GDPR Privacy Notice

This Notice is for people who are located in the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”) and supplements our general Privacy Notice.  Our processing of personal data of people who are in the EEA is governed by the European Union’s General Data Protection Regulation (the “GDPR”).  Our processing of personal data of people who are in the UK is subject to the Data Protection Act 2018, which incorporates the GDPR as the UK GDPR.  This Notice refers to the GDPR and the UK GDPR collectively as the “GDPR”.  As of the most recent revision date of this Notice, we anticipate that Switzerland’s updated data protection law will go into effect during the second half of 2022.  For the sake of administrative efficiency, this Notice applies to people in Switzerland as well as people in the EEA or UK.  However, this does not limit any additional right that people in Switzerland may have..

The GDPR requires us to provide certain information to you about your personal data, which we refer to in this notice as your personal information.

Data Controller

The data controller for this website is the law firm Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. (“Mintz” for short).  For our contact information, see the section in our general Privacy Notice headed “How to Contact Us”.

Purposes of the processing

Our general Privacy Notice describes the personal information that we collect, use, share, or otherwise process personal information – and the purposes for that processing -- in the course of operating our business (other than in the course of legal representation of a client, which is subject to our client agreements and professional responsibilities).  Personal information gathered through cookies and similar tracking technologies is used for the purposes described in our Privacy Preference Center. 

Lawful basis for the processing

Generally, we process personal information provided by visitors through our website or other interactions with us on the basis our legitimate interests in conducting our business as a law firm.  Where we ask for your consent, we process personal information on the basis of that consent. 

We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations.

Categories of personal information

The categories of personal information that we process are described in our general Privacy Notice.

Recipients of your personal information

We use various service providers to manage our website and provide services such as event registration or managing e-mail communications.  Our service providers change from time to time.  Note that our service providers have entered into contracts with us that restrict what they can do with your personal information. If you would like specific information about our service providers who have received your information, please contact us at [email protected] and we will provide that information to you. We may also disclose your personal information to other categories of third parties as described in Part 3 of our general Privacy Notice.

Information regarding the transfers of personal data outside of the European Economic Area (EEA)

Mintz’s main administrative offices are based in the USA and that’s where we process personal information collected through our website.  When you provide personal information to us, we request your consent to transfer that personal information to the USA.  The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information.  Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice.  We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website.  We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Notice.

Retention period for personal information

How long we retain personal information varies according to the type of information in question and the purpose for which it is used.  We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose).  This does not affect your right to request that we delete your personal data before the end of its retention period.  We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

Your data subject access rights

You have the right to request access to your personal data, to have your personal data corrected, restricted or deleted, to withdraw any consent that you have given to the processing of your personal data (without affecting the lawfulness of the processing prior to your withdrawal of consent) and to object to our processing of your personal data.  You also have the right of data portability in certain circumstances, which means that you can request that we provide you (or a third party you designate) with a transferable copy of personal information that you have provided to us.  Your rights may be subject to various limitations under the GDPR.  If you wish to exercise any of these rights, or if you have any concerns about our processing of your personal data, please contact us in any of the ways listed in the section “How to Contact Us” in our general Privacy Notice.

The right to lodge a complaint with a supervisory authority

You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority.   The EU Commission has a list here:  http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.  The data protection authority for the United Kingdom is the Information Commissioner’s Office (www.ico.org.uk).  The federal data protection authority for Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html. 

Absence of statutory or contractual requirement or other obligation to provide any personal data

Users of our website are under no statutory or contractual requirement or other obligation to provide personal information to us, but it will not be possible to receive communications from us or register for our events without doing so.