Privacy at Holland & Knight

This Privacy Notice applies to the processing of Personal Information by the Firm in connection with:

Client services: the provision by the Firm of legal services to our clients (and reference in this Notice to our "clients" includes their employees whose Personal Information we process); and

Our Sites: this Notice explains how the Firm collects, uses and discloses Personal Information when you visit or communicate with us through our Sites, or offline as a prospective client or general contact.

This Notice applies to Holland & Knight LLP (a Florida limited liability partnership), Holland & Knight (UK) LLP, Holland & Knight Colombia S.A.S., and Holland & Knight Mexico S.C.

Holland & Knight (UK) LLP is a limited liability partnership registered in England and Wales under company number OC327443 and whose registered office is at Leaf 27c Tower 42, 25 Old Broad Street, London, United Kingdom, EC2N 1HQ. Holland & Knight (UK) LLP is registered with the United Kingdom Information Commissioner's Office ("ICO") under registration number Z7232766, and is authorized and regulated by The Solicitors Regulation Authority.

Holland & Knight Colombia S.A.S. is registered with the Superintendence of Industry and Commerce ("SIC") and National Database Registry, under tax identification number (NIT) 900.502.435-1.

Holland & Knight Mexico S.C. is registered with the Public Registry of Commerce (P563318/2013) and the Federal Registry of Taxpayers (HSL-130621-MS9), whose registered office is located at Av. Paseo de la Reforma 342, Floor 28, Col. Juárez, Alcaldía Cuauhtémoc, Mexico City, Mexico.

This Notice does not apply to information stored on an extranet site or online credit card e‑payment or e-billing system.

The Sites are provided for general informational purposes and convenience. Please be advised that browsing the Sites, using its services, or functionality does not make you a client. The Sites do not provide, do not constitute, and should not be construed as legal advice.

The Firm is not required to appoint a formal Data Protection Officer under current privacy and data protection law. However, we have appointed a contact in the event you have any questions regarding this Notice, your rights with respect to your Personal Information, or to exercise any of your privacy rights as described in this Notice or under applicable privacy and data protection law. 

Diane Del Re
Privacy and Compliance Senior Manager
Holland & Knight LLP
524 Grand Regency Blvd. | Brandon, Florida 33510
By telephone: Office 813.901.4196 | Mobile 813.997.7584
By email: diane.delre@hklaw.com | privacy@hklaw.com

Data Controller: The legal entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Information. While providing legal services to you as a client, the Firm is data controller or joint data controller. With respect to Firm administration, and in support of our business operations, the Firm is the data controller.  

Data Processing: Any operation or set of operations performed on Personal Information such as collection, organization, structuring, storage, retrieval, consultation, use, dissemination or otherwise making available, restriction, erasure or destruction. 

Individual: An individual is any natural person who can be identified, directly or indirectly, by an identifier (such as full name or an identification number). Also referred to as a consumer, data subject or resident under various privacy laws, the individual is generally the person described by the Personal Information.

Personal Information: Commonly referred to as Personally Identifiable Information (“PII”) or personal data, Personal Information (“PI”) may be defined under various privacy laws, but, generally, is a fact about an individual which, if combined with one or more other facts about that individual, would enable others to determine the specific person to whom the facts apply.

Sensitive Personal Information: Sensitive Personal Information (“SPI”) is a subset of PI that requires greater security protections and standards of care in handling. SPI, also known as "special categories of information", is generally defined as information that if lost, compromised, or disclosed could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Some privacy laws may identify SPI with additional granularity. 

The Firm: For the purposes of this Notice, we will refer to Holland & Knight LLP and its associated affiliates¹ as "the Firm", and collectively as "we", "our" or "us".

The Sites: This website, and any mobile site or mobile application that link to this Notice, that is owned and operated by Holland & Knight LLP (collectively, "the Sites").

The Firm adheres to industry-standard privacy and data protection principles when processing PI, including the following:

• Accountability: PI is collected and processed with appropriate controls and measures to demonstrate compliance with our legal and regulatory obligations.
• Accuracy and Quality: Subject to applicable privacy law, individuals have the right to access their PI to ensure its accuracy and completeness. When necessary, reasonable efforts are taken to ensure that inaccurate data is rectified in a timely manner.
• Consent and Choice: Opt-in and opt-out choices are provided to individuals with respect to their privacy rights under applicable privacy laws.
• Data Minimization: PI is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
• Integrity and Confidentiality: PI is processed in a manner designed to provide appropriate security including protection against unauthorized or unlawful processing or access, accidental loss, destruction or damage, using appropriate technical and organizational measures.
• Lawfulness, Fairness and Transparency: PI is processed lawfully and fairly, with a valid legal basis. We provide information about PI collection, use and disclosure through transparent notices.
• Notice and Awareness: Individuals are given notice of the Firm's privacy practices prior to any collection of PI to ensure privacy rights are clearly defined and individuals can make informed decisions about their PI.
• Privacy Safeguards and Security: We store your PI as long as necessary to support our business operations and fulfill our legal obligations, including any applicable retention requirements. The Firm utilizes practices and controls consistent with security and privacy standards in the industry. For more information about our security practices, refer to section Security of Your Personal Information.
• Privacy Compliance: The Firm has a dedicated Privacy and Compliance Program that monitors changes in privacy laws and regulations, and ensures compliance with our legal, regulatory and client obligations with respect to data privacy. The program includes the prevention of unauthorized disclosure of PI, data protection controls, and remediation and mitigation of privacy risk.
• Purpose Limitation and Specification: PI is collected for a specified, explicit and legitimate business purpose and there is a valid legal basis for the processing activity.
• Use, Retention and Disclosure Limitation: We will retain your PI for as long as your registration on the Sites is active, or as needed to provide you with services or information you have requested.

You are not required to provide any PI on any areas of our Sites. However, you may choose to provide us with PI about yourself by corresponding with us by telephone, email, via the Sites, or otherwise. 

The PI you may provide or we may collect include the following:

• Your name;
• Your job title and company name;
• Your mailing address;
• Your contact details, such as telephone number and email address;
• Information relating to the matter in which you are seeking our legal advice or representation;
• Business or professional qualifications or experience;
• Company information, including PI about your directors, officers, beneficial owners or agents;
• Other PI contained in correspondence or documents which you may provide to us; or
• Any other identifier that permits Holland & Knight to make contact with you.

 This PI may be required in order to enable us to provide our services to you. Where PI relates to your directors, shareholders, beneficial owners, employees, customers, agents, associates or family members, it is not reasonably practical for us to provide them the information in this Notice. Accordingly, and as appropriate, you should provide a link to this Notice to any such person.

For the purposes of UK and EU data protection laws, certain Personal Information is treated as a "special category" to which additional protections apply under UK and EU data protection law. This includes: PI revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data and biometric data (when used to uniquely identify an individual); and information concerning health, sex life or sexual orientation. 

We generally do not seek to collect SPI through our Sites. When using our Sites, the SPI you may provide to us includes:

• Username and password, to register with us or access password-protected areas of our Sites. 

The SPI or "special category" information we may collect in the course of advising or acting for you as a client or your potential employer may include:

• Your date of birth, age, gender and marital status;
• Proof of identification, including passports, national identification cards, drivers licenses or utility bills;
• Your immigration status and work permits;
• Financial information, including bank account numbers, loan or payment information, including credit card numbers;
• Your demographic information, including race and ethnicity, educational background, sexual orientation, veteran or military status or disability status;
• Information related to the matter which you are seeking guidance and legal advice, including criminal information;
• Other SPI contained in correspondence or documents which you may provide to us; or
• Any other SPI related to the matter in which you are seeking our guidance or for the provision of confidential advice. 

Where we process any such "special categories" of PI, we will ensure that we are permitted to do so under applicable EU or UK data protection laws. For example, where:

• We have your explicit consent; or
• The processing is necessary to establish, exercise or defend legal claims; or
• The processing is necessary for preventing or detecting unlawful acts.

We collect most information from you directly. However, we may also collect the following PI about you:

• Name, contact details, and professional experience and qualifications from publicly accessible sources like Companies House and LinkedIn;
• Credit account information, fraud activity, sanction status and Politically Exposed Persons ("PEP") status from due diligence providers;
• Information which you have made public on websites associated with you or your company, or on social media. 

With your consent, we may also collect information from:

• Your bank or building society, your financial institution or advisor;
• Consultants and other professionals we may engage in relation to your matter;
• Your employer, trade union, professional body or pension administrators;
• Your doctors, or medical and occupational health professionals.

We may collect and store PI relating to criminal convictions and offences, including the alleged commission of offences, only where permitted under applicable data protection laws including where necessary for the purposes of:

• The prevention or detection of an unlawful act and is necessary for reasons of substantial public interest;
• Providing or obtaining legal advice; or
• Establishing, exercising or defending legal rights.

We may collect PI from you when:

• You voluntarily provide it to us on the Sites or offline;
• You sign up to receive emails, alerts or other communications;
• You communicate with us either on the Sites or offline;
• We use third-party sources to verify your professional experience or qualifications, check sanction status or conduct necessary Know Your Client (KYC), Office of Foreign Assets Control (OFAC) sanctions checks or third party due diligence checks. 

We may also collect information through our information technology systems, including:

• Online case management, document management and time recording systems;
• Door entry systems and reception logs; or
• CCTV and access control systems. 

We may also obtain information about your use of our Sites through the use of 'cookies' or other tracking technologies. Please see our Cookie Notice for more information.

We use the PI we collect via the Sites as provided in this Notice. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained below, along with the categories of PI associated with each use.

 

Categories of PI	Purposes for Processing PI	Legal Basis for Processing PI
Commercial information Customer records Identifiers	To enable you to register on our Sites and access information, products and services on password-protected areas of the Sites. To provide you with information and services that you request from us.	It is in our legitimate interests to provide our services to you and to register you at your request. It is also in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business, and to offer appropriate and responsive service. We consider these uses to be necessary for our legitimate interests and proportionate, and will not be prejudicial or detrimental to you.
Commercial information Customer records Identifiers	To send you alerts, newsletters, bulletins, e-announcements, and other communications concerning the Firm, legal developments or notifications.	For direct marketing sent by email to new contacts (i.e., individuals with whom we have not previously engaged), we will obtain your consent to send you such direct marketing. You can always opt-out of receiving direct marketing-related email communications by using the "unsubscribe" link provided in our marketing communications or by visiting the Subscription Management.
Commercial information Customer records Identifiers	To send you information regarding changes to our policies, other terms and conditions, and other administrative information. To enforce the Firm's Terms and Conditions of Use for visitors and registered users of our Sites.	It is in our legitimate interests to send you information regarding changes to our policies, other terms and conditions, and other administrative information and to enforce our terms of use of our Sites. We consider this use to be necessary for our legitimate interests and proportionate.
Education information Professional information	To invite you to seminars, events, or other functions we believe may be of interest to you.	It is in our legitimate interests to directly market our services to existing users. We consider this use to be proportionate and will not be prejudicial or detrimental to you. For direct marketing sent by email to new contacts (i.e., individuals with whom we have not previously engaged), we will obtain your consent to send you such direct marketing.
Geolocation data Identifiers Usage data	To administer our Sites, including troubleshooting, data analysis, testing, research, statistical and survey purposes; To improve our Sites to ensure that consent is presented in the most effective manner for you your computer, mobile device or other item of hardware through which you access the Sites; and To keep our Sites safe and secure.	For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.

Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. 

You can update your details or change your privacy preferences by contacting us as provided in the Contact Information section. The Firm will only use your PI for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or as otherwise required by law.

If we need to use your PI for an unrelated purpose, where we are legally permitted to do so, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.

Our use of PI is subject to your instructions, privacy and data protection laws, and our professional duty of confidentiality.

We will only process your PI if we have a legal basis for doing so, including where:

• Processing is necessary for the performance of our contractual engagement with you and the PI collected is reasonably necessary to carry out your instructions;
• Processing is necessary to comply with our legal obligations, such as due diligence and anti-money laundering requirements;
• Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms: this relates to our processing for marketing purposes, for our management, accounting and administration purposes, and for data security.

The purpose for which we use and process your PI and the legal basis on which we carry out each type of processing is explained below, along with the categories of PI associated with each use.

 

Categories of PI	Purposes for Processing PI	Legal Basis for Processing PI
Commercial information Customer records Identifiers Professional information Protected classifications	To provide Client services to you in connection with your matters. To provide you with information that you request from us. To carry out associated administration, invoicing and accounting in connection with your matters. To comply with our internal business policies. To carry out credit reference checks.	For the performance of our contract with you or to take steps at your request before entering into a contract. It is in our legitimate interests to ensure we can manage matters, payments, fees and charges and to collect and recover money owed to us. To comply with our legal and regulatory obligations, and professional responsibilities. It is in our legitimate interests or those of clients to adhere to our own internal procedures so that we can deliver an efficient service to you. It is in our legitimate interests to carry out credit control and to ensure our clients are likely to be able to pay for our services.
Commercial information Customer records Identifiers Professional information Protected classifications	To comply with our anti-money laundering requirements and other professional, legal and regulatory obligations.	To comply with our legal and regulatory obligations, and professional responsibilities.
Commercial information Customer records Identifiers Professional Information Protected classifications	To provide you with updates or changes to our existing policies, notices or terms.	It is in our legitimate interests to send you information regarding updates or changes to our policies, other terms and conditions, and other administrative information and to enforce our terms of use of our Sites. We consider this use to be necessary for our legitimate interests and proportionate.
Commercial information Customer records Identifiers Professional information Protected classifications	For internal and external audits, certifications and quality checks, e.g. for Lexcel, ISO or Investors in People accreditation and the audit of our accounts.	It is in our legitimate interests to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations.
Commercial information Customer records Identifiers	For marketing our Client services. To invite you to join Firm or externally hosted events, webinars, conferences or publications that may be of interest to you, including legal and regulatory updates and changes.	It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you. For direct marketing sent by email to new clients (i.e., with whom we have not previously engaged or provided legal services to), we will obtain your consent to send you such direct marketing. You can always opt-out of receiving direct marketing-related email communications by using the "unsubscribe" link provided in our marketing communications or by visiting the Subscription Management.
Geolocation data Identifiers Usage data	To manage and protect the Firm, including improving data security, systems maintenance, and managing our offices and other facilities.	It is in our legitimate interests to prevent and detect criminal activity that could be damaging for Holland & Knight and for you. To comply with our legal and regulatory obligations.

 

Where we request PI to identify you for compliance with anti-money laundering regulations, we shall process such information only for the purposes of preventing money laundering or terrorist financing, or as otherwise set out in this Notice or permitted by law.

The Firm acts as a data controller in relation to the processing of PI as set forth in this Notice. However, in some circumstances, we may process PI on your behalf as a data processor for the purposes of data protection laws. Where we process any PI on your behalf as your data processor, the terms set out in our data processing agreement shall apply.

PI will be retained by us and will not be shared, transferred or otherwise disclosed to any third party, except as set forth in this Notice.

Our information technology systems are operated by us, but some data processing may be carried out on our behalf by third parties. Where processing of PI is carried out by a third party data processor on our behalf, our third party service providers are subject to security and confidentiality obligations and are only permitted to process your PI for specified purposes and in accordance with our instructions. We also impose contractual obligations on service providers to ensure they can only use your PI to provide services to us and to you.

A list of sub-processors which assist with the running of the Sites and services (including cloud service and software providers, hosting providers, recruitment agencies and document service providers) is available upon request. Disclosure of the list of sub-processors will be made under a non-disclosure agreement. Requests should be sent using the information found in the Contact Information section of this Notice. 

We may share your PI for the purposes explained below:

• With our affiliated Firms and advisors, partners, staff and consultants, as necessary to carry out the purposes for which your PI was collected or supplied to us;
• With other professional advisors, expert witnesses and third parties, in accordance with your instructions;
• With our professional indemnity insurers, brokers or advisors, and auditors, lawyers or risk managers who we or they may appoint;
• If we, acting in good faith, consider disclosure to be required by law or the rules of any applicable governmental, regulatory or professional body;
• We may share your corporate contact details with legal directories for the purpose of obtaining a reference in relation to the legal services we have provided to you. Where appropriate, we will confirm with you that you are willing to be contacted for this purpose. 

Should we be requested by certain authorities to provide them with access to your information in connection with the work we have done, or are doing, for you, we will comply with that request only to the extent that we are bound by law to do so and, in so far as it is allowed, we will notify you of that request or provision of information. 

In certain circumstances, solicitors are required by statute to make a disclosure to the National Crime Agency where they know or suspect that a transaction may involve a crime including money laundering, drug trafficking or terrorist financing. If we make a disclosure in relation to your matter(s), we may not be able to tell you that a disclosure has been made. Additionally, under certain national security laws, we may be prohibited from informing you that a request or a disclosure has been made. 

In addition, the Firm may disclose information about you in the following circumstances:

• In the event that we sell or buy any business or assets, in which case we may disclose your PI to the prospective seller or buyer of such business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction;
• If all or substantially all of the Firm's assets are acquired by a third party, in which case PI held by it about its customers will be one of the transferred assets;
• If we are under a duty to disclose or share your PI in order to comply with any legal, regulatory or professional obligation;
• If necessary to protect the vital interests of an individual; and/or
• To enforce or apply our terms and conditions or to establish, exercise or defend the rights of the Firm, Firm personnel, customers or others.

Holland & Knight is an international organization with offices in Algeria, Colombia, Mexico, the United Kingdom and the United States. To deliver services and products to you, it may be necessary for us to transfer your PI to our affiliated firms and our third party service providers located in the United States. In addition, authorized Firm personnel may access your information in any country in which we operate. 

We may transfer PI to countries outside the EEA or UK that have not been granted an adequacy decision by the European Commission (the "Commission") (in the case of transfers from the EEA) or the UK Government (in the case of transfers from the UK). Where PI that is subject to EU or UK data protection laws is transferred to and stored in a country not determined by the Commission or (as the case may be) the UK Government as providing adequate levels of protection for PI, we take reasonable steps to provide appropriate privacy and data protection safeguards to protect your PI by implementing standard contractual clauses approved by the European Commission or (as the case may be) the UK Government. 

If you would like further information about the specific data transfer mechanisms used by the Firm when transferring your PI out of the EEA or UK, please contact us using the Contact Information above.

The Firm uses industry standard technical, physical, procedural and organizational measures to protect PI from the point of collection to the point of destruction from unauthorized use, loss, alteration, destruction or modification. Such measures include:

• Protecting the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• Protecting the ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident;
• Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of collection and processing activities;
• User identification and authorization;
• Protection of data during storage and transmission, including encryption standards;
• Protecting physical security of locations where PI is processed or stored;
• Events logging and system configuration, including default configuration;
• Internal IT and IT Security governance and management;
• Certification and assurance of processes and products;
• Appropriate encryption, firewalls, access controls, policies and other procedures to protect information from unauthorized access; and
• Using the principles of least privileged access and 'need-to-know' procedures and controls. 

Where data processing is carried out on our behalf by a third party, we take steps to implement appropriate security measures to prevent unauthorized access or disclosure of information.

Unfortunately, the transmission of information in paper format via post mail or commercial delivery service provider, as well as transmission of information in digital format via the internet, is not completely secure. Although we will endeavor to protect your PI, we cannot guarantee the security of your data during transmission.

Your PI will not be kept for longer than is necessary for the purposes for which it was collected and processed.

In relation to the Sites, we will retain your PI for as long as your registration on the Sites is active or as needed to provide you with services or information you have requested.

In relation to our legal services, as a general rule, if we are no longer providing services to you, we will delete your data after 10 years following completion of the matter. However, different retention periods may apply for the purposes of complying with our legal, regulatory and accounting reporting obligations, and where necessary for the establishment or defense of legal claims. Following the end of the of the relevant retention period, we will securely delete or anonymise your personal data.

Depending on your geographical location and applicable privacy law, you may have specific privacy rights. These rights may include the following:

Do Not Sell My Personal Information (PI)

The Firm does not sell PI within the meaning of applicable privacy law. 

Right to Access

You may have the right to access PI which we may collect or retain about you. If requested, we shall provide you with a copy of your PI which we collect, as required by applicable privacy law. 

Right to Correct/Right to Rectify

We want to make sure your PI is accurate and up to date. You may ask us to correct, modify or remove information you think is inaccurate by contacting us using the Contact Information above, or by submitting your updated PI via the Sites you have registered for. Please keep us informed if your PI changes during your relationship with us.

Right to Data Portability

You may have the right to receive your PI in a structured and commonly used format so that it can be transferred to another entity or data controller (“data portability”). The right to data portability only applies where your PI is processed by us with your consent or for the performance of a contract, and when processing is carried out by automated means. 

Right to Deletion/Right to Be Forgotten

In certain circumstances, you have the right to request the erasure of your PI. Upon verifying the validity of a deletion request, we will delete your PI from our records, and instruct any service providers or third parties to delete your information, when applicable. Important exceptions to this Right to Deletion may apply. 

Right to Know/Right to Be Informed

You may have the right to request that we disclose the following about your PI, including:

• The specific PI we may collect;
• The categories of PI we may collect;
• The categories of sources from which we may collect your PI;
• The business purpose(s) for collecting or sharing your PI;
• The categories of PI we may disclose for business purposes; and
• The categories of third parties to whom we may share your PI. 

Right to Object

You have the right to object at any time to our processing of your PI for direct marketing purposes. 

You have the right to object, on grounds relating to your particular situation at any time, to the processing of your PI which is based on our legitimate interests. Where you object on this ground, we shall no longer process your PI unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. 

Right to Restrict Processing of Your Personal Information (PI)

You have the right to restrict the processing of your PI if you have contested to the accuracy of the data we hold about you and we are verifying the accuracy of your PI, or you have exercised your right to object and we are considering whether our legitimate grounds for processing override your interests. 

Please note that the above Section 19 rights are not absolute, and we may be entitled to refuse requests, wholly or partly, subject to applicable law. For example, we may refuse a request for erasure of PI where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defense of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive.

You can exercise any of your rights as described in this Notice and under applicable privacy laws by contacting us as provided in the Contact Information section above. We will not discriminate against you for exercising such rights. Except as described in this Notice or provided for under applicable privacy laws, there is no charge to exercise of your legal rights. 

UK or EEA Residents: You may also visit the Firm's GDPR Compliance Portal to exercise your rights. 

United States Residents: You may also visit the Firm's Your Privacy Rights Portal to exercise your privacy rights. 

However, if your requests are unfounded or excessive, in particular because of their repetitive character, we may either:

• Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
• Refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity. Where you claim to represent any other person in making a request, we will independently verify the fact of your representation with such person.

You may receive marketing communications from us if you are an existing client, or have requested information from us or registered to use the Sites and, in each case, where you have not opted out of receiving that marketing. We will obtain your consent to email marketing where affirmative opt-in to receive unsolicited marketing communications is required by law. Please refer to section 13. How We Use Your Information for more information.

You have the right to opt-out of receiving marketing communications from us at any time by:

• Contacting us using the Contact Information provided above;
• Using the "Unsubscribe" link provided in our marketing communications; or
• Visiting Subscription Management to unsubscribe from our communications.

The Sites are not directed at children, and we will not knowingly accept or request PI from individuals under the age of 16 years. If we learn that we have collected PI from a child under 16, subject to applicable law, we will either:

• Delete this information from our databases, in accordance with our deletion procedures; or
• Obtain verifiable parental consent, in accordance with the Children's Online Privacy Protection Act ("COPPA").

The Sites may, from time to time, contain links to and from the websites of our advertisers and affiliates, including social media networks. If you follow a link to any of these websites, please note that these websites have their own privacy policies, and the Firm does not accept any responsibility or liability for these policies. Please check these policies before you submit any PI to these websites.

If you have any questions or complaints regarding this Notice or our privacy practices, please contact us as provided in the Contact Information section above. 

If you are in located in the EEA or the UK, you also have the right to complain to the relevant supervisory authority. In the UK, this is the Information Commissioner’s Office ("ICO"). The ICO may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

If you are located in Colombia, you also have the right to complain to the relevant supervisory authority, the Superintendence of Industry and Commerce ("SIC") (https://www.sic.gov.co/).

If you are located in Mexico, you also have the right to file a complaint with the supervisory authority, the National Institute of Transparency, Access to Information and Protection of Personal Data ("INAI") (https:// home.inai.org.mx/).

From time to time, we may change this Notice. Any changes will be posted on this page with an updated revision date. If we make any material changes to this Notice, we will notify you by means of a prominent notice on our Sites prior to the change becoming effective. This Notice will be reviewed annually and updated, as necessary. The Firm’s General Counsel is responsible for maintaining, reviewing and updating this Privacy Notice.

 

Version	Date Reviewed	Date Approved	Document Owner	Description
1	05/21/2018	05/21/2018	Crystal Adkins	Initial Website Privacy Policy
2	07/14/2022	07/14/2022	Diane Del Re	Revised to Privacy Notice
3	08/01/2023	08/01/2023	Diane Del Re	Annual Review; Expansion of US Rights