> California Privacy Rights Act Employee Notice
> EU-US Data Privacy Framework
Lowenstein Sandler LLP
General Data Protection Regulation
Last Updated: January 1, 2023
Data Controller. Lowenstein is a data controller of the personal data of Site Visitors for the purposes and under the legal basis described herein. Please note that, in some cases, the categories of data subjects above may overlap.
Purposes of the processing. Site Visitors voluntarily provide personal data for the purpose of receiving additional information or registering for a service or event. The personal data provided by Site Visitors through our “Contact Us” link is used only to provide them with communications in specialty areas they select. When Site Visitors register via our Sites for an event (including webinars and hosted events), we use the personal data they have provided solely for purposes of contacting them about the event, and to let them know about future events if they have indicated that they would like to receive that information. We also use the information provided by our Site Visitors to respond to and process their requests.
Usage and analytics information regarding Site Visitors is used to maintain audit logs of activity on our Sites, track usage of the Sites, improve, maintain and operate our Sites, and for security purposes.
Lawful basis for the processing. We may process personal data provided by Site Visitors based on their consent, or to provide requested information or service. We may also process personal data based on our legitimate interests, and/or other legal bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations.
Recipients of your personal information. We use various service providers to manage our Sites and provide services such as event registration or managing e-mail communications. Our service providers change from time to time. Our service providers have entered into contracts with us that restrict what they can do with your personal data and require compliance with GDPR and other applicable law. If you would like specific information about our service providers who have received your information, please contact us at email@example.com and we will provide that information to you.
Retention period for personal information. Retention periods for personal data regarding Site Visitors may vary based on the category of data and the purpose for which it was collected and processed. Generally, we retain the personal data of Site Visitors for approximately five (5) years, which period may be extended if they become clients, continue to demonstrate an interest in Lowenstein, or consent to continued communications. This retention period may also be extended or shortened, as appropriate, based on the context of our relationship with an EEA Individual, and/or for compliance with a legal obligation.
We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures or as required by applicable law.
Your rights to access, correct, restrict or delete your personal data and object to processing. You have the right to request access to your personal data, to have your personal data corrected, restricted or deleted, and to object to our processing of your personal data. You also have the right of data portability, which means that you can request that we provide you (or a third party you designate) with a transferable copy of the personal data that you have provided to us in a structured, commonly used and machine readable format. Your rights may be subject to various limitations under the GDPR. If you wish to exercise any of these rights, or if you have any concerns about our processing of your personal data, please contact us at firstname.lastname@example.org with subject line “GDPR Notice”.
The right to lodge a complaint with a supervisory authority. You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. The EU Commission has a list here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also may object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within a marketing email or by submitting your request to email@example.com with the subject line “GDPR Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our marketing). In such case, your personal data will no longer be used for that purpose.
Transfer of Personal Data outside the EEA. We are self-certified under the EU-US and Swiss-US Privacy Shield for appropriate transfer of your personal data from the EEA and Switzerland to our US data centers, as set forth in the Privacy Shield Notice. In some instances, we may rely on appropriate Standard Contractual Clauses to ensure adequate protection of your personal data transferred from the EEA and Switzerland to the US and any other jurisdiction that does not provide adequate security for such data.
Absence of statutory or contractual requirement or other obligation to provide any personal data. Users of our Sites are under no statutory or contractual requirement or other obligation to provide personal data to us via our Sites.
Governmental Access Requests. Lowenstein may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Restructuring. In the event of a merger, reorganization, dissolution or similar corporate or partnership event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Notice. This Notice shall be binding upon Lowenstein and its legal successors in interest.
Updates to this Notice. If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this Notice, and the “Effective Date” at the top of this page will be updated accordingly.
Contact Us. Lowenstein has several locations within the United States including Lowenstein Sandler, LLP, 1251 Avenue of the Americas, New York, New York, 10020. Please use this address and direct your correspondence to General Counsel, or, preferably, contact us at privacy@Lowenstein.com with the subject line, “GDPR Notice” for any questions, complaints, or requests regarding this Notice.
© 2023 Lowenstein Sandler LLP. All rights reserved.