> California Privacy Rights Act Employee Notice
> Privacy Shield Policy
Lowenstein Sandler LLP
Privacy shield policy
Effective date: August 14, 2022
Lowenstein Sandler LLP is a law firm, with clients located throughout the world, including in the European Union Member States, including Iceland, Lichtenstein, and Norway (“EU”) and in Switzerland and provides its services with its affiliate, Lowenstein Sandler Inc. (collectively, “Lowenstein” or the “Firm”). In representing such clients in transactional, litigation, privacy, cybersecurity, or other matters, it is often necessary for the client to provide information to Lowenstein that is subject to data protection laws of the EU and Switzerland. This Privacy Shield Policy therefore applies to personal data transferred to the United States from the EU and Switzerland to protect such data in accordance with Article 45(1) of the General Data Protection Regulation (EU 2016/679) (the “GDPR”).
For the avoidance of doubt, the Privacy Shield Principles and this Privacy Shield Policy do not apply to data that is transferred to, from, or within Lowenstein on any other legal ground (e.g., as otherwise permitted under the GDPR or where GDPR transfer requirements are not applicable).
Lowenstein’s Privacy Shield Policy concerning Personal Data received from the EU and/or Switzerland is accurate, comprehensive, fully implemented and prominently displayed on Lowenstein’s internet website.
Information We Collect/Receive; the Purpose of Collection and Use
For the purposes of this Privacy Shield Policy, “Personal Data” means personal data transferred to or within Lowenstein from the EU or Switzerland under the EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield Frameworks.
The Personal Data transferred from the EU or Switzerland may concern the following categories of persons:
- Opponents, counterparties, and prospective opponents and counterparties of clients and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Clients, prospective and former clients of Lowenstein and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Professional and personal contacts of partners, associates and other employees of Lowenstein;
- Suppliers (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Advisors, consultants, witnesses, other professionals and professional experts (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Other persons involved in litigation, arbitration, investigations or transactional matters; and
- Dependents, associates and correspondents of the above persons affected by the data transfer.
Purposes of Data Transfers
Personal data from the EU or Switzerland is transferred for the following purposes:
- Legal Services (the provision of legal services including advice to, or acting on behalf of, clients and conducting litigation, arbitration, investigations and transactional matters). This includes the provision of legal services to clients in order to establish data rooms relating to transactions or projects, conducting document reviews and any disclosure or related exercise in any litigation or any government or regulatory exercise or internal investigation conducted by or on behalf of Lowenstein and its clients;
- Accounts & Records (including maintenance of accounts related to Lowenstein’s business activities; deciding whether to accept any person or entity as a client or supplier; keeping records of transactions; making financial or management forecasts);
- Compliance with Lowenstein’s ethical, professional and legal obligations;
- Compliance with Lowenstein’s anti-money laundering, risk management and other compliance protocols;
- Marketing of Lowenstein’s services (including invitations to events and email alerts); and
- Storage, backup and administration of client files, and other data as described above.
Categories of Data
The Personal Data transferred may concern the following categories of data:
- Details of clients’ personal and financial details and their intentions towards third party persons;
- Details of clients’ personnel and third parties who are business associates of Lowenstein’s clients, and details of those who correspond with those personnel;
- Emails and other communications with third parties;
- Contact details (e-mail address, fax and/or telephone numbers, mobile telephone number, business and/or residential address (in each case, in respect of both business and personal contact details)), billing information, payment history, job functions, details of associates/employees’ personal assistant/secretary and internal personnel hierarchy and meeting / telephone attendance notes;
- Evidence or materials that may potentially contain evidence relating to an actual or potential dispute (including emails); and
- Due diligence information and information relating to actual or prospective business, company or asset acquisitions.
How We Share Your Information
The Personal Data transferred from the EU or Switzerland may be disclosed to the following recipients or categories of recipients:
- Lowenstein’s partners, associates and employees who need to have access to such information;
- Lowenstein’s data processors (including IT vendors, data center providers, document management and archiving contractors);
- The courts, governmental authorities and third parties where Lowenstein is required to disclose such information by law or court, governmental or other authorized order;
- Opponents and counterparties and their affiliated entities (and their counsel, advisers, consultants and other professional experts) where so instructed by its clients or where it is necessary or expedient to do so in order to carry out a client retainer;
- Law enforcement agencies and other governmental authorities where it is necessary to comply with Lowenstein’s understanding of its ethical and professional duties or to prevent physical harm or financial losses; and
- Partners, associates and staff of Lowenstein for business development, client relations and marketing purposes.
Lowenstein maintains the Personal Data it receives in secure on-line and off-line facilities. Such information is not disclosed unless necessary or advisable to protect the rights, safety or property of Lowenstein or others; to conform to legal or regulatory requirements; or as required to protect the legitimate interests of its clients relating to Lowenstein’s representation of such clients. Such data is not disclosed to third parties unless such disclosure is permitted under applicable law and only if the third party operates in accordance with Lowenstein’s strict data standards, and for the purposes of Lowenstein’s representation of its clients.
Lowenstein maintains strict security and confidentiality policies that govern all information any attorney or other personnel receives in the course of his or her employment or association with Lowenstein. All attorneys and personnel are made aware of these policies and Lowenstein has in place procedures to train all attorneys and personnel in the implementation of these policies. Failure to adhere to the privacy, security and confidentiality policies results in appropriate discipline. Lowenstein has in place procedures for periodically conducting objective reviews of compliance with this Privacy Shield Policy.
Important Notice for Individuals in the European Economic Area and Switzerland
Lowenstein complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. Lowenstein has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this Privacy Shield Policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Lowenstein is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Upon request, we will provide you with confirmation as to whether we are processing your personal data, and will provide access to such data to the extent such access does not violate the rights of other persons. Further, upon request, you have the right to correct, amend or delete your personal data where it is inaccurate or has been processed in violation of this Privacy Shield Policy. We may require payment of a non-excessive fee to defray our expenses in this regard. To submit a request pursuant to the foregoing, please contact firstname.lastname@example.org with the subject line “Privacy Shield,” and we shall process such request in accordance with the Privacy Shield Principles. Please allow us a reasonable time to respond to your requests and other inquiries.
Individuals have the opportunity to opt-out of sharing of their personal information with third parties other than our agents or before we use it for a purpose that is materially different from which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to email@example.com with the subject line “Privacy Shield.” Please allow us a reasonable time to process your response.
We will (i) not disclose your sensitive personal information to any third party without first obtaining your opt-in consent and (ii) obtain your opt-in consent before we use sensitive data for a purpose other than which it was originally collected or subsequently authorized, unless, in either case, an exception applies pursuant to the “Sensitive Data” Privacy Shield Supplemental Principal. You may grant such consent by contacting us at firstname.lastname@example.org. Please allow us a reasonable time to process your response.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Lowenstein’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Lowenstein remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Lowenstein proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Lowenstein commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Lowenstein by email at email@example.com.
Lowenstein has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Changes to the Privacy Shield Policy
Lowenstein’s Privacy Shield Policy may be amended from time to time, consistent with applicable data protection laws, Lowenstein’s legal obligations and professional duties and the then applicable Privacy Shield Principles. Lowenstein will make available on its website any new version of its Privacy Shield Policy.
For the foregoing purposes and for other questions, comments, requests, or inquiries regarding the processing of your Personal Data by Lowenstein, please contact us via e-mail at firstname.lastname@example.org, or in writing to:
Lowenstein Sandler LLP
Attn.: Office of the General Counsel
David M. Wissert
One Lowenstein Drive
Roseland, NJ 07068
United States of America
All such requests will be handled in accordance with the Privacy Shield Principles and applicable laws, including applicable data protection and privacy laws. Although Lowenstein makes good faith efforts to comply with such requests, there may be circumstances in which Lowenstein is unable to provide access to such information, comply with a request to amend, correct, or delete such information, and/or limit the disclosure or use of such information, including but not limited to where complying with the request would: (i) violate a privilege or protection (such as the attorney-client privilege) under applicable law; (ii) compromise confidentiality obligations or the privacy, proprietary, or other legitimate rights of Lowenstein, its clients, or other third parties; (iii) involve a burden or expense that would be disproportionate to the risks to the individual’s privacy; or (iv) violate applicable rules of professional responsibility or other applicable laws. If Lowenstein determines that any such requests cannot be complied with for such a reason or reasons, Lowenstein will endeavor to provide you with an explanation of why that determination was made. To protect your privacy, Lowenstein will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.
© 2018-2023 Lowenstein Sandler LLP. All rights reserved.