Last Revised: May, 2018
This Privacy Notice informs you of important information about how Ropes & Gray LLP and Ropes & Gray International LLP (together, “Ropes & Gray” “we” or “our”) process the personal data that we collect in online and offline formats through the Services.
“Personal data” means data that reasonably can be used to identify a living person, or that reasonably relates to a living person.
When we use the term “Services” we mean to refer collectively to:
- The provision of legal and related services to our clients and prospective clients (“Client Services”);
- The websites and mobile applications owned and controlled by us that link to this Privacy Notice (“Sites”); and
- Our marketing and business development activities, including events we host, social media properties we create, and emails that we send (“Marketing Activities”).
This Privacy Notice covers the personal data that we collect through the provision of our Services.
- How we collect and use personal data
- Additional uses of personal data
- How we share and disclose personal data
- Region-Specific Disclosures
- Email Marketing
- Links to other sites
- Updates to this Privacy Notice
- How to Contact Us
How we collect and use personal data
We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our individual clients and prospective clients, their representatives, visitors to our offices, visitors to our Sites, vendors, journalists, and other individuals.
Clients and prospective clients
We operate in a regulated industry. This means we are required to obtain certain information before we can accept someone as a client. For individual clients, this includes:
- Contact details
- Financial information
- Information to verify identity, such as passport
The majority of our clients are corporate entities and data about entities is not personal data. But we do process personal data of company employees, representatives and other personal data clients provide to us, or allow us to collect on their behalf, while providing the Client Services. This includes contact information and any other personal data that is relevant to or necessary for us to deliver the Client Services.
We also process personal data to assist in building relationships. This includes name, contact information and job title and may also include education information, work history and gender. If you attend one of our events, we may also have information about your dietary requirements.
We collect and use this information to provide the Client Services and for other legitimate business interests. For example, we use contact details to send communications, legal updates and invitations to events. You can update your communication preferences by clicking on the link at the bottom of one of our marketing emails or contacting email@example.com.
We also obtain personal data from third-party sources in connection with Client Services, such as CaplQ, LexisNexis and general internet searches. Such third-party information sometimes contains personal data about family, health or immigration status. We use this information to perform relevant diligence, conduct investigations and perform conflict checks.
Our legal basis for processing personal data in connection with Client Services is:
- To comply with legal obligations and professional responsibilities;
- To perform contracts;
- To pursue our legitimate interests of:
- ensuring that we deliver the best possible service to our clients,
- keeping individuals informed of developments in the law,
- business development and general marketing,
- providing you with information on our services and events, and
- ensuring we build and maintain a good working relationship with you
- Your consent, but where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to our mailing list).
For prospective clients, or an employee or representative of a prospective client, we will process personal data including your name and contact details as well as details of any interactions you may have with us or our attorneys (for example, meetings you have had or pitches you have invited us to).
We may obtain this information directly from you, from your employer or from publically available sources like your employer’s website.
The legal bases we rely on to process your personal data is:
- To take steps requested by you prior to entering into a contract with you;
- To pursue our legitimate interests in building our business and developing a relationship with potential new clients.
Visitors to our Sites
Certain visitors interact with the Sites in ways that lead us to gather personal data. The amount and type of data that we gather depends on the nature of the interaction. For example, if you sign up to our mailing list we collect your name, contact details, job title and company name. This is more information than we require in order to add you to our emailing list, but we collect other information about you to ensure that we do not create a duplicate record for you in our database. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain Site-related activities.
In addition, we collect information automatically as disclosed in our Cookie Notice, below.
The legal bases we rely on to process this information is:
- To pursue our legitimate interests in developing and growing our business, operating and improving the Sites, and conducting Marketing Activities; and
- Your consent, where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to our mailing list).
Visitors to our offices
For visitors to our offices we will take a record of name and contact information. This information is recorded for legitimate business purposes, and for health and safety purposes so that we know who is in the building in event of an emergency. If you attend one of our events and we serve food we may have information about your dietary requirements.
The legal bases we rely on to process your personal data is:
- To comply with our legal obligations;
- To pursue our legitimate interests in ensuring the safety and security or our employees and visitors.
Vendors and business partners
We process personal data of vendors and business partners, including name and contact details. For vendors, we do this so that we can liaise about the services the vendors are providing to us now and in the future. For business partners, we do this to support, grow and maintain the relationship. For individual vendors and business partners, we also may hold financial information in order to pay invoices. Sometimes we receive this information from a third party who is recommending the service to us.
The legal basis we rely on to process this personal data is:
- To pursue our legitimate interests of managing and operating our business, including through use of vendors.
We process contact details and information about publications journalists write for, as well as a photo and CV in order to connect with you on press releases and other happenings, and to invite you to meet or communicate with our staff for the purposes of contributing to your publications.
We usually obtain this information from a third party media contact buy-in service (we currently use Roxhills) or we may obtain this information directly from you. Sometimes we receive this information from third parties who have dealt with or know of you and are recommending you to us.
The legal basis we rely on to process personal data of journalists is:
- To pursue our legitimate interest of operating our business, marketing, business development and professional development.
Webinars offered as a service to users of the Services (“Webinars”) are hosted by a third-party vendor. That vendor requires registrants to provide personal data, including name and email address. Individuals seeking continuing legal education credit also may be asked to provide State Bar number(s). This personal data is not collected by us, but may be shared with us. We use this personal data to track attendance, facilitate future communications with registrants and attendees, and for other purposes set forth in this Privacy Notice.
When we provide certain types of Client Services we may be provided with personal data from third parties about a number of individuals other than those described explicitly in this Privacy Notice. The personal data we process will depend on the type of matter for which our client has retained us. For example:
- If we are engaged by our client to advise them on selling its business, our client may send us information about is customers and employees as part of the due diligence process with the buyer;
- If we are engaged by our client to advise them on buying a business, we may receive personal data about the target company’s customers and employees in order to conduct a due diligence exercise and determine the risks that exist at the target business;
- If we are engaged by our client to advise them on a dispute, we will have personal data about the opposing parties, their attorneys, witnesses and any personal data contained in witness statements or evidence.
The primary reason we process this personal data is to provide the Client Services, fulfill our professional duties, comply with law and operate our business.
We can obtain this information from a number of different sources including our client, our client’s opponent or counterparty, the courts, tribunals and law enforcement authorities.
The legal bases we rely on to process your personal data is:
- To comply with our legal obligations and meet our professional responsibilities;
- To pursue our legitimate interests of operating our business, providing Client Services, conducting Marketing Activities.
Additional uses of personal data
In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances be based on your consent, may be necessary to fulfill our contractual commitments to you, or are necessary to serve our legitimate interests in the following business operations:
- Operating our business, administering the Services and managing your accounts;
- Contacting you to respond to your requests or inquiries;
- Processing and completing your transactions including, as applicable, order confirmation and delivering products or services;
- Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
- Providing you with marketing information, and other information that is tailored to your interests;
- Conducting research, surveys, and similar inquiries to help us understand trends and client needs;
- Analyzing your interactions with us, and improving our products, services, programs, and other offerings;
- Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
How we share and disclose personal data
We share personal data with the following categories of recipients.
We may disclose your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.
We may disclose personal data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing our the superior client service and engagement experience that our clients have come to expect from us around the world.
To Perform Client Services
We will also disclose personal data to the following categories of third parties: (i) anyone involved in the matter we are working on including lawyers, barristers, counterparties, experts, mediators, opponents, other attorneys and witnesses, (ii) law enforcement, tax and regulatory agencies and bodies, (iii) insurers, and (vi) service providers such as IT and telephony services, catering, document production and postal and delivery services.
We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums. When you post information publicly
Corporate Transactions or Events
We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.
Other Legal Reasons
In addition, we may use or disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Ropes & Gray, our affiliates, you and others; and (7) to enforce our terms and conditions.
European Economic Area
For individuals in the European Economic Area, please click here for additional detailed disclosures.
State of California, United States
We may disclose personal data to affiliates of Ropes & Gray LLP, which may use this information for all purposes outlined in this Privacy Notice. Under California Civil Code Section 1798.83, separate legal entities are considered “third parties” and certain communications with our affiliates might be viewed as promoting legal services. Therefore, we are providing the following information for California residents who have provided us with their personal data during the creation of or during the course of an established legal services relationship that is primarily for personal, family, or household purposes (“California Residents”).
Individual California Residents may request information about our disclosures of certain categories of personal data to third parties (i.e., our affiliates) for such third parties’ direct marketing purpose, consistent with California Civil Code Section 1798.83.
Individual California Residents must submit requests to us either by email at firstname.lastname@example.org or by mail at the following address:
Office of the General Counsel
Ropes & Gray LLP
1211 Avenue of the Americas
New York, NY 10036-8704
In response, we will provide a list of the categories of “Personal Information”, as that term is defined by California Civil Code Section 1798.83, disclosed to third parties for direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties.
This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this section
We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
Cookies on our Sites are generally divided into the following categories:
- Essential Cookies: These cookies are strictly necessary to provide you with services available through our Services and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them without impacting how our Services function.
- Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Services but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
- Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Services are being used or how effective our marketing campaigns are, or to help us customize our Services for you in order to enhance your experience.
- Targeting Cookies: These record your visit to our Sites, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the Sites and other websites you visit. These Cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. See below for further details on how you can control third-party targeting cookies.
You can review your Internet browser settings, typically under the sections "Help" or "Internet Options," to exercise choices you have for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of the Sites.
We support the Self-Regulatory Principles for Online Behavioral Advertising of the Digital Advertising Alliance (“DAA”). To learn more about certain third-party Cookies used for interest-based advertising, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance or your device settings if you have the DAA or other mobile app.
The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.
Links to Other Sites
Updates to this Privacy Notice
Although most changes are likely to be minor, Ropes & Gray may change its Privacy Notice from time to time, and at Ropes & Gray's sole discretion. Ropes & Gray encourages visitors to frequently check this page for any changes to its Privacy Notice.
How to contact us
If you have any queries, questions or concerns about this Privacy Notice or our personal data handling practices, please contact us at email@example.com