Skip to main content

 

California Consumer Privacy Act Notice

Last Updated: 1 January 2023

Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), Freshfields Bruckhaus Deringer LLP (“Freshfields,” the “firm,” “we,” “us,” or “our”) provides this California Consumer Privacy Act Notice (the “CCPA Notice”) to California residents (“consumer” or “you”). This CCPA Notice supplements the information provided in our Privacy Notice.

This CCPA Notice does not apply to information that we collect about our employees, job applicants, or other workers, which is covered by separate notices. For information about how we process personal information in the context of recruitment, please refer to our Recruitment Privacy Notice.

IF YOU ARE HAVING ANY TROUBLE ACCESSING THIS CCPA NOTICE OR THE WEBSITE OR SERVICES, PLEASE CONTACT US THROUGH THE METHODS PROVIDED AT THE END OF THIS CCPA NOTICE. We also have more information availability on our Accessibility web page.

CATEGORIES OF PERSONAL INFORMATION COLLECTED AND DISCLOSED

Under the CCPA, “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household. “Personal Information” does not include publicly-available information, deidentified or aggregated information, or information covered by certain sector-specific privacy laws. “Sensitive Personal Information” refers to information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages unless Freshfields is the intended recipient of the communication; genetic data; and biometric information.

In the following charts, we identify (1) the categories of Personal Information and Sensitive Personal Information (as listed in the CCPA) that we plan to collect and use, and have collected and used within the preceding 12 months; (2) the categories of recipients to which we have disclosed each category of Personal Information or Sensitive Personal Information for our operational business purposes within the preceding 12 months; and (3) the criteria we use to determine the retention period for each category of Personal Information or Sensitive Personal Information.

Category of Personal Information Collected

Disclosed to Which Categories of Recipients for Operational Business Purposes

Retention Period Criteria

Identifiers such as name, postal address, online identifier, IP address, and email address

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing
We use the following criteria to determine the period of time for which we retain each category of Personal Information:
  • The length of time we have an ongoing relationship with you (for example, for as long as you use our services);
  • For as long as reasonably necessary for business purposes related to providing you with services (for example, for internal reporting and reconciliation purposes, or to provide you with feedback on information you might request);
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of our engagement for a certain period of time before we can delete them or where we have agreed to retain these records due to our client’s legal or other obligations); or
  • Whether retention is necessary in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Personal information as defined in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, and contact information

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing
See above

Characteristics of protected classifications under California or federal law

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing
See above

Commercial information, including records of services obtained, financial details and payment information.

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing
See above

Internet or other electronic network activity information, such as browsing history on our website and other interactions with our website, applications, and email communications

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Service providers and other vendors that provide services to us, such as IT support and marketing
See above

Geolocation data, such as approximate location derived from IP address

  • Our affiliates
  • Service providers and other vendors that provide services to us, such as IT support
See above

Audio, electronic, visual, or similar information, such as office security footage or recordings of select events, conferences, or meetings

  • Our affiliates
  • Third parties that may receive a recording of events, conferences or meetings such as our clients or other business contacts
  • Service providers and other vendors that provide services to us, such as IT support
See above

Professional or employment-related information

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing
See above

Education information, (this category is defined to exclude any publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing
See above

Below, we provide this information related to Sensitive Personal Information:

 

Category of Sensitive Personal Information Collected

Disclosed to Which Categories of Recipients for Operational Business Purposes

Retention Period Criteria

Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number

  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing

We use the following criteria to determine the period of time for which we retain each category of Sensitive Personal Information:

  • The length of time we have an ongoing relationship with you or your company;
  • For as long as reasonably necessary for business purposes related to providing you with services;
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to retain records for a certain period of time before we can delete them or where we have agreed to retain these records due to our client’s legal or other obligations); or
  • Whether retention is necessary in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

We also may receive additional types of personal information in the course of performing client services, which may include:

  • Account log-in, financial account, debit card, or credit card number in connection with any required security or access codes, password, or credentials allowing access to an account
  • Precise geolocation
  • Racial or ethnic origin, religious or philosophical beliefs, or union membership
  • Contents of consumer’s mail, email and/or text messages (other than content in messages sent to us)
  • Biometric information
  • Health data
  • Personal Information concerning sex life or sexual orientation
  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Other law firms (for example, law firms from our “StrongerTogether” network) with whom we work to deliver client services
  • Service providers and other vendors that provide services to us, such as IT support and marketing
See above

In addition, we may disclose Personal Information (including Sensitive Personal Information) to government authorities or other parties to enforce our rights and comply with our obligations under applicable law, legal process, or government regulation.

We do not “sell,” and have not “sold,” personal information in the preceding 12 months, within the meaning of “sale” under the CCPA. For example, and without limiting the foregoing, we do not sell personal information of minors under the age of 16.

SOURCES OF PERSONAL INFORMATION

We collect this Personal Information (including Sensitive Personal Information) directly from you, and from the following types of sources: our clients, public registers and databases, court and public records, communication with third parties and other advisors involved in client matters, commercial databases, and event sponsors. 

USE OF PERSONAL INFORMATION

As described in further detail in our Privacy Notice, we use this Personal Information for our business and operational purposes, such as providing legal services to our clients; complying with our applicable legal and regulatory obligations in the jurisdictions where we practice; performing business functions (e.g., record keeping, accounting, billing and tax compliance, auditing, business development, research, and data analysis); administering, optimizing, and protecting our website and other Solutions (as defined in our Privacy Notice); communicating with clients and prospective clients; and exercising and defending legal claims.

Freshfields may use Personal Information to generate deidentified data sets. To the extent Freshfields treats data as deidentified under the CCPA, Freshfields will maintain and use that data solely in deidentified form and will not attempt to reidentify that data with any individuals, other than to assess whether the deidentification process complies with applicable law or as otherwise permitted by applicable law.

CCPA RIGHTS

If you are a California resident, you may make certain requests under the CCPA, as described below:

Right to Know

You may request the following information covering the 12 months or other CCPA-specified period preceding our receipt of your request: (1) the categories of Personal Information we collected about you, and the categories of sources from which we collected your Personal Information; (2) the specific pieces of Personal Information we collected about you; (3) the business or commercial purposes for collecting Personal Information about you; (4) the categories of Personal Information that we disclosed about you, and the categories of third parties to whom the Personal Information was disclosed; and (5) the business or commercial purpose for our collection of your Personal Information.

Right to Deletion

You may request that we delete your Personal Information. Please note that deletion requests are subject to certain limitations; for example, we may retain Personal Information as permitted by law, such as for tax or other record keeping purposes, and consistent with our professional responsibility obligations.

Right to Correct

You may request the correction of Personal Information we maintain about you, taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information.

Right to Opt-Out of Sale and Sharing

We do not sell or share, and have not sold or shared, your Personal Information in the preceding 12 months, within the meaning of “sale” and “share” as those terms are defined under the CCPA. Furthermore, and without limiting the foregoing, we do not sell or share the Personal Information of minors under the age of 16.

Right to Limit the Use of Your Sensitive Personal Information

You have the right to limit the use or disclosure of your Sensitive Personal Information (“SPI”) if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services or other CCPA-approved purposes. You can make a request for us to limit the use or disclosure of your SPI by visiting the following Internet Web page: “Limit the Use of My Sensitive Personal Information.”

Right to Non-Discrimination

If you exercise your CCPA rights, you have the right to be free from unlawful discriminatory treatment. If you ask us to delete your Personal Information, however, please be aware that it may impact our ability to provide our services to you, including our legal advisory services.

EXERCISING YOUR RIGHT TO KNOW, DELETE, OR CORRECT

You may submit a Request to Know, Request to Delete, and/or Request to Correct by emailing us at dataprivacy@freshfields.com, or contacting us by telephone at 1 (833) 699-1579.

Before we respond to a communication or request, we may take certain steps to verify the requestor’s identity. Where we have reasonable doubts concerning the identity of the person making the request, or the authenticity of a request, we may request additional information to verify your identity and protect against fraudulent requests.

In order to facilitate this process and to enable us to assist you, please ensure that you include in your request the type of request you are making, as well as your name, e-mail and telephone number. We will contact you if further information is required to process your request.  We will use your information only to verify your request by attempting to match your information to our internal records. If you are a client, please also indicate the name(s) of the Freshfields Bruckhaus Deringer attorney(s) with whom you have worked.

You may authorize another person (your “agent”) to submit a request on your behalf. We may ask your agent to provide proof of their status as an authorized agent. Please note that we may also contact you directly to verify your identity and to confirm that your agent has been properly authorized where we have not received a power of attorney authorizing the agent to act on your behalf.

There is generally no charge for the exercise of your CCPA rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee based on the administrative costs of providing the information or taking the action requested, or (b) refuse to act on the request.

DO NOT TRACK

We do not monitor or follow “Do Not Track” (DNT) signals because there is no standard interpretation or practice for DNT signals. As explained above, however, we do not “sell” or “share” Personal Information as those terms are defined under the CCPA.

CONTACTING US

If you have questions about our privacy practices or this CCPA Notice, please contact us at dataprivacy@freshfields.com.