Fish & Richardson P.C. is a Massachusetts professional corporation organized in the U.S. Our office locations and contact details are listed at www.fr.com/contact.
1. INFORMATION WE COLLECT
We collect and receive Personal Information, as defined below, and other information from a variety of sources and in a variety of ways, including those listed below. We may collect information from you, publicly available sources, service providers, business partners or other third parties. Personal Information means information relating to an identified or identifiable natural person. To the extent permitted by applicable law, Personal Information does not include information that has been deidentified, pseudonymized or anonymized. Additional exclusions for Personal Information may be provided below based on the laws applicable to your jurisdiction.
- Legal Services and Business Administration. We collect Personal Information and other information from a variety of sources about a variety of individuals during the course of providing legal services and administering our business. For example, we collect Personal Information about individuals associated with our clients, prospective clients and their respective affiliates, including employees, representatives, customers, service providers, and other contacts. We may collect Personal Information about other individuals while providing legal services, such as adverse parties, inventors, experts and witnesses. The type of Personal Information and other information is necessarily broad and varied depending on the nature of the legal matter or operational purpose, and includes name, email address, postal address, telephone number, and unique identifiers.
- Interactions with the Sites and Us. When you visit the Sites, you may choose to provide Personal Information and other information, such as your name, email address, telephone number, company name, title, dietary restrictions and preferences and health condition. For example, you may provide Personal Information by sending us an email, registering for a webinar, in-person event or other event, subscribing to news alerts, providing your contact details and updating your contact preferences, or downloading a whitepaper. You may also provide Personal Information, such as your contact details, dietary restrictions and preferences and health condition, to us at conferences, events and other locations.
- Service Providers. We collect Personal Information and other information about individuals associated with service providers that we engage, such as name, postal address, email address, telephone number, company name and title.
- Purchase and Transaction Information. We collect Personal Information and other information, including payment data such as a credit card number or bank account number, while processing payments for legal services, event registrations, and service providers.
- Job Applications. We collect information when you apply for a job with us, including your name, email address, telephone number, and information on your resume. You may also provide information related to necessary health-related accommodations. If you are located in the European Economic Area (“EEA”) and apply for a job in our Munich, Germany, office, our “FR GDPR Data Protection Notice (Munich Office)” located here applies to the submission of your job application.
- Device and Browser Information. When you visit the Sites, we may collect information, such as the type of browser and operating system you are using, the domain name of your internet service provider, which pages you visit and how long you spend on each page, your location, and the unique number (such as IP address) assigned to your server or internet connection.
- Social Media Sites. If any Sites are accessible through third-party social networking sites and you use such features, we may have access to certain information associated with your social media account such as your name, email address and photograph. If you are a member of the social networking site, the social networking site may connect your visit to the Sites with your Personal Information.
- Other Information.We may obtain Personal Information about you from third parties, including entities that direct you to or are accessible via the Sites, and business partners.
You are not obligated to provide us with your Personal Information in all of the cases described above. However, without your Personal Information, we may not be able to fulfill the functions described above. For example, we may not be able to provide you with legal services, consider you for a job or engage you for your services. In addition, some features of the Sites, such as event registration, may not function without your Personal Information.
2. USES AND PURPOSES OF PERSONAL INFORMATION
We use Personal Information we collect for the purposes described below. In some cases, the EU General Data Protection Regulation (“GDPR”) applies when we process Personal Information we collect from data subjects in the EEA and the United Kingdom (“UK”). The GDPR legal basis for processing Personal Information is listed below in the event GDPR applies.
- To provide legal and related services and administer our business, including representing clients in legal matters; responding to, soliciting and evaluating requests for services; fulfilling legal and ethical obligations, such as performing conflict checks; and processing payments for services.
GDPR Basis: Processing is necessary to perform a contract for legal services or to take steps prior to entering into the contract and/or to comply with our legal obligations (including our legal obligations as attorneys). Processing is also necessary for the purposes of our and third party legitimate interests, including our interests in providing legal services consistent with our obligations and high standards and to operate and manage our business.
- To fulfill your requests made on the Sites or other means, such as responding to your requests for information, processing your registration for an event, and providing you with your dietary preferences or health-related accommodations at an in-person event.
GDPR Basis: Processing may be necessary for the performance of a contract (such as a registration contract), for the purposes of our and third party legitimate interests, including our interest in providing responsive services to our clients and potential clients, soliciting additional clients and furthering our reputation in the legal field, and to protect your vital interests in providing you with dietary and/or health-related accommodations at in-person events.
- To administer, fulfill and enforce contractual obligations with service providers and others.
GDPR Basis: Processing is necessary to perform a contract or to take steps prior to entering into the contract and/or to comply with our legal obligations (including our contractual obligations). Processing may be necessary for the purposes of our and third party legitimate interests, including our interest in maintaining our reputation as a reliable contract partner.
- To provide marketing materials we believe would be of interest to you, such as upcoming events, newsletters, or legal developments; to maintain and update your contact preferences; to add you to our databases, including subscriber and contact lists, for future marketing purposes; and other marketing efforts.
GDPR Basis: Processing is necessary for the purposes of our and third party legitimate interests, including our interest in promoting and growing our legal services and furthering our reputation in the legal field.
- To evaluate job applicants and maintain personnel files.
GDPR Basis: Processing is necessary for the purposes of our legitimate interest in recruiting and evaluating employees who meet our firm standards. In addition, if you provide sensitive information such as health-related information, we process that information based on our obligations under employment law or your consent.
- To improve the functionality, customization, personalization, security, design and/or content of the Sites, including collecting and evaluating web analytics.
GDPR Basis: Processing is necessary for the purposes of our legitimate interest in evaluating and improving our Sites and legal services, in promoting and growing our legal services and furthering our reputation in the legal field. Processing may also be necessary to comply with our legal obligations.
- For compliance purposes and legal obligations, such as validating identity, complying with legal and regulatory requirements, complying with our internal policies, protecting and defending us and our affiliates against legal actions or claims, and preventing fraud.
GDPR Basis: Processing may be necessary to perform a contract or to take steps prior to entering into the contract and/or to comply with our legal obligations (including our legal obligations as attorneys). Processing is also necessary for the purposes of our and third party legitimate interests, including enforcing and defending legal rights and furthering compliance efforts.
In some cases, when another GDPR legal basis does not apply, we may process Personal Information based on your consent.
3. DISCLOSURE OF PERSONAL INFORMATION
Your Personal Information may be shared among any of the offices of Fish & Richardson P.C. Please refer to Section 6 below regarding cross-border transfers.
Your information may be shared with a variety of unrelated third parties as follows:
- With persons who are involved in our clients’ legal matters during the course of our legal representation, such as opposing counsel, co-counsel, courts and government bodies and experts.
- With our and our clients’ service providers, such as auditors, research services, translators, transcriptionists and insurers.
- With business and marketing partners.
- Regarding your dietary restrictions and preferences and health‑related accommodations, with our caterers, venue coordinators, co‑sponsors and other third parties associated with an in‑person event.
- We may share or transfer your information if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets, or in preparation for any of these events.
- With other parties with your consent.
4. COOKIES AND SIMILAR TECHNOLOGIES
5. YOUR RIGHTS AND CHOICES
- Opt-Out of Marketing. If you wish to opt-out of receiving marketing solicitations from us, or from our sharing your Personal Information with third parties for their marketing purposes, please contact us at the email or postal address listed in Section 11. Even if you opt-out, we may still use and share the information we collect for non-marketing purposes.
- Unsubscribe from Emails. Each of our marketing emails includes an automated way for you to opt out (unsubscribe) from marketing emails sent by us. To unsubscribe, please follow the instructions in the email you receive.
- Cookie Preferences. You may use the Sites’ cookie tool to set or update your preferences with respect to non-functional cookies at any time.
- European Economic Area and United Kingdom Data Subjects. If you are an individual located in the EEA or UK and GDPR applies to our processing of your Personal Information as a data controller, you may have the following rights to the extent provided by applicable law: (a) request access to your Personal Information; (b) rectify your inaccurate Personal Information; (c) request that we restrict processing or object to the processing of your Personal Information; (d) request the transfer of your Personal Information; and (e) ask us to delete your Personal Information. These rights have important conditions and exemptions, and we reserve the right to deny or limit the response to these requests to the extent permitted by applicable law. Although as a general matter we will not charge fees to handle requests, if your requests are manifestly unfounded or excessive, we may deny them or charge you a fee.
To exercise your rights, please contact us at the email or postal address listed in Section 11. We will take reasonable steps to verify your identity before responding to any requests, with the level and type of verification depending on the nature of your request and/or the nature of the Personal Information involved in the request. We may require you to submit additional personal or other information in order to verify your identity. We may deny or limit the response to requests where we are unable to verify your identity or we suspect fraudulent or malicious activity. If you are in the EEA or UK and are not satisfied with the way we handled your request pursuant to GDPR, you have the right to lodge a complaint with a European Union supervisory authority.
- Notice to California Residents. If you are an individual and a California resident, and the California Consumer Privacy Act of 2018 (“CCPA”) applies to our processing of your Personal Information as a business under the CCPA, this section provides additional information to you. This section does not apply to any matters exempted from the CCPA during the period of exemption, including (a) Personal Information we collect about employees, owners, directors, officers, contractors or job applicants and (b) Personal Information we collect while communicating or transacting with an individual who is acting on behalf of another business and the communication or transaction occurs only within a business context. If you have a disability and need information on how to access this Policy in an alternative format, please contact us at 1-833-742-0965, or email or write to us at the contact addresses listed in Section 11.
- Categories of Personal Information: To the extent permitted by applicable law, Personal Information does not include information that is publicly available. We collect the following categories of Personal Information listed in the CCPA, and may have collected any or all of this information in the preceding 12 months: (a) identifiers such as name, postal address, email address, account name, social security number, driver’s license number and passport number; (b) categories described in Cal. Civ. Code § 1798.80(e), such as telephone number, insurance policy number, education, employment, bank, credit card number or other financial information and medical information; (c) characteristics of protected classifications under California or federal law, such as race, national origin, age over 40, disabilities, sex, marital status and military status; (d) commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; (e) biometric information; (f) internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet web site, application, or advertisement; (g) geolocation data; (h) audio, electronic, visual, thermal, olfactory, or similar information; (i) professional or employment-related information; and (j) education information, defined as information that is not publicly available personally identifiable information (as defined in 20 U.S.C. § 1232g, 34 C.F.R. Part 99).
- Sources and Use of Personal Information. We collect Personal Information from the sources listed in Section 1. We use Personal Information for the business and commercial purposes listed in Section 2.
- Disclosure or Sale of Personal Information. We do not sell Personal Information to third parties. We may disclose Personal Information for business purposes and/or to the third parties listed in Section 3.
- CCPA Requests. You have the right to make the following requests to the extent permitted by applicable law. These rights have important conditions and exemptions, and we reserve the right to deny or limit the response to these requests to the extent permitted by applicable law. Although as a general matter we will not charge fees to process such requests, if your requests are manifestly unfounded or excessive, we may deny them or charge you a fee.
- Right to Know: You may request that we disclose the following information, applicable to the 12-month period preceding the receipt of your request: (a) categories of your Personal Information we collected; (b) categories of sources of your Personal Information; (c) business or commercial purposes for collecting your Personal Information; (d) categories of third parties with whom we shared your Personal Information; and (e) specific pieces of your Personal Information we collected. We are not required to provide this information to the same person more than twice within a 12-month period.
- Request to Delete: You have the right to request deletion of your Personal Information we collected.
- Instructions for Submitting CCPA Requests. You may submit CCPA requests by calling toll-free 1‑833-742-0965 or emailing or writing to the contact addresses listed in Section 11. We will take reasonable steps to verify your identity before responding to any requests, with the level and type of verification depending on the nature of your request and/or the nature of the Personal Information involved in the request. We may require you to submit additional personal or other information in order to verify your identity. You may use an authorized agent to submit your request if the agent has your legal power-of-attorney or you provide the agent signed permission, verify your identity with us, and confirm with us that you provided the authorized agent permission to submit the request. We may deny or limit the response to requests where we are unable to verify your identity or the authorized agent’s authority or we suspect fraudulent or malicious activity. You have the right not to receive discriminatory treatment for exercising your CCPA privacy rights.
6. CROSS-BORDER TRANSFERS
We are organized in the U.S. Any information that you provide to us, including Personal Information, may be transferred to and processed in the U.S. If you are located outside the U.S., please be advised that the U.S. does not offer safeguards to protect Personal Information that are as stringent as some other jurisdictions in the world. For example, the European Union does not consider U.S. privacy safeguards to be adequate to protect Personal Information. When we collect Personal Information from outside of the U.S., we rely on lawful mechanisms to transfer and process that information in the U.S. Lawful mechanisms include your consent; the establishment, exercise or defense of legal claims; legal arrangements such as data protection clauses; and the performance of a contract. If we rely solely on your consent, and not another lawful mechanism, you have the right to withdraw your consent by contacting us at the email or postal address listed in Section 11. We have issued an Independent Guarantee to Provide an Adequate Data Protection Level, located here, pertaining to the transfer of Personal Information concerning staff from our office in Munich, Germany, to our other offices.
7. DATA RETENTION
We will retain your information for as long as necessary to provide any services you request; for as long as you accept marketing communications from us; as necessary for the performance of legal agreements; to comply with legal obligations, including document preservation practices; to resolve disputes; during applicable statutes of limitations; in accordance with our internal document retention policy; and for other legitimate purposes. If you need additional information regarding our data retention practices, please contact us at the email or postal address listed in Section 11.
Although we employ technical and organizational controls that we believe are reasonably appropriate to protect your information, we do not guarantee that our security precautions will protect against the loss or misuse of your information. Similarly, we cannot guarantee the privacy of information you transmit over the internet or that may be collected in transit by others, including contractors that provide services to us.
9. OTHER WEBSITES AND LINKS
The Sites may contain links to other websites, including social media widgets that will take you to social media websites or applications. We are not responsible for the information collection or privacy practices of other sites. You should consult the privacy policies of other sites before you visit those sites or provide any information to those sites. These third-party sites may connect your visit to the Sites and their sites with your Personal Information. We may also provide information at the Sites about programs and events that are sponsored by or co-sponsored by other firms or organizations. If you register for any of these events, we may have no control over the third-party sponsors’ use of your information.
10. REVISIONS TO THIS POLICY
We reserve the right to revise this Policy at any time. Please review this Policy periodically for changes and at any time you provide information to us. We will post any revised versions of the Policy on the Sites. We will also notify you if we make material changes to the Policy by posting a notice on the Sites or contacting you by other methods. By continuing to access or use the Site and our services after changes become effective, you agree to be bound by the terms of the revised Policy.
11. CONTACTING US
If you have any questions or concerns regarding this Policy, or wish to exercise any of your rights described in this Policy, please contact us by email at [email protected] or write to us at the address below:
Director of Risk Management and Legal Compliance
Fish & Richardson P.C.
500 Arguello Street
Redwood City, CA 94063
Last Updated: November 12, 2020