RSF Privacy Policy - Reinhardt Savic Foley LLP

This policy sets out how the organization Reinhardt Savic Foley LLP (“RSF”, “Firm” or “We”) seeks to protect personal data collected and processed in the course of our business. We value the privacy of our clients and viewers of our website. We are committed to protecting the privacy of our clients through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide to us when you visit the website www.savicfoley.com and use our website, and our practices for collecting, using, maintaining, protecting and disclosing your personal data. This notice informs clients and other affected parties in understanding how we process personal data, along with the rights of individuals to be informed on what data is held about them. This policy notice covers aspects of our business relevant to, primarily, the EU General Data Protection Regulation (the “GDPR”) and similar legislation around the world specifically including the UK General Data Protection Regulation tailored by the Data Protection Act 2018 (the “DPA”) and New York Stop Hacks and Improve Electronic Data Security (the “SHIELD”) Act, and inclusively other regulatory requirements in the United States, and States of the United States, in which we operate. We reserve the right to change the terms of this privacy policy at any time. The current policy is as of April 2021.

Controller: The controller of your personal data processing through the website for the purposes detailed below is Reinhardt Savic Foley LLP. If you have any questions about this privacy notice or how we handle your personal information, please contact The Data Controller, Care of: Reinhardt Savic Foley LLP, at 200 Liberty Street, 27th Floor, New York, NY 10281 or 52 Bedford Row, 4th Floor, Holborn, London WC1R 4LR or via our Contact Us submission. Our UK ICO registration number (via our registered entity SavicFoley P.C.) is ZB040400.

Purposes: We process personal information to enable us to provide legal services to our private clients, corporate clients, organizational clients, others in the legal profession, and government departments and agencies, in addition to maintaining our own accounts and records.

Categories of data we may collect: We process information relating to the preceding purposes and could include: personal details; business details and related information; family details; financial details; education and employment details; goods and services; and lifestyle and social circumstances. Personal data, or personal information, means any information about an individual from which that person can be identified, but does not include data where the identity has been removed or is anonymous data. We may collect, use, store and transfer different kinds of personal data about you grouped together as: (i) Private Information including your account numbers, credit/debit card numbers, and email addresses, but not in combination with passwords or security questions and answers; (ii) Identity Data including your first and last name; (iii) Contact Data including your email address and telephone number; (iv) Technical Data such as browser type, mobile device, internet protocol (IP) address, domain name, date and time stamp, login data, time zone location, operating system and version, product registration number, logs files; and (iv) Communication Data such as messages and content included in emails sent to us. It is possible we would also process sensitive data that could include someone’s physical or medical health information. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) or data related to Criminal Convictions and Offenses through your use of our Website. If you provide us such data through messages or emails you send to us, we will process these types of data to reasonably ensure the highest level of security is applied to the data.

Who the information is processed about: We process personal information about individuals; clients, prospective clients, business contacts, government, legal and commercial debtors, witnesses, third party actors to our legal matters, the subjects of investigations, advisers and other professional experts, and suppliers.

Lawful Basis for processing and Reasonable Administration: RSF processes all personal data lawfully, fairly and in a transparent manner when providing legal, general counseling, litigation and investigative services when the law allows us to. RSF has adopted reasonable administrative, technical and physical safeguards that we have determined through internal assessment are appropriate based on the size of our business, the complexity of our business, and the sensitivity of the data we collect. Generally, we will use your personal information with your consent and where it is necessary for our legitimate interests under GDPR Article 6(1)a: Consent to the processing. When the collection and use of your personal data is based on your consent, you can withdraw your consent at any time by contacting us via email or through our “Contact us” form. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights as defined by law do not override those interests, we process data under the following lawful basis stated under GDPR Article 6(1)(f): “necessary for the purposes of legitimate interests pursued by the controller or a third party” and where Legitimate Interests is relied upon as a lawful basis, we will conduct a Legitimate Interest Assessment. SavicFoley processes all special categories data, if any, lawfully, fairly and in a transparent manner when providing its professional services under the following lawful bases stated under GDPR Article 9(2)(e) processing relates to personal data which are manifestly made public by the data subject; and Article 9(2)(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. SavicFoley does not utilise automated decision making and profiling as stated in the GDPR and the DPA.

Source of personal data: The data we process originates from legally compliant publicly available and open source information, and personal data manifestly made public by the data subject. In addition it is supplied by Clients under the lawful basis of Legitimate Interests.

Who the information may be shared with: RSF sometimes needs to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of applicable state and other regulations including the GDPR and DPA. Where necessary or required, we share information with internal members of the firm located abroad, legal clients, adjudicators, arbitrators, counsel, couriers, courts, document management services, document review platforms, experts (including for example foreign lawyer, tax or medical advisors, accountants, and valuers), insurers, IT services providers, mediators, opposing party, opposing party or parties lawyers and counselors, receptionists, process servers, police forces, government clients, current, past or prospective employers, professional investigators, regulators, tax authorities, corporate registries, third party funders, transcribers and shorthand services, translators, party and third party witnesses. Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide our professional services as effectively as we can.

Client Information and Retention: Prior to any representation, retainer or engagement we will request from Clients personal information such as name, address, telephone number and email. We also obtain consent to process said information to confirm the accuracy of such details. The information will be securely stored and destroyed within three years from the conclusion of representation, unless we deem it necessary to retain longer than three years or is requested to be destroyed sooner than three years. In the event we do not proceed with a representation, retainer or engagement the information will be securely stored and destroyed within a year, unless requested to be destroyed sooner than a year.

Secure Handling, Retention and Protection of personal data: RSF adheres to the requirements and individual’s rights to meet the standards of all aspects of applicable state and other regulations including the GDPR and DPA and ensures that personal data is processed: (i) fairly and lawfully; (ii) for limited purposes; (iii) adequately, relevantly and not excessively for longer than is necessary; (iv) accurately and current; and (v) in line with your rights. RSF will further ensure that personal data is: (i) securely stored, and limiting hard copy files, that are strictly accessible only by RSF members; (ii) securely disposed; (iii) not collected or stored from or on our own website; and (iv) not transferred to other states or countries without adequate protection. SavicFoley takes all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information. We utilize only an email and document storage system with enhanced security and management controls, including: (i) multi-step verification; (ii) Vault retention, archiving, and search data; (iii) advanced protection program, and (iv) advanced endpoint management. SavicFoley has put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also maintain and review data protection policies, procedures and assessments including: (i) having firewalls, malware/anti-virus and recommended cyber security measures in place; (ii) displaying our ICO registration; and (iii) addressing additional notices and standards recommended by ICO as part of its guidance on Information Security and other state and federal entities guidance of data protection.

International transfers of data: It may be necessary to transfer personal information internationally within RSF or our external third parties that may be based outside the UK or European Economic Area (the “EEA”), and if you are based in the EU, this may involve transferring your information outside the EEA. Not all countries provide the same level of protection in relation to personal information as within the UK and EEA. The GDPR and DPA imposes restrictions on the transfer of personal data outside the EU and UK, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by the GDPR is not undermined. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information. This will include having a lawful basis for transferring personal information and putting appropriate safeguards in place to ensure an adequate level of protection for the personal information. As the data controller, we transfer your personal data within and outside the UK, EU, and EEA via our Google Workspace integrated communications and documents access and storage systems based in the US and hosted by Google LLC, which is also based in the US and is self-certified under the EU-U.S. Privacy Shield (https://www.privacyshield.gov/welcome). The European Commission has determined that certain countries outside of the EEA adequately protect personal data which you can review here. To transfer data from the UK and EEA to other countries, such as the US, we comply with legal frameworks that establish an equivalent level of protection with EU law.

Accessing your information and individual rights: You have certain rights under data protection laws in relation to your personal information that may include the right to: (i) request access to your personal information which enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it; (ii) request correction of the personal information that we hold about you which enables you to have any incomplete or inaccurate information we hold about you corrected; (iii) request erasure of your personal information which enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it, and including the right to ask us to delete or remove your personal information where you have exercised your right to object to processing; (iv) object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground; and (v) request the restriction of processing of your personal information which enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. To exercise any of these rights,please submit your request in writing to The Data Controller, Care of: Reinhardt Savic Foley LLP, at 200 Liberty Street, 27th Floor, New York, NY 10281 or 52 Bedford Row, 4th Floor, Holborn, London WC1R 4LR. We are required to verify the identity of the person submitting an objection, therefore all such requests must include the individual’s full name, address and telephone number. The sender may also be requested to supply paper evidence of their identity. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We try to respond to all legitimate requests within one month.

Security of your information: We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know and they will only process your personal information on our instructions and are subject to a duty of confidentiality. Although RSF has adopted reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, the transmission of information via the internet is not completely secure. In the event of a data breach, we will notify you and any applicable regulator where we are legally required to do so. RSF will use reasonable and appropriate security measures to protect your personal information, but cannot guarantee the security of your personal information transmitted to our website www.savicfoley.com. While we take all reasonable steps to protect the privacy of our website visitors, we cannot promise that the current limitations of our online applications programming will address every browser setting or honor every personal browser preference. In particular, we have not implemented the necessary program changes to honor “Do Not Track” or “DNT” browser signals. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our website.

Your right to complain: If you are in the UK or EEA you have the right to lodge a complaint with the Information Commissioner’s Officer (ICO) in the UK. The ICO can be contacted by telephone on 0303 123 113 – Monday to Friday, between 9am and 5pm – or by email at casework@ico.org.uk. You can also visit the ICO’s website by following this link: https://ico.org.uk/.

New York Residents and Your Privacy Rights. Although the SHIELD Act does not create affirmative rights for New York residents including the right to request that businesses covered by the law delete their personal information, if you are a natural person residing in New York you may request that RSF delete your personal information and RSF may, in its sole discretion, agree to do so. To make such a request, please do so in writing to The Data Controller, Care of: Reinhardt Savic Foley LLP, at 200 Liberty Street, 27th Floor, New York, NY 10281.

California Residents and Your Privacy Rights. The California Consumer Privacy Act (CCPA) permits users of our website that are natural persons residing in California to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes and to request that businesses covered by the law to delete their personal information. To make such a request, please do so in writing to The Data Controller, Care of: Reinhardt Savic Foley LLP, at 200 Liberty Street, 27th Floor, New York, NY 10281.

Social Media: RSF’s website includes Social Media features including links to current pages such as on LinkedIn, Instagram, Twitter, and Facebook, among others. As a result of you liking us, following us, or otherwise interacting with us via any features on these mediums, your IP address, which page you are visiting on our site, and more may be collected and may set a cookie to enable the feature to function properly. Social Media features are either hosted by a third party or hosted directly on our website, and your interactions with these features are governed by the privacy policies of the companies providing them. For further information please refer to the relevant company.

Aggregated Data: We do not collect, use and/or share Aggregated Data such as statistical or demographic data for any purpose.

Privacy of Children: This website is not intended for individuals under 18 years of age and no one under age 18 should provide any information to or on the RSF website. If RSF learns it collected or received personal information from someone under 18 years of age, and without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18 years of age, please contact The Data Controller, Care of: Reinhardt Savic Foley LLP, at 200 Liberty Street, 27th Floor, New York, NY 10281or 52 Bedford Row, 4th Floor, Holborn, London WC1R 4LR.

Cookies: You can set your browser to refuse all or some browser cookies applicable to our or any website, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly now or at future accesses.

The Data Controller

Reinhardt Savic Foley LLP