Cohen & Gresser Privacy Policies

  1. Cohen & Gresser LLP – US Privacy Policy
  2. Cohen & Gresser (UK) – UK Privacy Policy
  3. Cohen & Gresser – EU Privacy Policy

Cohen & Gresser LLP – US Privacy Policy

Last Updated July 2024

Transparency is important to us at Cohen & Gresser LLP. That’s why our Privacy Policy (the “Policy”) aims to be clear about the types of information we collect, what we do with that information, and our data protection and storage practices.

We take your privacy very seriously. Please read this Policy carefully as it contains important information on what information we collect and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us if you have a complaint.

The Policy describes our privacy practices regarding information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household (“Personal Information”). We collect certain Personal Information during the course of providing services for an engagement or potential engagement, and from our website, social media, emails, in-person meetings, or other sources, as well as your choices with regard to use, access, and amendments of information relating to you.

We collect some Personal Information automatically, for example some limited website or social media interactions when Personal Information is involved. If this occurs, this information is used for statistical purposes only. Otherwise, all of your Personal Information is given directly to us by you. We disclose your Personal Information to third parties only to the extent necessary to help us serve you, to market our legal services to you more effectively, or to comply with our legal obligations.

By using our website, interacting with us on social media, clicking on our HTML-formatted emails, or by providing Personal Information to us in any other way, you agree to the collection and processing of your Personal Information as set out in this Policy.

Please note that we do not request or collect or otherwise process Personal Information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

1. How do we collect and process your Personal Data

1.1 Information you provide

We collect the Personal Information you voluntarily provide to us from time to time via email or other means of communication, in particular when:

  • we (or a member of our firm) handle a legal matter on your behalf and need to take your Personal Information as part of providing services to you; or
  • we (or a member of our firm) otherwise enter into a business relationship with you; or
  • you give your business card to a member of our firm; or
  • you interact with the firm’s website or social media; or
  • you apply for a position at our firm; or
  • you send an email to us (or a member of our firm) for any reason; or
  • you submit a form to subscribe to or receive marketing or other content from us.

Such Personal Information may include, among other things:

  • your first and last name;
  • your address;
  • your date of birth;
  • your company/organization;
  • your title/position;
  • your telephone numbers and email addresses;
  • the country where you are located;
  • the type of assistance required and/or your message;
  • your CV, letter of recommendation, qualifications, etc.;
  • your financial information, including payment-related information.

Such information is used for the following purposes:

  • Engaging with you to assess whether or not we can provide legal services to you or your business, organization etc;
  • Answering your inquiries and requests, including questions regarding our firm and policies, requests for marketing communications, and recruitment queries;
  • Providing and improving our services to our clients, including in relation to legal services and advice;
  • Contacting you via marketing communications, such as client alerts, press releases, and event invitations;
  • Updating our contact lists to ensure accurate information and areas of interest;
  • Recruitment purposes;
  • Improving our services, including through data analytics, audits, and fraud detection.

This processing is necessary:

  1. for the provision of our services and the fulfillment or performance of an agreement with you; or
  2. for our other legitimate purposes under applicable laws.

Personal Information is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.

1.2 Direct marketing

We may, from time to time, send you direct communications including news regarding our firm, invitations to events or articles written by our attorneys.  You must communicate an email address in order to subscribe to any of our newsletters and client alerts.  You can choose to unsubscribe at any time, either by clicking on the link provided at the bottom of our newsletters or client alerts, or by sending us a request to that effect.

1.3 Information collected automatically and cookies

When you visit our website, the following information about your visit is automatically collected by us:

  • your computer’s or mobile device’s operating system;
  • the application or software that you used to access our website;
  • your Internet Protocol (“IP”) address;
  • the time you accessed our website;
  • the device type with which you accessed our website;
  • your browser type and language configuration;
  • the website you visited before accessing our website;
  • the pages visited and how long each page was accesses for.

These features may collect your IP address and the page of origin from our website and may set a cookie to enable the feature to function properly.

The aim of the automatic collection and processing of the information described above is to obtain visit statistics in order to improve our website and your experience as a client or user of our website. In particular, we use IP addresses to analyze trends, administer the website, and gather broad audience and visitor statistics for aggregate use. Such Personal Information is processed to further our legitimate purposes including to enable us to enhance our website for the benefit of our clients and marketing communications effectiveness.  Personal Information is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.

1.4 Cookies

A cookie is a piece of data stored on your device containing information related to your visit on our website.

You may, at any time, modify, delete, or block the cookies stored on your device when visiting our website. Please note that some functionality of the website may be impaired as a result.  Please refer to your browser’s documentation to learn how to proceed.

The use of cookies facilitates the operation of the website and improves the website.

By visiting the website without disabling this function, you expressly consent to the use of cookies.

The storage duration of cookies differs depending on the cookie but is never longer than ninety (90) days.

Our server may re-send cookie requests for subsequent visits in order to authenticate the user.

2. Links to third party sites and Google Analytics

Our website contains links to other sites.

Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to read the privacy statements of each and every website that collects Personal Information.

Please note that we use a tool called “Google Analytics” to collect information about the use of our website.

Google Analytics collects website use information regarding how often users visit the website, what pages they visit when they do so, and what other sites they used prior to coming to our website. We use the information we get from Google Analytics to improve our website. Google Analytics collects only the IP address assigned to you on the date you visit our website, rather than your name. Google’s ability to use and share information collected by Google Analytics about your visits to the website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to the website by disabling cookies on your browser.

3. Sharing with third parties

As members of a global firm, we may share your Personal Information with other Cohen & Gresser entities throughout the world.

We may disclose your Personal Information to another Cohen & Gresser entity (i) for purposes of outsourcing one or more of the functions described above; (ii) to confirm or update information provided by you; or (iii) for other purposes disclosed at or before the time the information is collected.

We may also disclose your Personal Information with certain trusted third parties, including IT providers, software providers, and other service providers and vendors:

  1. when legally required to do so; or
  2. when utilizing third party vendors to host and secure data during the regular course of doing business.

We disclose this Personal Information for the business purposes described in section 1 above.

4. Transfers

We operate our services through Cohen & Gresser LLP in the United States. This means that your Personal Information is processed and stored on a server located in the United States.

By accessing our website or otherwise voluntarily providing us with information, you consent to having your data transferred and processed in the United States.

In order to ensure the lawfulness of these transfers, we have executed and implemented the European Commission Standard Contractual Clauses for controller-to-controller transfers set by Decision 2004/915/EC and/or we will follow the UK GDPR and or from the 12 October 2023 the UK-US Data Bridge. The Standard Contractual Clauses provide for adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights, and are fully implemented by all entities of Cohen & Gresser and the UK-US Data Bridge adopts adequate measures to protect data between non-EU countries.

5. Security measures

We attempt to protect against the loss, misuse and alteration of your Personal Information and have implemented reasonable administrative, technical, and physical measures to protect your Personal Information, both online and offline. While we have strict procedures in place to safeguard your Personal Information, we cannot guarantee the safety of Personal Information or any transfer of such data which takes place outside of C&G networks. If you have specific questions regarding our security measures, please email privacygroup@cohengresser.com

6. Additional Disclosures under the California Consumer Protection Act (for California Residents)

6.1 Information Collection and Use

Within the last twelve (12) months, Cohen & Gresser has collected from one or more consumers, as that term is used in the California Consumer Protection Act of 2018, as amended (“CCPA”), the categories of Personal Information identified with the word “YES” in the following chart.  Also set out below is the period of time for which Cohen & Gresser retains each category of Personal Information and whether it sells or shares such information within the meaning of the CCPA.

Category Examples Collected Retention Period Sold or Shared
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. YES 10 years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. NO
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I). A name, signature, address, telephone number, employment, bank account number, credit card number, debit card number, or any other financial information. YES 10 years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. NO
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES 10 years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. NO
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES Duration of relationship, unless it is no longer necessary for the purposes for which it was collected. NO
G. Geolocation data. Physical location or movements. No NO
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO NO
I. Professional or employment-related information. Current or past job history or performance evaluations, information we collect as part of our intake processes for new clients, information provided to us by our clients or obtained in the course of providing legal services to our clients YES Five years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. YES Five years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO NO

Cohen & Gresser does not sell or share consumers’ Personal Information as those terms are used in the CCPA.

In the preceding twelve (12) months, Cohen & Gresser has disclosed the following categories of personal information for a business purpose to software providers and vendors:

  • Identifiers
  • Personal information
  • Commercial information
  • Internet or other similar network activity
  • Professional or employment-related information.
  • Non-public education information

In the preceding twelve (12) months, Cohen & Gresser has also disclosed the following categories of Personal Information for a business purpose to regulatory bodies, law enforcement agencies, and aligned and opposing counsel in legal matters:

  • Identifiers
  • Personal information
  • Commercial information
  • Professional or employment-related information.

We disclose your Personal Information for the Business Purposes described in Section 1.

6.2 Rights Regarding Personal Information.

You have the following rights regarding your Personal Information processed by us.

(a) Access and Portability Rights

You may request that Cohen & Gresser disclose certain information to you about our collection and use of your personal information over the past 12 months, as well as any additional such information dating back to January 1, 2022. Once we confirm your request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties to whom we disclose that personal information.
  • The specific pieces of personal information we collected about you.
  • If we disclosed your Personal Information for a Business Purpose, a list disclosing:
    • disclosures for a Business Purpose, identifying the Personal Information categories that each category of recipient obtained.

In some cases, we may not be able to provide information related to a period longer than twelve (12) months preceding the request, where doing so would be impossible or require disproportionate effort.

(b) Deletion or Correction Request Rights

You have the right to request that Cohen & Gresser delete, subject to certain exceptions, any of your Personal Information that we retained after we collected, used, or processed it from you. You also have the right to correct inaccurate Personal Information we maintained. After confirming your request, we will use commercially reasonable efforts to correct inaccurate information, or, if requested, delete your retained Personal Information, unless an exception applies. We will direct our service providers, contractors, and any third parties to whom we may have disclosed your Personal Information to do the same, unless doing so would be impossible or require disproportionate effort.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s), contractor(s), or third parties to:

  • Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the ability to complete such research, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which the consumer provided the information.
  • Comply with a legal obligation.

Please refer to the C&G UK privacy policy for additional rights you may have under the UK General Data Protection Regulation (“UK GDPR”).

7. Children and minors

In accordance with the relevant provisions of the Children’s Online Privacy Protection Act, we do not knowingly collect any information, including any Personal Information, from anyone under 13 years of age.

8. Changes to this Policy

When necessary, we will make changes to the Policy.  When we do so, we will note the date of update at the top of the Policy, and the changes are effective as of that date. If at any point we decide to use Personal Information for purposes incompatible with those stated at the time it was collected, we will make reasonable efforts to notify users of the change by sending a message to your email address or by displaying a banner requesting users’ consent to this change for two weeks before the change takes place. If you have any questions relating to the changes we make to the Policy, please email privacygroup@cohengresser.com.

Contact us / Exercise your rights

Only you or you authorized representative may make a verifiable consumer request concerning your Personal Information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The request must:

  • Provide information sufficient to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
  • Describe your request with sufficient detail to allow us to evaluate and respond to it.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable consumer request, as well as any additional available information dating back to January 1, 2022. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we plan to charge a fee, we will inform you of our rationale and the estimated cost before completing your request.

If you have any questions regarding this Policy or wish to exercise one of your rights detailed above, including to make a subject access request, please email privacygroup@cohengresser.com.

You may also contact us in writing at:

Attn: Privacy Group
Cohen & Gresser LLP
800 Third Avenue
New York, New York 10022

Back To Top↑

Cohen & Gresser (UK) – UK Privacy Policy

Last Updated April 2024

Transparency is important to us at Cohen & Gresser. That’s why our Privacy Policy (the “Policy”) aims to be clear about the types of information we collect, what we do with that information, and our data protection and storage practices.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities if you have a complaint.

The Policy describes our privacy practices regarding information collected from our website, social media and other sources, and HTML-formatted emails that link to the Policy, as well as your choices with regard to use, access, and amendments of information relating to you as an identified or identifiable natural person (“Personal Data”). We collect some Personal Data automatically, for example some limited website or social media interactions when personal data is involved. If this occurs, this information is used for statistical purposes only. Otherwise, all of your Personal Data is given directly to us by you.

Clients of this firm should read this policy alongside our Terms of Business, which provide further information on confidentiality in respect of clients and outline our approach to storage of Personal Data including sharing and deletion in due course.

We only share this information with other Cohen & Gresser entities and to third parties to the extent necessary to help us serve you under a contract for services, to market our legal services to you more effectively, or to comply with our legal obligations. By using our website, interacting with us on social media, clicking on our HTML-formatted emails, or by providing Personal Data to us in any other way, you agree to the collection and processing of your Personal Data as set out in this Policy.

Please note that we do not request, collect, or otherwise process Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

1. How do we collect and process your Personal Data

1.1 Information you provide We collect the Personal Data you voluntarily provide to us from time to time via email or other means of communication, in particular when:

  • we (or a member of our firm) handle a legal matter on your behalf and need to take your Personal Data as part of providing services to you; or
  • we (or a member of our firm) otherwise enter into a business relationship with you; or
  • you give your business card to a member of our firm;
  • you apply for a position at our firm;
  • you send an email to us (or a member of our firm) for any reason.

Such Personal Data may include your first/last name, date of birth, address, company/organization name, your functions, telephone numbers, email address, country, type of assistance required and/or your message, CV, letter of motivation, letter of recommendation, qualifications, etc. Such information is used for the following purposes:

  • Engaging with you to assess whether or not we can provide legal services to you or your business, organization, etc;
  • Answering your inquiries and requests, including questions regarding our firm and policies, requests for marketing communications, and recruitment queries;
  • During the course of our business, including in relation to legal services and advice;
  • Contact you via marketing communications, such as client alerts, press releases, and event invitations;
  • Updating our contact lists to ensure accurate information and areas of interest;
  • Recruitment purposes;
  • Improving our services, including through data analytics, audits, and fraud detection.

This processing is necessary:

  • for the provision of our services and the fulfillment or performance of an agreement with you; or
  • for our other legitimate purposes under applicable laws, including but not limited to complying with our Anti-Money Laundering, Sanctions, and professional rules.

Personal Data is retained as long as necessary in order to fulfil the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose. We delete Personal Data periodically and you should note we may delete Personal Data without notice to you.

Where the Money Laundering Regulations 2017 (MLR 2017) apply we must identify and verify our client’s identity. We will ask questions designed to achieve identification and in some cases to ensure the funds for your instruction are from legitimate sources of funds and your wealth has been obtained lawfully.

1.2 Direct marketing We may, from time to time, send you direct communications including news regarding our firm, invitations to events or articles written by our attorneys. You must communicate an email address in order to subscribe to any of our newsletters and client alerts. You can choose to unsubscribe at any time, either by clicking on the link provided at the bottom of our newsletters or client alerts, or by sending us a request to that effect.

1.3 Information collected automatically and cookies When you visit our website, the following information about your visit is automatically collected by us:

  • your computer’s or mobile device’s operating system;
  • the application or software that you used to access our website;
  • your Internet Protocol (“IP”) address;
  • the time you accessed our website;
  • the device type with which you accessed our website;
  • your browser type and language configuration;
  • the website you visited before accessing our website;
  • the pages visited and how long each page was accessed for.

Our website may also contain social media features, such as a LinkedIn ‘Follow’ button. These features may collect your IP address and the page of origin from our website and may set a cookie to enable the feature to function properly. The aim of the automatic collection and processing of the information described above is to obtain visit statistics in order to improve our website and your experience as a client or user of our website. In particular, we use IP addresses to analyze trends, administer the website, and gather broad demographic information for aggregate use. Such Personal Data is processed to further our legitimate purposes including to enable us to enhance our website and social media features for the benefit of our clients and the firm. Personal Data is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.

1.4 Cookies A cookie is a piece of data stored on your device containing information related to your visit on our website. You may, at any time, modify, delete, or block the cookies stored on your device when visiting our website. Please note that some functionality of the website may be impaired as a result.  Please refer to your browser’s documentation to learn how to proceed. The use of cookies facilitates the operation of the website and improves the website. By visiting the website without disabling this function, you expressly consent to the use of cookies. The storage duration of cookies differs depending on the cookie, but is never longer than ninety (90) days.

1.5 Third Party

We may also collect information from publicly accessible sources, e.g. Companies House or HM Land Registry, directly from a third party, e.g.:

  • sanctions screening providers;
  • credit reference agencies;
  • client due diligence providers;

from a third party with your consent, e.g.:

  • your bank or building society, another financial institution or advisor;
  • your company or employing entity, any professional body or pension administrators;
  • your doctors, medical and occupational health professionals;

our information technology (IT) systems, e.g.:

  • via our case management, document management and time recording systems;
  • from door entry systems and reception logs;
  • through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

1.6 Common Data Collection Examples

The table below summarizes the Personal Data we collect, or may collect, in respect of client instructions. The table below is illustrative, and thus not exhaustive,  so the general commentary above applies but these examples are designed to aid your understanding of our use of Personal Data. If you are unsure of how it applies in your case please ask us.

Personal data we will collect Personal data we may collect depending on why you have instructed us
Your name, address and telephone number Your National Insurance and tax details
Information to enable us to check and verify your identity, e.g. your date of birth or passport details for anti-money laundering and sanctions compliance Your bank and/or building society details
Electronic contact details, e.g. your email address and mobile phone number Details of your professional online presence, e.g. LinkedIn profile
Information relating to the matter in which you are seeking our advice or representation Details of your spouse/partner and dependents or other family members, e.g. if you instruct us on a matter when such details are required
Information to enable us to undertake a credit or other financial checks on you Your employment status and details including salary and benefits if relevant to the instruction of the firm to assist you in a legal matter
Your financial details so far as relevant to your instructions, e.g. the source of your funds if you are instructing on a purchase transaction Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information, e.g. if you instruct us on a matter to which these details are relevant such as sanctions compliance or challenges
Information about your use of our IT, communication and other systems, and other monitoring information using website cookies Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances, e.g. if you instruct us on matter related to your employment or in which your employment records are relevant
Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs, e.g. if you instruct us on discrimination or sanctions challenge piece of litigation

We collect and use this personal data to provide services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing those services.

2. Links to third party sites and Google Analytics

Our website contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to read the privacy statements of each and every website that collects Personal Data. Please note that we use a tool called “Google Analytics” to collect information about the use of our website. Google Analytics collects website use information regarding how often users visit the website, what pages they visit when they do so, and what other sites they used prior to coming to our website. We use the information we get from Google Analytics to improve our website. Google Analytics collects only the IP address assigned to you on the date you visit our website, rather than your name. Google’s ability to use and share information collected by Google Analytics about your visits to the website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to the website by disabling cookies on your browser.

3. Sharing with third parties

As members of a global firm, we will share your Personal Data with other Cohen & Gresser entities throughout the world including therefore our entities in the United States, the European Union and the United Kingdom (Our Locations). We may disclose your Personal Data to another Cohen & Gresser entity (i) for purposes of outsourcing one or more of the functions described above; (ii) to confirm or update information provided by you; or (iii) for other purposes disclosed at or before the time the information is collected. We may also share your Personal Data with some selected third parties including software providers and vendors who may be based in any of Our Locations (or locations such as, but not limited to, the European Economic Area (EEA), when the data will be secured to levels consistent with the security in Our Locations and with the UK GDPR:

  • when legally required to do so; or
  • when utilizing third party vendors to host and secure – but not process – data during the regular course of doing business.

4. Transfers

We operate our services through Cohen & Gresser LLP in the United States. This means that your Personal Data is processed and stored on a server located in the United States. By accessing our website or otherwise voluntarily providing us with information, you consent to having your data transferred and processed in the United States.

In order to ensure the lawfulness of these transfers, we have executed and implemented the European Commission Standard Contractual Clauses for controller-to-controller transfers set by Decision 2004/915/EC and/or we will follow the UK GDPR and/or from 12 October 2023,UK-US Data Bridge. The Standard Contractual Clauses by the EC provide for adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights, and are fully implemented by all entities of Cohen & Gresser and the UK-US Data Bridge adopts adequate measures to protect data between non-EU countries.

5. Security measures

We attempt to protect against the loss, misuse and alteration of your Personal Data and have implemented reasonable administrative, technical, and physical measures to protect your Personal Data, both online and offline. While we have strict procedures in place to safeguard your Personal Data, we cannot guarantee the safety of Personal Data or any transfer of such data which takes place outside of C&G networks. If you have specific questions regarding our security measures, please email privacygroup@cohengresser.com

As a general rule, we will keep your Personal Data in our matter file (electronic) for at least seven (7) years from the conclusion of your matter, in case you, or we, need to bring or defend any complaints or claims.

6. Rights with regard to your Personal Data

You have the following rights regarding your Personal Data processed by us.

(a) Right of access: You may request access to your Personal Data that we collect and process about you. This is called a data subject access request and you can make a request about your Personal Data by writing to us using the contact details below.  We may require further information from you in order to verify your identity before giving you access to or disclosing any Personal Data to you.  Should you request such an access, we will provide you with a copy of all your Personal Data in our possession as well as all legally required information, including:

  • the purposes of the processing;
  • the categories of Personal Data concerned;
  • the recipients to whom the Personal Data have been or will be disclosed;
  • the duration of storage of the Personal Data; and
  • further information on your rights regarding your Personal Data.

(b) Right to data portability: You have the right to data portability of your Personal Data. This right differs from your right to access, since it only relates to the Personal Data you provided us with (for example, automatically collected data is not included). This right allows you to receive this Personal Data in a structured, commonly used and machine-readable format in order for you to be able to transfer this Personal Data to another data controller or processor.

(c) Right to rectification: You may, at any time, request that we rectify inaccurate or incomplete Personal Data concerning you, and we will proceed accordingly and promptly.

(d) Right to deletion (‘right to be forgotten’): You may request the deletion of your Personal Data provided that one of the following conditions apply:

  • your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • there is no statutory or legal basis requiring us to maintain your Personal Data;
  • you withdraw your consent for the processing and there is no other legal ground for the processing (this only relates to the Personal Data collected via the contact form or for our newsletter purposes. Please note for client data we are obligated by legislation or by our professional indemnity insurance or regulatory obligations to retain some data even after consent is withdrawn and will do so under the legitimate interest basis);
  • you exercise your right to object to the processing of your Personal Data, as detailed in section 6.5;
  • your Personal Data was unlawfully processed; or
  • your Personal Data has to be erased to comply with a legal obligation to which we are subject.

(e) Right to object: Where your personal situation justifies it, you may object to the processing of your Personal Data by us when this processing is carried out in our legitimate interests. You may also, at any time, object to the processing of your Personal Data by us when this processing is carried out for marketing purposes.

(f) Right to restriction of processing: You may ask for the restriction of the processing of your Personal Data when one of the following applies:

  • where you dispute the accuracy of your Personal Data, you can request the restriction of the processing of your Personal Data for the period required to verify your claim;
  • where the processing is unlawful, you may choose to request the restriction of the use of your Personal Data instead of requesting its erasure;
  • if we no longer need your Personal Data for the purpose of the processing, but you require this data for the establishment, exercise or defense of legal claims; or
  • where you objected to the processing of your Personal Data carried out in our legitimate interests, you may request the restriction of this processing while we investigate your claim.

If and when you notify us of a rectification or deletion of your personal data or a restriction of processing, we will attempt to notify each recipient to whom your Personal Data has been disclosed (unless this proves impossible or involves a disproportionate effort).

(g) Right to lodge a complaint: Please note that you always have the right to lodge a complaint regarding a breach of your rights in relation to your Personal Data with the competent supervisory authority.

7. Children and minors

Children under the age of 18 are not eligible to use our website or to provide their Personal Data to us in any way. We recognize the privacy interest of children. In accordance with the relevant provisions of the Children’s Online Privacy Protection Act, a federal law in the United States, we do not knowingly collect any information, including any personally identifiable information, from anyone under 13 years of age. Our website and services are directed to persons who are at least 13 years old or older.

8. Changes to this Policy

When necessary, we will make changes to the Policy.  When we do so, we will note the date of update at the top of the Policy, and the changes are effective as of that date. If you have any questions relating to the changes we make to the Policy, please email privacygroup@cohengresser.com.

Contact us / Exercise your rights

If you have any questions regarding this Policy or wish to exercise one of your rights detailed above, including to make a subject access request, please email privacygroup@cohengresser.com. You may also contact us in writing at: Attn: Privacy Group Cohen & Gresser LLP, 800 Third Avenue New York, New York 10022 or by telephone on +1 212 957 7600.

Back To Top↑

Cohen & Gresser EU Privacy Policy

Last Updated December 2024

Transparency is important to us at Cohen & Gresser. That’s why our Privacy Policy (the “Policy”) is clear about the types of information we collect, what we do with that information, and our data protection and storage practices.

We take your privacy very seriously. Please read this Policy carefully as it contains important information on what data we collect and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us if you have a complaint.

The Policy describes our privacy practices regarding information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household (“Personal Data”).

This Policy governs the Personal Data processing carried out by our Paris Office as well as the Personal Data processing carried out by other Cohen & Gresser entities regarding data subjects who are established in the European Union, in accordance with French and EU applicable laws and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and Statute 78-17 of January 6, 1978, on information technology, data files and civil liberties, as amended (hereinafter together the “Personal Data Regulation“).

Personal Data processing governed by U.S data privacy laws are described in our US privacy policy and those falling within the scope of UK data privacy laws are described in our UK privacy policy.

We collect certain Personal Data during the course of providing services for an engagement or potential engagement, and we also collect certain Personal Data (as well as your choices with regard to use, access, and amendments of information relating to you) from our website, social media, emails, in-person meetings, or other sources. We collect some Personal Data automatically, through limited website or social media interactions where Personal Data are involved.  Otherwise, all of your Personal Data are given directly to us by you.

We disclose your Personal Data to third parties only for the limited purposes of, and to the extent necessary to help us serve you, to market our legal services to you more effectively, or to comply with our legal obligations. If we need to process your Personal Data for purposes other than those listed in this Policy, you will be informed of it in advance and we will take all additional steps that may be necessary to ensure legal compliance with Personal Data Regulation of any processing carried out.

By using our website, interacting with us on social media, clicking on our HTML-formatted emails, or in any other way providing Personal Data to us, you agree to the collection and processing of your Personal Data as set out in this Policy.

1. Who is responsible for the processing of your Personal Data?

The data processing is carried out by or on behalf of the Cohen & Gresser entity which collected your Personal Data. Such entity may further share information with the whole Cohen & Gresser organization in accordance with the safeguards provided in this Policy. If you want to contact Cohen & Gresser or its data protection officer, please refer to Section 11.

2. What Personal Data do we collect?

2.1 Information you provide

We collect the Personal Data you voluntarily provide to us from time to time via email or other means of communication, in particular when:

  • we (or a member of our firm) handle a legal matter on your behalf and need to take your Personal Information as part of providing services to you; or
  • we (or a member of our firm) otherwise enter into a business relationship with you; or
  • you give your business card to a member of our firm; or
  • you apply for a position at our firm; or
  • you interact with the firm’s website or social media; or
  • you send an email to us (or a member of our firm) for any reason; or
  • you submit a form to subscribe to or receive marketing or other content from us.

Such Personal Data may include, among other things: your first/last name, your address, your date of birth, your company/organization, your title/position, your telephone numbers and email addresses, the country where you are located, the type of assistance required and/or your message, your CV, letter of recommendation, qualifications, your financial information, including payment-related information, etc.

Where money laundering regulations apply, we must identify and verify our client’s identity. We will ask questions designed to achieve identification and, where appropriate, ensure the funds received pursuant to your instructions are from legitimate sources and have been obtained lawfully.

2.2 Direct marketing

We may, from time to time, send you direct communications with news regarding our firm, invitations to events or articles written by our attorneys.

You must communicate an email address to subscribe to any of our newsletters and client alerts.

You can choose to unsubscribe at any time, either by clicking on the link provided at the bottom of our newsletters or client alerts, or by sending us a request to that effect.

2.3 Information automatically collected

When you visit our website, the following information about your visit is automatically collected by us:

  • your computer’s or mobile device’s operating system;
  • the application or software that you used to access our website;
  • your Internet Protocol (“IP”) address;
  • the time you accessed our website;
  • the device type with which you accessed our website;
  • your browser type and language configuration;
  • the website you visited before accessing our website;
  • the pages visited and how long each page was accesses for.

These features may collect your IP address and the page of origin from our website and may set a cookie to enable the feature to function properly.

2.4 Cookies

A cookie is a piece of data stored on your device containing information related to your visit on our website.

You may, at any time, modify, delete, or block the cookies stored on your device when visiting our website. Please note that some functionality of the website may be impaired as a result.  Please refer to your browser’s documentation to learn how to proceed.

Information about cookies is available in our cookie policy.

2.5 Third-Party data sources

We may be led to collect Personal Data from publicly accessible sources (e.g. online registers), or from other third-parties (e.g. bank, financial institution or advisor, professional body, pension administrator, etc.) who are in a position to share them with us legitimately.

3. Why do we collect and process your Personal Data, how do we justify the processing and for how long do we retain your Personal Data?

3.1 Processing Purpose and Legal Basis

PROCESSING PURPOSE LEGAL BASIS
Engaging with prospects to assess whether or not we can provide legal services to you or your business or organization. Pre-contractual measures (processing necessary in order to take steps at your request prior entering into a contract).
Management of our relationship with our client, including performance of the matters entrusted to us, provision of legal services, contract, billing and accounting management, monitoring of our contractual relationship with you, communication with you about the matter you have entrusted to us. Performance of a contract with you; or

Compliance with our legal obligations.
Answering our clients, prospects or applicants inquiries and requests, including questions regarding our firm and policies, requests for marketing communications, and recruitment queries. Legitimate interest.
Contacting clients or prospects via marketing communications including client alerts, press releases, and event invitations, among other communications Legitimate interest (regarding direct marketing communication in relation to services similar to those you have subscribed to) or consent in all other cases.
Improving our services (in particular our website), including through data analytics, surveys, audits, and fraud detection Legitimate interest; or

Consent.
Recruitment process, including registration and filing of CVs and cover letters, management of recruitment processing, analysis and evaluation of applications, sending of responses to applications. Legitimate interest; or

Pre-contractual measures (processing necessary in order to take steps at your request prior entering into a contract).
Management of requests to exercise your rights (registration, communications with you, excerpts of required information). Compliance with our legal obligations.
Management of requests from public or judicial authorities and communications with authorities. Compliance with our legal obligations.
Storing invoices and other mandatory documents for the management of our general accounting and tax obligations. Compliance with our legal obligations.

 

3.2 Retention

Data retention periods vary according to the purpose for which the data was processed.  We retain your Personal Data for as long as is necessary to fulfill the purposes for which it was collected and processed, but in no case longer than 7 years.  To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data, and the applicable legal requirements.

4. Links to third party sites

Our website contains links to other sites.

Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects Personal Data. This privacy policy applies solely to information collected by this website.

5. Sharing data with other Cohen & Gresser entities

As members of a global firm, we may share your Personal Data with other Cohen & Gresser entities throughout the world.

We may disclose your Personal Data to another Cohen & Gresser entity (i) for the purposes of outsourcing one or more of the functions described above; (ii) to confirm or update information provided by you; or (iii) for other purposes disclosed at or before the time the information is collected.

We may share your Personal Data with third parties on the basis of contractual arrangements which include data protection obligations consistent with the requirements arising out of Data Protection Regulation and this Policy:

  • when legally required to do so;
  • when utilizing third party vendors to host and secure data during the regular course of doing business.

We only disclose this Personal Data for the business purposes described in Section 2 above.

6. Transfers

We operate our services through Cohen & Gresser LLP in the United States. This means that your Personal Data is processed and stored on a server located in the United States.

By accessing our website or otherwise voluntarily providing us with information, you expressly consent to having your data transferred and processed in the United States.

In order to ensure the lawfulness of these transfers, we have executed and implemented the European Commission Standard Contractual Clauses for controller-to-controller (Module 1) transfers set by Decision 2021/914 of 4th June 2021. The Standard Contractual Clauses provide for adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights, and are fully implemented by all entities of Cohen & Gresser.

7. Security measures

We attempt to protect against the loss, misuse and alteration of your Personal Data and have implemented reasonable administrative, technical, and physical measures to protect your Personal Data, both online and offline. While we have strict procedures in place to safeguard your Personal Data, we cannot guarantee the safety of Personal Data or any transfer of such data which takes place outside of C&G networks. If you have specific questions regarding our security measures, please email privacygroup@cohengresser.com

8. Rights with regard to your Personal Data

You have the following rights regarding your Personal Data that is collected and processed by us.

We will attempt to notify each recipient to whom your Personal Data has been disclosed (unless this proves impossible or involves disproportionate effort) when you notify us of a rectification or erasure of your Personal Data or a restriction of processing.

(a) Right of access:  You may request access to your Personal Data that we collect and process. We may require further information from you in order to verify your identity before giving you access to or disclosing any Personal Data to you.

Should you request such access, we will provide you with a copy of all your Personal Data in our possession as well as all legally required information, including:

  • the purposes of the processing;
  • the categories of Personal Data concerned;
  • the recipients to whom the Personal Data have been or will be disclosed;
  • the duration of storage of the Personal Data; and
  • further information on your rights regarding your Personal Data.

(b) Right to data portability:  You have the right to data portability of your Personal Data. This right differs from your right to access since it only relates to the Personal Data you provided us with (for example, automatically collected data is not included). This right allows you to receive this Personal Data in a structured, commonly used and machine-readable format in order for you to be able to transfer this Personal Data to another data controller or processor.

(c) Right to rectification:  You may, at any time, request that we rectify inaccurate or incomplete Personal Data concerning you, and we will proceed accordingly and promptly.

(d) Right to erasure (‘right to be forgotten’):  You may request the erasure of your Personal Data provided that one of the following conditions apply:

  • your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw your consent for the processing and there is no other legal ground for the processing (this only relates to the Personal Data collected via the contact form or for our newsletter purposes);
  • you exercise your right to object to the processing of your Personal Data, as detailed in Section 8 e);
  • your Personal Data was unlawfully processed; or
  • your Personal Data has to be erased to comply with a legal obligation to which we are subject.

(e) Right to object:  Where your personal situation justifies it, you may object to the processing of your Personal Data by us when this processing is carried out in our legitimate interests.

You may also, at any time, object to the processing of your Personal Data by us when this processing is carried out for marketing purposes.

(f) Right to restriction of processing:  You may ask for the restriction of the processing of your Personal Data when one of the following applies:

  • where you dispute the accuracy of your Personal Data, you can request the restriction of the processing of your Personal Data for the period required to verify your claim;
  • where the processing is unlawful, you may choose to request the restriction of the use of your Personal Data instead of requesting its erasure;
  • if we no longer need your Personal Data for the purpose of the processing, but you require this data for the establishment, exercise or defense of legal claims; or
  • where you objected to the processing of your Personal Data carried out in our legitimate interests, you may request the restriction of this processing while we investigate your claim.

(g) Right to lodge a complaint:  Please note that you have also the right to lodge a complaint regarding a breach of your rights in relation to your Personal Data with the Commission Nationale de l’Informatique et des Libertés (CNIL), the French Data Protection Authority, 3 place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 – Telephone: 01 53 73 22 22).

(h) Right to give instructions regarding what to do with your data after your death:  You have the right to give general or specific instructions pertaining to the manner in which you wish to exercise the rights, after your death, as guaranteed by applicable Personal Data Regulations.

The general instructions pertain to all Personal Data about you, and you can revoke them at any time. They may be registered with a trusted digital third party certified by the French Data Protection Authority (the CNIL).

The specific instructions pertain to the processing referred to in these instructions and are registered with us: they are subject to your specific consent and you may revoke them at any time.

9. Children and minors

Children under the age of 18 are not eligible to use our website nor to provide their Personal Data with us in any way. We recognize the privacy interest of children. In accordance with the relevant provisions of the Children’s Online Privacy Protection Act, we do not knowingly collect any information, including any personally identifiable information, from anyone under 13 years of age. Our website and services are directed to persons who are at least 13 years old or older.

10. Changes to this Policy

When necessary, we will make changes to the Policy.  When we do so, we will note the date of update at the top of the Policy, and the changes are effective as of that date. If you have any questions relating to the changes we make to the Policy, please email privacygroup@cohengresser.com.

11. Contact us and exercise your rights

If you have any questions regarding this Policy or wish to exercise one of your rights detailed above, please email privacygroup@cohengresser.com.

You may also contact us in writing at:

Attn: Privacy Group
Cohen & Gresser LLP
800 Third Avenue
New York, New York 10022

Back To Top↑