your company name, first and last name, mailing address, phone number, email address, client matter number, invoice number and payment information. If you chose to pay with a bank account, payment information includes account-holder name, address, and phone number along with bank routing number and bank account number. If the account is a corporate bank account, we ask for the name of the person submitting the payment on behalf of the company.
We process your information for the legitimate interest of communicating with clients, prospective clients, and other users about our legal services and our events and publications related to developments in the law. Processing your information for the purposes described is necessary for us to do what we do, and it's in both of our interests. When we use your information based on our legitimate interests, we conduct a balancing test based on the legitimate interest, necessity of processing your information, and how such processing impacts you.
If you have questions with us processing your information for this legitimate interest, please email us at [email protected]
We'll ask for your consent before using your information for a purpose that extends beyond what you may reasonably expect from a law firm and that has a more significant privacy impact.
We occasionally hire other companies to provide limited services on our behalf, including website development and operation, preparing marketing materials, sending postal mail or email, analysing website use, job applications, processing payments and processing data. Furthermore, we will only provide those companies the information they need to deliver the service, and they are contractually prohibited from using that information for any other reason.
We also may disclose your information in special cases. For example, when we believe we must disclose information to bring legal action against someone who may be violating our Terms of Use or causing injury to us, our property, our website, our clients or others. We may disclose visitor information when subpoenaed, if ordered or otherwise required by a court of law, arbitrator, or other similar proceeding, for government investigations, with government agencies if required by law, and when we otherwise believe in good faith that any applicable law requires it.
We may combine with other firms or groups of lawyers. In such transactions, confidential client information is one of the transferred business assets. In the event of such a transaction, client and site visitor information may be one of the transferred assets and may be disclosed in connection with negotiations relating to a proposed transaction. In that case, the transferred information may become subject to a different privacy policy.
As part of offering and providing customisable and personalised services, we use cookies and other online tracking technologies to store and sometimes track information about you to:
The types of technologies we use include:
COOKIES
For information about our use of Cookies, please see our Cookie Policy.
PIXEL TAGS
We also employ a software technology known as a pixel tag or Web beacon. A pixel tag is a line of code that we place on our website or in e-mails which allows us to analyse our marketing and the general usage patterns of visitors to our website. These help us better manage content on our website by informing us what content or promotions are effective. Unless you consent, we do not collect personally identifiable information from you through the use of pixel tags. You may not disable pixel tags.
IP ADDRESSES AND LOG FILES
We record the IP addresses of visitors to our website. Recording these IP addresses is necessary for the website to function. Our server software keeps access logs, error logs, and security audit logs. This collection is critical in detecting and preventing fraud or unauthorised system access and addressing threats such as a DOS attack. We do not associate this log file information with other information.
INDIRECT COLLECTION - SOCIAL NETWORKING
The website permits you to use a third party social networking platform such as Facebook, Twitter, and Linked-In. This includes use of social media plugins such as Facebook "Like", and Twitter "Tweet". When you use these social networking platforms and plugins, your username and password for the available service or collected from you on these services may be shared with us. When you use social networking platforms and plugins, you share your information with them and their privacy policy applies to disclosure of such information. In addition, they may be able to collect information about you, including your activity, or may notify your connections on the social networking platform about your use of the website. Such services may allow your activity to be monitored across multiple websites for purposes of delivering more targeted advertising. Please note that their own privacy polices apply, and we encourage you to read them. We may add new social networking plugins and buttons to our website from time to time.
INDIRECT COLLECTION - ANALYTICS
Our website uses Google Analytics, a web analysis service of Google, Inc. ("Google"). Learn more from their Terms of Service and Privacy Policy.
Opt-out: Download the browser plugin "Google Analytics Opt-out Browser Add-on" here.
We use Google Analytics to analyse the use of our website. We do not transfer personal information to Google Analytics.
If you have signed up to receive e-alerts and marketing emails from us, you can unsubscribe or change your preferences by clicking on the links attached to the email.
You may also email us at [email protected] to request access to, correct, or delete any personal information that you have provided to us. Please note, we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
You may have heard about “Do Not Track” (DNT), which is a privacy preference that users can set in their web browsers. Our website does not support DNT codes.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We use two-factor authentication for remote access to our systems.
We also have procedures in place to deal with any suspected data security breach. Furthermore, we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We keep your information only so long as we need it to provide the service you've requested of us (e-alerts, event information, etc.) and fulfil the purposes described in this policy. When we no longer need to use your information for the purpose we collected it and there is no need for us to keep it to comply with our legal obligations, we'll either remove it from our systems or depersonalise it so that we can't identify you.
If you are under 18 years of age, you should not provide information to us without the involvement of a parent or guardian. We do not collect online contact information without prior parental consent or parental notification, including an opportunity for the parent to prevent use of the information and participation in the activity. We do not knowingly solicit personal information online from, or market online to, children under the age of 13.
This Privacy Policy includes information applicable to European Union ("EU") residents or users accessing the website in the EU. If you are located in the EU, this Privacy Policy provides you with information regarding your rights under the EU General Data Protection Regulation ("GDPR").
COLLECTION OF PERSONAL DATA
When you visit our website, we collect the personal data described above under "What Do We Collect and How?" In our legal practice, we typically represent corporate entities who are not data subjects under the GDPR. Sometimes, in providing services, we may receive personal information of individuals such as officers, representatives, adverse parties, related parties, vendors, suppliers, professional advisors and government representatives.
LEGAL BASIS FOR PROCESSING YOUR INFORMATION
As discussed above, we process your information for the legitimate interest of communicating with clients, prospective clients, and other users about our legal services and our events and publications related to developments in the law. Processing your information for the purposes described is necessary for us to do what we do, and it's in both of our interests. When we use your information based on our legitimate interests, we conduct a balancing test based on the legitimate interest, necessity of processing your information, and how such processing impacts you.
We use personal information collected in the course of providing legal services solely to provide such legal services to our clients. Such processing is necessary for our compliance with legal obligations and our ethical and professional duties as lawyers. Our processing may also be necessary to fulfil a contract we have with you, such as an engagement letter for legal services.
We may also process your information when it is necessary to take action regarding illegal activities, alleged fraud, safety threats, security issues or violations of our Terms of Use or engagement with a client. Such processing is necessary to comply with our legal and client service obligations.
TRANSFER OF PERSONAL DATA
The firm and our websites are based in the United Kindgom and, regardless of where you access the website, the information collected as part of that use will be transferred to and maintained on servers located in the United Kingdom. The firm is not currently certified under the Privacy Shield. By providing your information, you are consenting to the transfer of your personal data to the U.K.
Although there is a risk in transmitting your information to another country, Cross-Border does take steps to secure your personal data. If you are aware that you will be transferring personal information to us, we will execute a Data Protection Agreement that includes Standard Contract Clauses for the transfer of personal information from the EU to the United Kingdom.
YOUR CHOICES
The GDPR provides you with certain privacy rights. You may also request to have your information deleted, although we may retain information for backups, prevention of fraud and abuse, satisfaction of legal obligations or other ongoing legitimate interests. You may decline to share certain personal information.
Right of access: If you wish to access your personal information, please contact us at the address or number below.
Right to Correction: If the personal information we hold about you is inaccurate or incomplete, you may request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible. You may also ask us with whom we have shared your information. We will let you know where possible and lawful, so that you can contact them directly.
Right to Erasure: You may ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to have your information deleted and if we have shared your personal information with others, we will let them know about the deletion where possible. You may also ask us with whom we have shared your information. We will let you know where possible and lawful, so that you can contact them directly about erasure.
Right to Object: If you are an EU resident, you have the right to object to our processing that is based on legitimate interests by contacting us at the address or number below. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
Right to Data Portability: If you are an EU resident, you have the right you have the right, in certain circumstances, to receive a copy of personal information we've obtained from you in a structured, commonly used and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Right in Relation to Automated Decision-Making and Profiling: If you are an EU resident, you have the right not to be subject to a decision based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us. We do not engage in automatic processing. Some third party sites to which we link, such as social networks, may engage in automatic processing. See their privacy policy for information on objecting to automatic processing.
Right to Withdraw Consent: If you provide your consent to the processing of your personal information and that consent forms our legal basis for processing, you have the right to withdraw your consent at any time by contacting us at the number below.
Right to Lodge a Complaint: If you are located in the EU and you believe that we have infringed your rights under the GDPR, please contact us by sending an email to [email protected]
You have the right to lodge a complaint with a supervisory authority in your applicable Member State.
We may change this policy from time to time and if we do, we'll post any changes on this page. If you continue to use our website after those changes are in effect, you agree to the new policy. If the changes are significant, we may provide a more prominent notice or get your consent, as required by law.
If you have any questions about this policy or need to contact Cross-Border to exercise your rights as a data subject under the GDPR, please contact Cross-Border’s Privacy Officer at: [email protected]
If you would like to talk to us for more information, please contact our client services team who will be happy to assist.
