California Consumer Privacy Act Notice
Last Updated: 1 January 2023
Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), Freshfields Bruckhaus Deringer LLP (“Freshfields,” the “firm,” “we,” “us,” or “our”) provides this California Consumer Privacy Act Notice (the “CCPA Notice”) to California residents (“consumer” or “you”). This CCPA Notice supplements the information provided in our Privacy Notice.
This CCPA Notice does not apply to information that we collect about our employees, job applicants, or other workers, which is covered by separate notices on our recruitment portal.
IF YOU ARE HAVING ANY TROUBLE ACCESSING THIS CCPA NOTICE OR THE WEBSITE OR SERVICES, PLEASE CONTACT US THROUGH THE METHODS PROVIDED AT THE END OF THIS CCPA NOTICE. We also have more information availability on our Accessibility web page.
CATEGORIES OF PERSONAL INFORMATION COLLECTED AND DISCLOSED
Under the CCPA, “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household. “Personal Information” does not include publicly-available information, deidentified or aggregated information, or information covered by certain sector-specific privacy laws. “Sensitive Personal Information” refers to information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages unless Freshfields is the intended recipient of the communication; genetic data; and biometric information.
In the following charts, we identify (1) the categories of Personal Information and Sensitive Personal Information (as listed in the CCPA) that we plan to collect and use, and have collected and used within the preceding 12 months; (2) the categories of recipients to which we have disclosed each category of Personal Information or Sensitive Personal Information for our operational business purposes within the preceding 12 months; and (3) the criteria we use to determine the retention period for each category of Personal Information or Sensitive Personal Information.
|
Category of Personal Information Collected |
Disclosed to Which Categories of Recipients for Operational Business Purposes |
Retention Period Criteria |
|
Identifiers such as name, postal address, online identifier, IP address, and email address |
|
We use the following criteria to determine the period of time for which we retain each category of Personal Information:
|
|
Personal information as defined in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, and contact information |
|
See above |
|
Characteristics of protected classifications under California or federal law |
|
See above |
|
Commercial information, including records of services obtained, financial details and payment information. |
|
See above |
|
Internet or other electronic network activity information, such as browsing history on our website and other interactions with our website, applications, and email communications |
|
See above |
|
Geolocation data, such as approximate location derived from IP address |
|
See above |
|
Audio, electronic, visual, or similar information, such as office security footage or recordings of select events, conferences, or meetings |
|
See above |
|
Professional or employment-related information |
|
See above |
|
Education information, (this category is defined to exclude any publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) |
|
See above |
Below, we provide this information related to Sensitive Personal Information:
|
Category of Sensitive Personal Information Collected |
Disclosed to Which Categories of Recipients for Operational Business Purposes |
Retention Period Criteria |
|
Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number |
|
We use the following criteria to determine the period of time for which we retain each category of Sensitive Personal Information:
|
|
We also may receive additional types of personal information in the course of performing client services, which may include:
|
|
See above |
In addition, we may disclose Personal Information (including Sensitive Personal Information) to government authorities or other parties to enforce our rights and comply with our obligations under applicable law, legal process, or government regulation.
We do not “sell,” and have not “sold,” personal information in the preceding 12 months, within the meaning of “sale” under the CCPA. For example, and without limiting the foregoing, we do not sell personal information of minors under the age of 16.
SOURCES OF PERSONAL INFORMATION
We collect this Personal Information (including Sensitive Personal Information) directly from you, and from the following types of sources: our clients, public registers and databases, court and public records, communication with third parties and other advisors involved in client matters, commercial databases, and event sponsors.
USE OF PERSONAL INFORMATION
As described in further detail in our Privacy Notice, we use this Personal Information for our business and operational purposes, such as providing legal services to our clients; complying with our applicable legal and regulatory obligations in the jurisdictions where we practice; performing business functions (e.g., record keeping, accounting, billing and tax compliance, auditing, business development, research, and data analysis); administering, optimizing, and protecting our website and other Solutions (as defined in our Privacy Notice); communicating with clients and prospective clients; and exercising and defending legal claims.
Freshfields may use Personal Information to generate deidentified data sets. To the extent Freshfields treats data as deidentified under the CCPA, Freshfields will maintain and use that data solely in deidentified form and will not attempt to reidentify that data with any individuals, other than to assess whether the deidentification process complies with applicable law or as otherwise permitted by applicable law.
CCPA RIGHTS
If you are a California resident, you may make certain requests under the CCPA, as described below:
Right to Know
You may request the following information covering the 12 months or other CCPA-specified period preceding our receipt of your request: (1) the categories of Personal Information we collected about you, and the categories of sources from which we collected your Personal Information; (2) the specific pieces of Personal Information we collected about you; (3) the business or commercial purposes for collecting Personal Information about you; (4) the categories of Personal Information that we disclosed about you, and the categories of third parties to whom the Personal Information was disclosed; and (5) the business or commercial purpose for our collection of your Personal Information.
Right to Deletion
You may request that we delete your Personal Information. Please note that deletion requests are subject to certain limitations; for example, we may retain Personal Information as permitted by law, such as for tax or other record keeping purposes, and consistent with our professional responsibility obligations.
Right to Correct
You may request the correction of Personal Information we maintain about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.
Right to Opt-Out of Sale and Sharing
We do not sell or share, and have not sold or shared, your Personal Information in the preceding 12 months, within the meaning of “sale” and “share” as those terms are defined under the CCPA. Furthermore, and without limiting the foregoing, we do not sell or share the Personal Information of minors under the age of 16.
Right to Limit the Use of Your Sensitive Personal Information
You have the right to limit the use or disclosure of your Sensitive Personal Information (“SPI”) if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services or other CCPA-approved purposes. You can make a request for us to limit the use or disclosure of your SPI by visiting the following Internet Web page: “Limit the Use of My Sensitive Personal Information.”
Right to Non-Discrimination
If you exercise your CCPA rights, you have the right to be free from unlawful discriminatory treatment. If you ask us to delete your Personal Information, however, please be aware that it may impact our ability to provide our services to you, including our legal advisory services.
EXERCISING YOUR RIGHT TO KNOW, DELETE, OR CORRECT
You may submit a Request to Know, Request to Delete, and/or Request to Correct by emailing us at dataprivacy@freshfields.com, or contacting us by telephone at 1 (833) 699-1579.
Before we respond to a communication or request, we may take certain steps to verify the requestor’s identity. Where we have reasonable doubts concerning the identity of the person making the request, or the authenticity of a request, we may request additional information to verify your identity and protect against fraudulent requests.
In order to facilitate this process and to enable us to assist you, please ensure that you include in your request the type of request you are making, as well as your name, e-mail and telephone number. We will contact you if further information is required to process your request. We will use your information only to verify your request by attempting to match your information to our internal records. If you are a client, please also indicate the name(s) of the Freshfields Bruckhaus Deringer attorney(s) with whom you have worked.
You may authorize another person (your “agent”) to submit a request on your behalf. We may ask your agent to provide proof of their status as an authorized agent. Please note that we may also contact you directly to verify your identity and to confirm that your agent has been properly authorized where we have not received a power of attorney authorizing the agent to act on your behalf.
There is generally no charge for the exercise of your CCPA rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee based on the administrative costs of providing the information or taking the action requested, or (b) refuse to act on the request.
DO NOT TRACK
We do not monitor or follow “Do Not Track” (DNT) signals because there is no standard interpretation or practice for DNT signals. As explained above, however, we do not “sell” or “share” Personal Information as those terms are defined under the CCPA.
UPDATES TO THIS CCPA NOTICE
We may periodically update this CCPA Notice. Please reference the “Last Updated” date at the top of this page to see when it was last revised and posted. Any changes to this CCPA Notice will become effective when posted.
CONTACTING US
If you have questions about our privacy practices or this CCPA Notice, please contact us at dataprivacy@freshfields.com.