Cohen & Gresser Privacy Policies
Cohen & Gresser Privacy Policies
Cohen & Gresser LLP – US Privacy Policy
Last Updated July 2024
Transparency is important to us at Cohen & Gresser LLP. That’s why our Privacy Policy (the “Policy”) aims to be clear about the types of information we collect, what we do with that information, and our data protection and storage practices.
We take your privacy very seriously. Please read this Policy carefully as it contains important information on what information we collect and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us if you have a complaint.
The Policy describes our privacy practices regarding information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household (“Personal Information”). We collect certain Personal Information during the course of providing services for an engagement or potential engagement, and from our website, social media, emails, in-person meetings, or other sources, as well as your choices with regard to use, access, and amendments of information relating to you.
We collect some Personal Information automatically, for example some limited website or social media interactions when Personal Information is involved. If this occurs, this information is used for statistical purposes only. Otherwise, all of your Personal Information is given directly to us by you. We disclose your Personal Information to third parties only to the extent necessary to help us serve you, to market our legal services to you more effectively, or to comply with our legal obligations.
By using our website, interacting with us on social media, clicking on our HTML-formatted emails, or by providing Personal Information to us in any other way, you agree to the collection and processing of your Personal Information as set out in this Policy.
Please note that we do not request or collect or otherwise process Personal Information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
1. How do we collect and process your Personal Data
1.1 Information you provide
We collect the Personal Information you voluntarily provide to us from time to time via email or other means of communication, in particular when:
- we (or a member of our firm) handle a legal matter on your behalf and need to take your Personal Information as part of providing services to you; or
- we (or a member of our firm) otherwise enter into a business relationship with you; or
- you give your business card to a member of our firm; or
- you interact with the firm’s website or social media; or
- you apply for a position at our firm; or
- you send an email to us (or a member of our firm) for any reason; or
- you submit a form to subscribe to or receive marketing or other content from us.
Such Personal Information may include, among other things:
- your first and last name;
- your address;
- your date of birth;
- your company/organization;
- your title/position;
- your telephone numbers and email addresses;
- the country where you are located;
- the type of assistance required and/or your message;
- your CV, letter of recommendation, qualifications, etc.;
- your financial information, including payment-related information.
Such information is used for the following purposes:
- Engaging with you to assess whether or not we can provide legal services to you or your business, organization etc;
- Answering your inquiries and requests, including questions regarding our firm and policies, requests for marketing communications, and recruitment queries;
- Providing and improving our services to our clients, including in relation to legal services and advice;
- Contacting you via marketing communications, such as client alerts, press releases, and event invitations;
- Updating our contact lists to ensure accurate information and areas of interest;
- Recruitment purposes;
- Improving our services, including through data analytics, audits, and fraud detection.
This processing is necessary:
- for the provision of our services and the fulfillment or performance of an agreement with you; or
- for our other legitimate purposes under applicable laws.
Personal Information is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.
1.2 Direct marketing
We may, from time to time, send you direct communications including news regarding our firm, invitations to events or articles written by our attorneys. You must communicate an email address in order to subscribe to any of our newsletters and client alerts. You can choose to unsubscribe at any time, either by clicking on the link provided at the bottom of our newsletters or client alerts, or by sending us a request to that effect.
1.3 Information collected automatically and cookies
When you visit our website, the following information about your visit is automatically collected by us:
- your computer’s or mobile device’s operating system;
- the application or software that you used to access our website;
- your Internet Protocol (“IP”) address;
- the time you accessed our website;
- the device type with which you accessed our website;
- your browser type and language configuration;
- the website you visited before accessing our website;
- the pages visited and how long each page was accesses for.
These features may collect your IP address and the page of origin from our website and may set a cookie to enable the feature to function properly.
The aim of the automatic collection and processing of the information described above is to obtain visit statistics in order to improve our website and your experience as a client or user of our website. In particular, we use IP addresses to analyze trends, administer the website, and gather broad audience and visitor statistics for aggregate use. Such Personal Information is processed to further our legitimate purposes including to enable us to enhance our website for the benefit of our clients and marketing communications effectiveness. Personal Information is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.
1.4 Cookies
A cookie is a piece of data stored on your device containing information related to your visit on our website.
You may, at any time, modify, delete, or block the cookies stored on your device when visiting our website. Please note that some functionality of the website may be impaired as a result. Please refer to your browser’s documentation to learn how to proceed.
The use of cookies facilitates the operation of the website and improves the website.
By visiting the website without disabling this function, you expressly consent to the use of cookies.
The storage duration of cookies differs depending on the cookie but is never longer than ninety (90) days.
Our server may re-send cookie requests for subsequent visits in order to authenticate the user.
2. Links to third party sites and Google Analytics
Our website contains links to other sites.
Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to read the privacy statements of each and every website that collects Personal Information.
Please note that we use a tool called “Google Analytics” to collect information about the use of our website.
Google Analytics collects website use information regarding how often users visit the website, what pages they visit when they do so, and what other sites they used prior to coming to our website. We use the information we get from Google Analytics to improve our website. Google Analytics collects only the IP address assigned to you on the date you visit our website, rather than your name. Google’s ability to use and share information collected by Google Analytics about your visits to the website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to the website by disabling cookies on your browser.
3. Sharing with third parties
As members of a global firm, we may share your Personal Information with other Cohen & Gresser entities throughout the world.
We may disclose your Personal Information to another Cohen & Gresser entity (i) for purposes of outsourcing one or more of the functions described above; (ii) to confirm or update information provided by you; or (iii) for other purposes disclosed at or before the time the information is collected.
We may also disclose your Personal Information with certain trusted third parties, including IT providers, software providers, and other service providers and vendors:
- when legally required to do so; or
- when utilizing third party vendors to host and secure data during the regular course of doing business.
We disclose this Personal Information for the business purposes described in section 1 above.
4. Transfers
We operate our services through Cohen & Gresser LLP in the United States. This means that your Personal Information is processed and stored on a server located in the United States.
By accessing our website or otherwise voluntarily providing us with information, you consent to having your data transferred and processed in the United States.
In order to ensure the lawfulness of these transfers, we have executed and implemented the European Commission Standard Contractual Clauses for controller-to-controller transfers set by Decision 2004/915/EC and/or we will follow the UK GDPR and or from the 12 October 2023 the UK-US Data Bridge. The Standard Contractual Clauses provide for adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights, and are fully implemented by all entities of Cohen & Gresser and the UK-US Data Bridge adopts adequate measures to protect data between non-EU countries.
5. Security measures
We attempt to protect against the loss, misuse and alteration of your Personal Information and have implemented reasonable administrative, technical, and physical measures to protect your Personal Information, both online and offline. While we have strict procedures in place to safeguard your Personal Information, we cannot guarantee the safety of Personal Information or any transfer of such data which takes place outside of C&G networks. If you have specific questions regarding our security measures, please email privacygroup@cohengresser.com
6. Additional Disclosures under the California Consumer Protection Act (for California Residents)
6.1 Information Collection and Use
Within the last twelve (12) months, Cohen & Gresser has collected from one or more consumers, as that term is used in the California Consumer Protection Act of 2018, as amended (“CCPA”), the categories of Personal Information identified with the word “YES” in the following chart. Also set out below is the period of time for which Cohen & Gresser retains each category of Personal Information and whether it sells or shares such information within the meaning of the CCPA.
Category | Examples | Collected | Retention Period | Sold or Shared |
---|---|---|---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | YES | 10 years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. | NO |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I). | A name, signature, address, telephone number, employment, bank account number, credit card number, debit card number, or any other financial information. | YES | 10 years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. | NO |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO | – | NO |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | 10 years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. | NO |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | – | NO |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES | Duration of relationship, unless it is no longer necessary for the purposes for which it was collected. | NO |
G. Geolocation data. | Physical location or movements. | No | – | NO |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | – | NO |
I. Professional or employment-related information. | Current or past job history or performance evaluations, information we collect as part of our intake processes for new clients, information provided to us by our clients or obtained in the course of providing legal services to our clients | YES | Five years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | YES | Five years beyond duration of relationship, unless it is no longer necessary for the purposes for which it was collected. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO | – | NO |
Cohen & Gresser does not sell or share consumers’ Personal Information as those terms are used in the CCPA.
In the preceding twelve (12) months, Cohen & Gresser has disclosed the following categories of personal information for a business purpose to software providers and vendors:
- Identifiers
- Personal information
- Commercial information
- Internet or other similar network activity
- Professional or employment-related information.
- Non-public education information
In the preceding twelve (12) months, Cohen & Gresser has also disclosed the following categories of Personal Information for a business purpose to regulatory bodies, law enforcement agencies, and aligned and opposing counsel in legal matters:
- Identifiers
- Personal information
- Commercial information
- Professional or employment-related information.
We disclose your Personal Information for the Business Purposes described in Section 1.
6.2 Rights Regarding Personal Information.
You have the following rights regarding your Personal Information processed by us.
(a) Access and Portability Rights
You may request that Cohen & Gresser disclose certain information to you about our collection and use of your personal information over the past 12 months, as well as any additional such information dating back to January 1, 2022. Once we confirm your request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties to whom we disclose that personal information.
- The specific pieces of personal information we collected about you.
- If we disclosed your Personal Information for a Business Purpose, a list disclosing:
- disclosures for a Business Purpose, identifying the Personal Information categories that each category of recipient obtained.
In some cases, we may not be able to provide information related to a period longer than twelve (12) months preceding the request, where doing so would be impossible or require disproportionate effort.
(b) Deletion or Correction Request Rights
You have the right to request that Cohen & Gresser delete, subject to certain exceptions, any of your Personal Information that we retained after we collected, used, or processed it from you. You also have the right to correct inaccurate Personal Information we maintained. After confirming your request, we will use commercially reasonable efforts to correct inaccurate information, or, if requested, delete your retained Personal Information, unless an exception applies. We will direct our service providers, contractors, and any third parties to whom we may have disclosed your Personal Information to do the same, unless doing so would be impossible or require disproportionate effort.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s), contractor(s), or third parties to:
- Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the ability to complete such research, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which the consumer provided the information.
- Comply with a legal obligation.
Please refer to the C&G UK privacy policy for additional rights you may have under the UK General Data Protection Regulation (“UK GDPR”).
7. Children and minors
In accordance with the relevant provisions of the Children’s Online Privacy Protection Act, we do not knowingly collect any information, including any Personal Information, from anyone under 13 years of age.
8. Changes to this Policy
When necessary, we will make changes to the Policy. When we do so, we will note the date of update at the top of the Policy, and the changes are effective as of that date. If at any point we decide to use Personal Information for purposes incompatible with those stated at the time it was collected, we will make reasonable efforts to notify users of the change by sending a message to your email address or by displaying a banner requesting users’ consent to this change for two weeks before the change takes place. If you have any questions relating to the changes we make to the Policy, please email privacygroup@cohengresser.com.
Contact us / Exercise your rights
Only you or you authorized representative may make a verifiable consumer request concerning your Personal Information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The request must:
- Provide information sufficient to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
- Describe your request with sufficient detail to allow us to evaluate and respond to it.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable consumer request, as well as any additional available information dating back to January 1, 2022. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we plan to charge a fee, we will inform you of our rationale and the estimated cost before completing your request.
If you have any questions regarding this Policy or wish to exercise one of your rights detailed above, including to make a subject access request, please email privacygroup@cohengresser.com.
You may also contact us in writing at:
Attn: Privacy Group
Cohen & Gresser LLP
800 Third Avenue
New York, New York 10022
Cohen & Gresser (UK) – UK Privacy Policy
Last Updated April 2024
Transparency is important to us at Cohen & Gresser. That’s why our Privacy Policy (the “Policy”) aims to be clear about the types of information we collect, what we do with that information, and our data protection and storage practices.
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities if you have a complaint.
The Policy describes our privacy practices regarding information collected from our website, social media and other sources, and HTML-formatted emails that link to the Policy, as well as your choices with regard to use, access, and amendments of information relating to you as an identified or identifiable natural person (“Personal Data”). We collect some Personal Data automatically, for example some limited website or social media interactions when personal data is involved. If this occurs, this information is used for statistical purposes only. Otherwise, all of your Personal Data is given directly to us by you.
Clients of this firm should read this policy alongside our Terms of Business, which provide further information on confidentiality in respect of clients and outline our approach to storage of Personal Data including sharing and deletion in due course.
We only share this information with other Cohen & Gresser entities and to third parties to the extent necessary to help us serve you under a contract for services, to market our legal services to you more effectively, or to comply with our legal obligations. By using our website, interacting with us on social media, clicking on our HTML-formatted emails, or by providing Personal Data to us in any other way, you agree to the collection and processing of your Personal Data as set out in this Policy.
Please note that we do not request, collect, or otherwise process Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
1. How do we collect and process your Personal Data
1.1 Information you provide We collect the Personal Data you voluntarily provide to us from time to time via email or other means of communication, in particular when:
- we (or a member of our firm) handle a legal matter on your behalf and need to take your Personal Data as part of providing services to you; or
- we (or a member of our firm) otherwise enter into a business relationship with you; or
- you give your business card to a member of our firm;
- you apply for a position at our firm;
- you send an email to us (or a member of our firm) for any reason.
Such Personal Data may include your first/last name, date of birth, address, company/organization name, your functions, telephone numbers, email address, country, type of assistance required and/or your message, CV, letter of motivation, letter of recommendation, qualifications, etc. Such information is used for the following purposes:
- Engaging with you to assess whether or not we can provide legal services to you or your business, organization, etc;
- Answering your inquiries and requests, including questions regarding our firm and policies, requests for marketing communications, and recruitment queries;
- During the course of our business, including in relation to legal services and advice;
- Contact you via marketing communications, such as client alerts, press releases, and event invitations;
- Updating our contact lists to ensure accurate information and areas of interest;
- Recruitment purposes;
- Improving our services, including through data analytics, audits, and fraud detection.
This processing is necessary:
- for the provision of our services and the fulfillment or performance of an agreement with you; or
- for our other legitimate purposes under applicable laws, including but not limited to complying with our Anti-Money Laundering, Sanctions, and professional rules.
Personal Data is retained as long as necessary in order to fulfil the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose. We delete Personal Data periodically and you should note we may delete Personal Data without notice to you.
Where the Money Laundering Regulations 2017 (MLR 2017) apply we must identify and verify our client’s identity. We will ask questions designed to achieve identification and in some cases to ensure the funds for your instruction are from legitimate sources of funds and your wealth has been obtained lawfully.
1.2 Direct marketing We may, from time to time, send you direct communications including news regarding our firm, invitations to events or articles written by our attorneys. You must communicate an email address in order to subscribe to any of our newsletters and client alerts. You can choose to unsubscribe at any time, either by clicking on the link provided at the bottom of our newsletters or client alerts, or by sending us a request to that effect.
1.3 Information collected automatically and cookies When you visit our website, the following information about your visit is automatically collected by us:
- your computer’s or mobile device’s operating system;
- the application or software that you used to access our website;
- your Internet Protocol (“IP”) address;
- the time you accessed our website;
- the device type with which you accessed our website;
- your browser type and language configuration;
- the website you visited before accessing our website;
- the pages visited and how long each page was accessed for.
Our website may also contain social media features, such as a LinkedIn ‘Follow’ button. These features may collect your IP address and the page of origin from our website and may set a cookie to enable the feature to function properly. The aim of the automatic collection and processing of the information described above is to obtain visit statistics in order to improve our website and your experience as a client or user of our website. In particular, we use IP addresses to analyze trends, administer the website, and gather broad demographic information for aggregate use. Such Personal Data is processed to further our legitimate purposes including to enable us to enhance our website and social media features for the benefit of our clients and the firm. Personal Data is retained as long as necessary in order to fulfill the purpose for which it is processed, and no longer than is necessary to comply with any legal or statutory purpose.
1.4 Cookies A cookie is a piece of data stored on your device containing information related to your visit on our website. You may, at any time, modify, delete, or block the cookies stored on your device when visiting our website. Please note that some functionality of the website may be impaired as a result. Please refer to your browser’s documentation to learn how to proceed. The use of cookies facilitates the operation of the website and improves the website. By visiting the website without disabling this function, you expressly consent to the use of cookies. The storage duration of cookies differs depending on the cookie, but is never longer than ninety (90) days.
1.5 Third Party
We may also collect information from publicly accessible sources, e.g. Companies House or HM Land Registry, directly from a third party, e.g.:
- sanctions screening providers;
- credit reference agencies;
- client due diligence providers;
from a third party with your consent, e.g.:
- your bank or building society, another financial institution or advisor;
- your company or employing entity, any professional body or pension administrators;
- your doctors, medical and occupational health professionals;
our information technology (IT) systems, e.g.:
- via our case management, document management and time recording systems;
- from door entry systems and reception logs;
- through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.
1.6 Common Data Collection Examples
The table below summarizes the Personal Data we collect, or may collect, in respect of client instructions. The table below is illustrative, and thus not exhaustive, so the general commentary above applies but these examples are designed to aid your understanding of our use of Personal Data. If you are unsure of how it applies in your case please ask us.
Personal data we will collect | Personal data we may collect depending on why you have instructed us |
---|---|
Your name, address and telephone number | Your National Insurance and tax details |
Information to enable us to check and verify your identity, e.g. your date of birth or passport details for anti-money laundering and sanctions compliance | Your bank and/or building society details |
Electronic contact details, e.g. your email address and mobile phone number | Details of your professional online presence, e.g. LinkedIn profile |
Information relating to the matter in which you are seeking our advice or representation | Details of your spouse/partner and dependents or other family members, e.g. if you instruct us on a matter when such details are required |
Information to enable us to undertake a credit or other financial checks on you | Your employment status and details including salary and benefits if relevant to the instruction of the firm to assist you in a legal matter |
Your financial details so far as relevant to your instructions, e.g. the source of your funds if you are instructing on a purchase transaction | Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information, e.g. if you instruct us on a matter to which these details are relevant such as sanctions compliance or challenges |
Information about your use of our IT, communication and other systems, and other monitoring information using website cookies | Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances, e.g. if you instruct us on matter related to your employment or in which your employment records are relevant |
Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs, e.g. if you instruct us on discrimination or sanctions challenge piece of litigation |
We collect and use this personal data to provide services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing those services.
2. Links to third party sites and Google Analytics
Our website contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to read the privacy statements of each and every website that collects Personal Data. Please note that we use a tool called “Google Analytics” to collect information about the use of our website. Google Analytics collects website use information regarding how often users visit the website, what pages they visit when they do so, and what other sites they used prior to coming to our website. We use the information we get from Google Analytics to improve our website. Google Analytics collects only the IP address assigned to you on the date you visit our website, rather than your name. Google’s ability to use and share information collected by Google Analytics about your visits to the website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to the website by disabling cookies on your browser.
3. Sharing with third parties
As members of a global firm, we will share your Personal Data with other Cohen & Gresser entities throughout the world including therefore our entities in the United States, the European Union and the United Kingdom (Our Locations). We may disclose your Personal Data to another Cohen & Gresser entity (i) for purposes of outsourcing one or more of the functions described above; (ii) to confirm or update information provided by you; or (iii) for other purposes disclosed at or before the time the information is collected. We may also share your Personal Data with some selected third parties including software providers and vendors who may be based in any of Our Locations (or locations such as, but not limited to, the European Economic Area (EEA), when the data will be secured to levels consistent with the security in Our Locations and with the UK GDPR:
- when legally required to do so; or
- when utilizing third party vendors to host and secure – but not process – data during the regular course of doing business.
4. Transfers
We operate our services through Cohen & Gresser LLP in the United States. This means that your Personal Data is processed and stored on a server located in the United States. By accessing our website or otherwise voluntarily providing us with information, you consent to having your data transferred and processed in the United States.
In order to ensure the lawfulness of these transfers, we have executed and implemented the European Commission Standard Contractual Clauses for controller-to-controller transfers set by Decision 2004/915/EC and/or we will follow the UK GDPR and/or from 12 October 2023,UK-US Data Bridge. The Standard Contractual Clauses by the EC provide for adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights, and are fully implemented by all entities of Cohen & Gresser and the UK-US Data Bridge adopts adequate measures to protect data between non-EU countries.
5. Security measures
We attempt to protect against the loss, misuse and alteration of your Personal Data and have implemented reasonable administrative, technical, and physical measures to protect your Personal Data, both online and offline. While we have strict procedures in place to safeguard your Personal Data, we cannot guarantee the safety of Personal Data or any transfer of such data which takes place outside of C&G networks. If you have specific questions regarding our security measures, please email privacygroup@cohengresser.com
As a general rule, we will keep your Personal Data in our matter file (electronic) for at least seven (7) years from the conclusion of your matter, in case you, or we, need to bring or defend any complaints or claims.
6. Rights with regard to your Personal Data
You have the following rights regarding your Personal Data processed by us.
(a) Right of access: You may request access to your Personal Data that we collect and process about you. This is called a data subject access request and you can make a request about your Personal Data by writing to us using the contact details below. We may require further information from you in order to verify your identity before giving you access to or disclosing any Personal Data to you. Should you request such an access, we will provide you with a copy of all your Personal Data in our possession as well as all legally required information, including:
- the purposes of the processing;
- the categories of Personal Data concerned;
- the recipients to whom the Personal Data have been or will be disclosed;
- the duration of storage of the Personal Data; and
- further information on your rights regarding your Personal Data.
(b) Right to data portability: You have the right to data portability of your Personal Data. This right differs from your right to access, since it only relates to the Personal Data you provided us with (for example, automatically collected data is not included). This right allows you to receive this Personal Data in a structured, commonly used and machine-readable format in order for you to be able to transfer this Personal Data to another data controller or processor.
(c) Right to rectification: You may, at any time, request that we rectify inaccurate or incomplete Personal Data concerning you, and we will proceed accordingly and promptly.
(d) Right to deletion (‘right to be forgotten’): You may request the deletion of your Personal Data provided that one of the following conditions apply:
- your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- there is no statutory or legal basis requiring us to maintain your Personal Data;
- you withdraw your consent for the processing and there is no other legal ground for the processing (this only relates to the Personal Data collected via the contact form or for our newsletter purposes. Please note for client data we are obligated by legislation or by our professional indemnity insurance or regulatory obligations to retain some data even after consent is withdrawn and will do so under the legitimate interest basis);
- you exercise your right to object to the processing of your Personal Data, as detailed in section 6.5;
- your Personal Data was unlawfully processed; or
- your Personal Data has to be erased to comply with a legal obligation to which we are subject.
(e) Right to object: Where your personal situation justifies it, you may object to the processing of your Personal Data by us when this processing is carried out in our legitimate interests. You may also, at any time, object to the processing of your Personal Data by us when this processing is carried out for marketing purposes.
(f) Right to restriction of processing: You may ask for the restriction of the processing of your Personal Data when one of the following applies:
- where you dispute the accuracy of your Personal Data, you can request the restriction of the processing of your Personal Data for the period required to verify your claim;
- where the processing is unlawful, you may choose to request the restriction of the use of your Personal Data instead of requesting its erasure;
- if we no longer need your Personal Data for the purpose of the processing, but you require this data for the establishment, exercise or defense of legal claims; or
- where you objected to the processing of your Personal Data carried out in our legitimate interests, you may request the restriction of this processing while we investigate your claim.
If and when you notify us of a rectification or deletion of your personal data or a restriction of processing, we will attempt to notify each recipient to whom your Personal Data has been disclosed (unless this proves impossible or involves a disproportionate effort).
(g) Right to lodge a complaint: Please note that you always have the right to lodge a complaint regarding a breach of your rights in relation to your Personal Data with the competent supervisory authority.
7. Children and minors
Children under the age of 18 are not eligible to use our website or to provide their Personal Data to us in any way. We recognize the privacy interest of children. In accordance with the relevant provisions of the Children’s Online Privacy Protection Act, a federal law in the United States, we do not knowingly collect any information, including any personally identifiable information, from anyone under 13 years of age. Our website and services are directed to persons who are at least 13 years old or older.
8. Changes to this Policy
When necessary, we will make changes to the Policy. When we do so, we will note the date of update at the top of the Policy, and the changes are effective as of that date. If you have any questions relating to the changes we make to the Policy, please email privacygroup@cohengresser.com.
Contact us / Exercise your rights
If you have any questions regarding this Policy or wish to exercise one of your rights detailed above, including to make a subject access request, please email privacygroup@cohengresser.com. You may also contact us in writing at: Attn: Privacy Group Cohen & Gresser LLP, 800 Third Avenue New York, New York 10022 or by telephone on +1 212 957 7600.