Privacy & Cookie Policy
Last Updated: September 1, 2021
Our Commitment to Privacy
Ogletree, Deakins, Nash, Smoak & Stewart, P.C., and its affiliates (“Ogletree Deakins”) are committed to your privacy. We want you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we collect online and offline:
What Information We Collect
“Personal Information” is information that identifies you as a natural person or relates to an identifiable natural person. We may collect and process the following Personal Information:
- Personal contact information such as name, address, telephone number and email address;
- Business contact information such as business address, telephone number and email address;
- Information necessary to perform legal services regarding your legal matter or your organization’s legal matter;
- Instructions, comments, and opinions you provide when you contact us directly by email, telephone or mail;
- Payment and transaction information for billing purposes.
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual. We may collect and process the following Other Information:
- Browser and device information;
- App usage data;
- Information collected through cookies, pixel tags and other technologies. For more information regarding our use of cookies, please review our cookie notification at the bottom of this page;
- Demographic information and other information provided by you that does not reveal your specific identity;
- Information that has been aggregated in a manner such that it no longer reveals your specific identity.
If we are required to treat Other Information as Personal Information under applicable law, then we will collect, use and disclose it for the purposes for which we collect, use and disclose Personal Information as detailed in this Policy.
How We Collect Personal & Other Information
We and our service providers may collect Personal Information online in a variety of ways in connection with our Services, including:
- Through our websites (“Websites”);
- Through the software applications made available by us for use on or through computers and mobile devices (“Apps”);
- Through social media properties (“Our Social Media”);
- Through HTML-formatted email messages that we send to you that link to this Privacy Policy (“Emails”);
- Through extranet sites made available to our clients and third parties (“Extranet Sites”);
- Through services we provide to our corporate and institutional clients (“Services”); and
- Through our registration process for newsletters, seminars, webinars and events.
We also may collect Personal Information offline in a variety of ways in connection with our Services, including
- When you participate in a contractual arrangement for Services;
- When you provide information in conjunction with our Services; or
- When you interact with us at a firm event.
We also may collect Personal Information from other sources, including:
- Publicaly available databases;
- Joint marketing partners and event sponsors, when they share the information with us;
- Entities to which we provide Services, which may include your employer;
- Referral sources; and
- Social media platforms.
We need to collect Personal Information in order to provide our services to you. If you do not provide the information requested, we may not be able to provide our services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with our Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
We and our service providers may collect Other Information in a variety of ways, including:
Through your browser or device:
Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
Through your use of an App
When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
Using cookies
Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences and other traffic data. We do not currently respond to browser do-not-track signals. To learn more about how we use cookies, or to opt out of the collection and use of cookies, please review our cookie notification at the bottom of this page.
Using pixel tags and other similar technologies
Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.
Analytics
We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s and YouTube’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. To view Google’s and YouTube’s privacy policy, please click here.
You will be given the option at each website to opt-out of being tracked by cookies.
IP Address
Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
How we use personal Information
We and our service providers use Personal Information for legitimate business purposes, including:
Providing Services.
- To contact individuals (including employees of institutional clients) in connection with providing Services.
- To respond to inquiries and fulfill requests from our clients and others, administer their file(s), provide legal services and manage our relationships.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
Providing you with our newsletter and/or other marketing materials and facilitating social sharing
- To send you our newsletters, publications, legal updates, and mailings related to our seminars or events that we think may be of interest to you.
- To fulfill your event registration requests and provide services, including the provision of seminars and other events.
- To send you information about our services and other news about our firm.
We will engage in this activity with your consent or where we have a legitimate interest.
Providing the functionality of our Services and fulfilling your requests
- To provide our Services’ functionality to you, such as arranging access to your registered account, and providing you with related client service.
- To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions, suggestions, compliments or complaints, or when you request other information about our Services).
- To send administrative information to you, such as information regarding our Services and changes to our terms, conditions and policies.
- To allow you to send Services-related content to another person through our Services if you choose to do so.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
Accomplishing our business purposes
- For data analysis, for example, to improve the efficiency of our Services.
- For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements.
- For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.
- To meet our legal and regulatory obligations.
- For enhancing, improving, or modifying our current products and services.
- For identifying usage trends, for example, understanding which parts of our Services are of most interest to users.
- For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users.
- For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
How we disclose personal information
We disclose Personal Information:
To our affiliates for the purposes described in this Privacy Policy
- You can consult the list and location of our affiliates listed at the bottom of this page. Subject to local requirements, this information may be used to provide legal and related services offered by our other legal entities and for all the purposes outlined in this Privacy Policy.
- Ogletree, Deakins, Nash, Smoak & Stewart, P.C. is the party responsible for the management of the jointly-used Personal Information.
- These can include providers of services such as website hosting, Services-related consulting and monitoring, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
- On message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our Social Media), or through which you are able to send messages through the Services. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.
To our third party service providers, to facilitate services they provide to us
- These can include providers of services such as website hosting, Services-related consulting and monitoring, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
By using our Services, you may elect to disclose Personal Information
- On message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our Social Media), or through which you are able to send messages through the Services. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.
Disclosure to public authorities
- Additionally, the Firm may be required to disclose Personal Data in response to lawful requests by public authorities to comply with national security or law enforcement requirements. This would only be in accordance with the law and for only where a means of redress was available to the subject of the request.
We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:
- To comply with applicable law and regulations including laws outside your country of residence.
- To cooperate with public and government authorities, including authorities outside your country of residence.
- To cooperate with law enforcement.
- For other legal reason such as to enforce our terms and conditions and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- In connection with a sale, merger or business transaction.
Privacy Statement for California Residents
This Privacy Statement for California Residents supplements our Privacy & Cookie Policy and applies solely to California consumers. This Statement does not apply to (i) our personnel or (ii) personnel working on behalf of our business partners.
This Privacy Statement uses certain terms that have the meanings given to them in the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”). Consumers with disabilities may access this Statement in an alternative format by sending an email to privacyofficer@ogletree.com.
Notice of Collection and Use of Personal Information
We may collect and use the following categories of personal information about you as described below.
- Personal Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. We may obtain this information from (1) you, when you use our website and social media platforms or otherwise communicate with us; (2) publicly available databases; (3) joint marketing partners and event sponsors, when they share the information with us; and (4) referral sources. We may share this information with vendors who provide services on our behalf, such as to provide our products and services to you and manage our relationship with you.
- Information necessary to provide our products and services to you such as order information and payment, credit and transaction information for billing purposes. We may obtain this information from you and share it with vendors who provide services on our behalf, such as to provide our products and services to you and manage our relationship with you.
- Commercial information including products or services purchased, obtained or considered; and other purchase histories or tendencies. We may obtain this information from you and share it with vendors who provide services on our behalf, such as to provide our products and services to you and manage our relationship with you.
- Internet and other electronic network and app activity information such as browsing history, search history, and information regarding your interaction with an internet website, application or advertisement. We may obtain this information from you and through the use of website or app cookies and web beacons. We may obtain this information from you and share it with vendors who provide services on our behalf, such as to provide our products and services to you and manage our relationship with you.
- Geolocation information. We may obtain this information from you and your devices through various location technologies (such as GPS) and share this information with vendors who provide services on our behalf, such as to provide products and services to you based on your geographic location.
- Professional, employment-related, and educational information. We may obtain this information from you, employment recruiters and referral sources when you apply for a job with us or become employed by us. We may use and share this information with vendors who provide services on our behalf, such as to manage our human resources activities or perform background checks.
- Inferences drawn from any of the categories of personal information listed above to create a profile about you regarding your preferences, characteristics, psychological trends, predispositions, behavior attitudes, intelligence, abilities and aptitudes. We may develop these inferences internally or obtain this information from vendors who provide services on our behalf, such as to us with our business.
We do not sell your personal information for monetary consideration. We may use the categories of personal information listed above for the purposes described in our Privacy& Cookie Policy. In addition, we may use these categories of personal information for certain business purposes specified in the CCPA, as described in this table:
Business Purposes | Categories of Personal Information |
Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services | Personal identifiers; Information necessary to provide our products and services to you; Commercial information; Internet and other electronic network and app activity information; Geolocation information; Professional, employment-related, and educational information; Inferences. |
Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance | Personal identifiers; Information necessary to provide our products and services to you; Commercial information; Internet and other electronic network and app activity information; Geolocation information; Professional, employment-related, and educational information; Inferences. |
Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction | Personal identifiers; Information necessary to provide our products and services to you; Commercial information; Internet and other electronic network and app activity information; Geolocation information; Professional, employment-related, and educational information; Inferences. |
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity | Personal identifiers; Information necessary to provide our products and services to you; Commercial information; Internet and other electronic network and app activity information; Geolocation information; Professional, employment-related, and educational information; Inferences. |
Debugging to identify and repair errors that impair existing intended functionality | Personal identifiers Internet and other electronic network and app activity information; Geolocation information. |
Undertaking internal research for technological development and demonstration | Personal identifiers; Information necessary to provide our products and services to you; Commercial information; Internet and other electronic network and app activity information; Geolocation information; Professional, employment-related, and educational information; Inferences. |
Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us | Personal contact information; Information necessary to provide our products and services to you; Internet and other electronic network and app activity information; Professional, employment-related, and educational information; Inferences. |
Our Prior Collection, Use and Disclosure of Personal Information
We may have collected and used your personal information, as described in the section above, during the 12-month period prior to the date of this Privacy Statement. For each category of personal information collected during the 12-month period prior to the effective date of this Statement, we also describe above the (1) categories of sources from which we may have obtained the personal information, and (2) categories of third parties with whom we may have shared the information.
During the prior 12-month period, we may have disclosed to third parties for a business purpose each of the categories of personal information listed above.
California Consumer Privacy Rights
You have certain choices regarding your personal information, as described below.
- Access: You may have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you within the preceding 12 months.
- Deletion: You may have the right to request that we delete the personal information we have collected from you.
To submit an access or deletion request, please (i) click here and complete the webform request or (ii) call us at our toll-free telephone number: 1-844-463-2272.
To help protect your privacy and maintain the security of your personal information, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you request access to your personal information, we may require you to provide any of the following information: contact information, one-time password, information about your interactions with us or information that you have submitted. In addition, if you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
If you designate an authorized agent to make a request, we will require your authorized agent to provide us with either (1) your power of attorney authorizing the authorized agent to act on your behalf or (2) your written authorization permitting the authorized agent to request access to your personal information on your behalf. If your authorized agent provides us your written authorization, we also will require you to verify your own identity directly with us.
In connection with your request, you must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized agent.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
Children’s Personal Information
We do not sell personal information of minors under the age of 16 without affirmative authorization if we have actual knowledge of the individual’s age.
Privacy Rights under California Civil Code Section 1798.83 (“Shine the Light”)
Individual California Users (as defined below) may request information about our disclosures of certain categories of personal information to third parties (i.e., our affiliates) for such third parties’ direct marketing purposes.
As noted above, we may disclose personal Information to affiliates of Ogletree, Deakins, Nash, Smoak & Stewart, P.C. which may use this information for all purposes outlined in this Privacy Statement. Because separate legal entities are considered “third parties” for purposes of California Civil Code Section 1798.83, and certain communications from our affiliates might be viewed as promoting their legal services, we are providing the following information for California residents who have provided us with their personal information during the creation of or during the course of an established legal services relationship that is primarily for personal, family, or household purposes (“Individual California Users”).
Individual California Users must submit their requests to us either by email at privacyofficer@ogletreedeakins.com or by mail at the following address:
Ogletree, Deakins, Nash, Smoak & Stewart, P.C.
ATTN: Privacy Officer
SunTrust Plaza
401 Commerce Street
Suite 1200
Nashville, TN 37219
Further Information About Our California Privacy Policy
If you have questions regarding this Privacy Statements, please contact us at:
Ogletree, Deakins, Nash, Smoak & Stewart, P.C.
ATTN: Privacy Officer
SunTrust Plaza
401 Commerce Street
Suite 1200
Nashville, Tennessee 37219
Email address: privacyofficer@ogletreedeakins.com
Phone number: 1-844-463-2272
How long we retain personal information
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide our Services to you (for example, for as long as you have an account with us or keep using our Services);
- The length of time we have an ongoing relationship with you as our client and provide you with Services;
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions or communications for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
What security measures we use
We have implemented internal policies and technical measures to protect Personal Information from loss, accidental destruction, misuse or disclosure. Such internal policies and technical measures include:
- The use of pseudonymization and encryption of personal data where appropriate;
- Procedures and controls to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- Procedures and controls to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- Procedures for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing; and
- Procedures to ensure that data is not accessed, except by individuals in the proper performance of their duties.
What choices you have
You have choices regarding marketing-related communications. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the unsubscribe instructions in any such message or by contacting us by email at opt-out@ogletreedeakins.com. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
Privacy rights for Nevada residents and users (Effective October 1, 2019)
You have the right to direct us not to sell certain personally identifiable information that we collect about you on our Websites or other online services by emailing us at privacyofficer@ogletreedeakins.com. This information includes: your first name or first initial and last name in combination with your social security number; driver’s license number, driver authorization card number or identification card number; account number, credit card number or debit card number, in combination with any required security code, access code or password that would permit access to your financial account; medical identification number or a health insurance identification number; user name, unique identifier or electronic mail address in combination with a password, access code or security question and answer that would permit access to an online account.
Additionally, you may review and request that we change the personally identifiable information that we collect about you on our websites or other online services by emailing us at privacyofficer@ogletreedeakins.com.
Our service providers and other third parties may collect personally identifiable information about your online activities over time and across different internet websites or online services when you use our Websites or online services.
Please note, however, that we do not sell your personally identifiable information for monetary consideration.
Privacy rights for residents of the European Economic Area and Switzerland
If you are resident in the European Economic Area or Switzerland, under European or Swiss law you have the following rights in respect of your Personal Information that we hold:
- Right of access. You have the right to obtain confirmation of whether, and where, we are processing your Personal Information; information about the categories of Personal Information we are processing, the purposes for which we process your Personal Information and information as to how we determine applicable retention periods; information about the categories of recipients with whom we may share your Personal Information; and a copy of the Personal Information we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the Personal Information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete Personal Information we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your Personal Information without undue delay if the continued processing of that Personal Information is not justified.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your Personal Information if the continued processing of the Personal Information in this way is not justified, such as where the accuracy of the Personal Information is contested by you.
- Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
- If you are resident in France, you also have the right to set guidelines for the retention and communication of your Personal Information after your death.
If you wish to exercise one of these rights, please contact us at privacyofficer@ogletreedeakins.com.
EU residents also have the right to lodge a complaint to their local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Swiss residents have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner at: https://www.edoeb.admin.ch/?lang=en. UK residents have the right to lodge a complaint to the UK Information Commissioner’s Office , additional information for UK residents can be found at https://ico.org.uk/.
Residents in other jurisdictions may also have similar rights to the above. Please contact us at privacyofficer@ogletreedeakins.com if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.
Third Party Services
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties.
This includes any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media.
Special notification about webinars
Webinars offered as a service to users of our Services (“Webinars”) are hosted by unaffiliated third party vendors, and not by us.
Our third-party vendors require users to provide Personal Information. This Personal Information may include name, email address, and other personally identifiable information. Please note that this Personal Information is collected by our vendors and/or by us. We encourage you to read the privacy statements of our vendors, which control how such vendors handle Personal Information provided by you to register for and participate in the Webinars.
Additionally, our third-party vendors provide us with Personal Information about users of our Webinars. We use this Personal Information to track attendance, to facilitate future communication with such users, and for other purposes set forth in this Privacy Policy.
Use of our services by minors
The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 18.
Cross-border transfer
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers. By using our Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
Some of the non-EEA countries are recognized by the European Commission, the UK and Switzerland as providing an adequate level of data protection according to EEA, the UK or Swiss standards (the full list of these countries is available here). For transfers from the EEA, the UK or Switzerland to countries not considered adequate by the European Commission, the UK or Switzerland, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission or contracts approved by the Swiss Commissioner, to protect your Personal Information. You may obtain a copy of these measures by clicking here.
For data transfers from the EEA, UK or Switzerland to the U.S., Ogletree, Deakins, Nash, Smoak & Stewart, P.C. and its affiliates have certified that we comply with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the EU, the United Kingdom and Switzerland to the United States in reliance on Privacy Shield prior to July 16, 2020. Ogletree, Deakins, Nash, Smoak and Stewart, P.C and its affiliates have certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. To view our certification under Privacy Shield, please visit http://www.privacyshield.gov/list.
For data transfers from the EEA, UK or Switzerland to the U.S. after 16 July 2020, Ogletree, Deakins, Nash, Smoak & Stewart, P.C. and its affiliates have put in place adequate measures, such as standard contractual clauses adopted by the European Commission or contracts approved by the Swiss Commissioner, to protect your Personal Information. You may obtain a copy of these measures by clicking here.
EU-U.S. and Swiss-U.S. Privacy Shield certification covers the following entities:
Ogletree, Deakins, Nash, Smoak & Stewart LLC (USVI)
Ogletree, Deakins, Nash, Smoak & Stewart PLLC (Detroit)
Ogletree Governmental Affairs, Inc
ODBNI, LLC
In addition to the protections provided under other sections of this Privacy and Cookie Policy, we will provide the following protections for Personal Information transferred from the EU, UK or Switzerland to the U.S. prior to July 16, 2020:
Choice
You will be offered a clear, conspicuous, and readily available mechanism to choose (opt out) whether your Personal Information is (1) to be disclosed to a third party (other than a third party acting as an agent to perform tasks on behalf of and under the instruction of the Firm or (2) to be used for a purpose that is materially different than or incompatible with the purpose for which it was originally utilized or subsequently authorized by you.
Additionally, you will be offered a similar choice mechanism to give affirmative or explicit (opt in) choice whether your sensitive Personal Information is to be disclosed to a third party or used for a purpose other than the purposes for which it was originally collected or subsequently authorized by the individual by opt-in choice. However, explicit (opt in) choice is not required when the disclosure of the sensitive Personal Information is (1) in the vital interests of you or another person; (2) necessary for the establishment of legal claims or defenses; (3) required to provide medical care or diagnosis; or (4) related to Personal Information that is manifestly made public by you.
Transfer of Personal Information from the EU, UK or Switzerland to Processors in the U.S.
Our EU, UK and/or Swiss entities may transfer Personal Information to a processor in the United States solely for processing purposes. A “processor” is a third party who processes Personal Information on behalf of and in accordance with the instructions of our EU, UK and/or Swiss entities. When Personal Information is transferred from the EU, UK and/or Switzerland to the United States solely for processing purposes, our EU, UK and/or Swiss entities will comply with the applicable data protection laws including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and the Swiss Federal Act on Data Protection (FADP), respectively and enter into a contract with the processor to ensure that the processor (1) acts only on instructions of our EU, UK and/or Swiss entities; (2) provides appropriate technical and organizational measures to protect the Personal Information against unlawful destruction or accidental loss, alteration, unauthorized disclosure or access; (3) understands whether onward transfers are allowed; and (4) assists our EU, UK and/or Swiss entities in responding to individuals exercising their rights under the Privacy Shield principles, taking into account the nature of the processing.
Onward Transfers to Third Party Agents
After Personal Information is transferred from the EU, UK and/or Switzerland to our entities in the United States, we may thereafter transfer the Personal Information to third parties acting as controllers. A “controller” is a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Information. Examples of third party controllers may include banks and healthcare providers, or management personnel in our other offices outside of the U.S. When we make such onward transfers to third party controllers, we will enter into a contract with the third party controller that provides that (1) such Personal Information may be processed only for limited and specified purposes consistent with the consent provided by you; (2) the third party controller will provide the same level of protections as required by law; (3) the third party controller will notify us if the third party can no longer meet its obligation to provide the same level of protection for the Personal Information as required by the applicable law; and (4) upon such notice by the third party controller, the third party controller will cease processing the Personal Information and/or take reasonable and appropriate steps to remediate any unauthorized processing.
Recourse Mechanisms For Personal Information Transferred Under Privacy Shield
Inquiries or complaints regarding transfers of personal data from the EU, UK or Switzerland to the U.S. prior to July 16, 2020 pursuant to Privacy Shield should be directed to: privacyofficer@ogletreedeakins.com.
If a complaint remains unresolved, individuals in the EU or UK should contact the state or national data protection or labor authority in the jurisdiction where they live for resolution.
A listing of the EU Data Protection Authorities (DPAs) is located at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Individuals in Switzerland should contact the Swiss Federal Data Protection and Information Commissioner (the Swiss Commissioner) for resolution. Information regarding the Swiss Commissioner is located at: https://www.edoeb.admin.ch/?lang=en. Individuals in the UK should contact the UK Information Commissioner’s Office (the UK ICO). Information regarding the UK ICO is located at: https://ico.org.uk/.
We will cooperate with the DPAs, the Swiss Commissioner and/or the UK ICO, and comply with the advice of the DPAs, Swiss Commissioner and/or the UK ICO. In the event that the DPA’s, the Swiss Commissioner and/or the UK ICO determines that we did not comply with this Policy or Privacy Shield principles where applicable, we will take appropriate steps to address any adverse effects and to promote future compliance, comply with any advice given by the DPAs, the Swiss Commissioner and/or the UK ICOwhere the DPAs, the Swiss Commissioner and/or the UK ICO has determined that we need to take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with this Policy or the Privacy Shield principles, and provide the DPAs, the Swiss Commissioner and/or the UK ICO with written confirmation that such action has been taken.
Under certain conditions specified by the Privacy Shield Privacy Principles, you may also be able to invoke binding arbitration to resolve your complaints.
Enforcement
We are also subject to the investigatory and enforcement powers of the United States Federal Trade Commission for Personal Information transferred under Privacy Shield prior to 16 July 2020.
Liability
In the context of an onward transfer of Personal Information, we have responsibility for the processing of Personal Information we receive under the Privacy Shield and standard contractual clauses as applicable and subsequently transfers to a third party agent. We will remain liable under the Privacy Shield and standard contractual clauses if the third party agent processes such Personal Information in a manner inconsistent with the Privacy Shield pris, unless we prove that it is not, and we are not,responsible for the event giving rise to the damage.
Training
All of our employees who handle Personal Information transferred from the EU, UK or Switzerland to the U.S. will receive training regarding the data privacy principles and procedures under Privacy Shield Principles, standard contractual clauses and this Policy.
Updates to this privacy policy
The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of our Services following these changes means that you accept the revised Privacy Policy.
How to contact us
Ogletree, Deakins, Nash, Smoak & Stewart, P.C. is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Policy.
If you have any questions about this Privacy Policy, please contact us at privacyofficer@ogletreedeakins.com or at:
Ogletree, Deakins, Nash, Smoak & Stewart, P.C.
ATTN: Privacy Officer
SunTrust Plaza
401 Commerce Street
Suite 1200
Nashville, TN 37219
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
Affiliates
For purposes of this Privacy Policy, these entities are considered to be “affiliates” of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.:
Ogletree, Deakins, Nash, Smoak & Stewart LLC (USVI)
Ogletree, Deakins, Nash, Smoak & Stewart PLLC (Detroit)
Ogletree Governmental Affairs, Inc.
Ogletree Deakins International, LLP (UK)
Ogletree Deakins International, SC (Mexico)
Ogletree Deakins International, LLP (Ontario)
ODBNI, LLC