Foley & Lardner LLP Client Privacy Notice

1. Introduction

This Client Privacy Notice describes how Foley & Lardner LLP collects and uses Personal Data about clients and other related entities as a result of our representation of our clients, including through email, text, and other electronic communications between clients and other related entities and Foley. 

Foley & Lardner LLP (“Foley” or “we” or “us”) respect our clients and prospective clients (“Clients”) and, to the extent required by law, other related entities (including our clients’ individual employees, officers, owners, directors, medical staff members, contractors, or other personnel, and parties adverse to our clients) (“Related Entities”) privacy and are committed to protecting it through our compliance with this policy. However, as a law firm, the applicable Rules of Professional Conduct (“Rules”) govern over any conflict between this Policy and the Rules and may limit your rights and Foley’s obligations described in this Client Privacy Notice.

This Client Privacy Notice (our “Client Privacy Notice”) describes the types of information we may collect from any Client or Related Entities or that any Client or Related Entities may provide as part of our representation of a Client in a legal matter for which we have been engaged, retained, or proposed to be engaged or retained (each, a “Matter”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. 

This policy applies to information we collect as part of our legal representation of a Client in Matters through any means, including through email, phone, and facsimile, our client portal, our FTP site, and other communications. 

It does not apply to information collected by any of our websites, including our websites at www.foley.com or any other information collected for any purpose not related to our representation or proposed representation of a Client in a Matter. 

Please read this policy carefully to understand our policies and practices regarding our Client’s and Related Entities information and how we will treat it. This Client Privacy Notice may change from time to time (see Changes to Our Client Privacy Notice). Your continued use of Foley for legal services (whether as a Client or as a Related Entity) after we make changes is deemed to be acceptance of those changes, so please check this Client Privacy Notice periodically for updates. 

2.  Children Under the Age of 18

Although during the course of providing our legal services to our Clients we may receive information about a child under 18, unless specifically agreed by Foley, our legal services are not intended for children under the age of 18 (or other legal age of maturity in the applicable jurisdiction, if higher). Unless otherwise required by our obligations to our clients or ethical obligations under the Rules, we will remove any information about a child under the age of 18 (or other legal age of maturity in the applicable jurisdiction, if higher) if we become aware of it.  

Our legal services are generally not intended for children under 18 years of age (or, if higher, the age of legal maturity in the applicable jurisdiction) (i.e. the “Age of Maturity”). Although we may collect information about a Related Entity who is under the Age of Maturity from Clients or Related Entities, no one under the Age of Maturity may directly engage us for legal services or directly provide any information to us as part of our representation of a Client without consent of his or her legal guardian, at the direction of a court, or on special circumstances where the Firm agrees to represent a child under the Age of Maturity. If we learn we have directly collected or received Personal Data from a child under the Age of Maturity without such consent or under such circumstances, we will consult with our Client and delete that information.

3.  Information We Collect About Clients and Related Entities and How We Collect It

We collect different types of information about individuals, including information that may directly identify an individual, information that is about an individual but individually does not personally identify such individual. This includes information that we collect directly from our Client or Related Entities or otherwise collected in relation to a Matter. 

Generally

We collect several types of information from and about individuals (“Personal Data”):

• by which individuals at Client and Related Entities may be personally identified, such as name, postal address, e-mail address, telephone number, federal tax ID, and other similar information;
  
• by which any individual can be personally identified from any communications received, discovered, or otherwise created in relation to any Matter, including, for example, during an investigation or legal discovery.

We collect this information:

• directly from our Client’s and Related Entities when they provide it to us in any form;
  
• from experts, witnesses, and other third parties when they provide it to us in any form;
  
• during investigations, research, and other similar activities conducted by us as part of our representation of a client for a Matter. 

We use the Personal Data we collect from Clients to bill and collect our fees and to provide legal services in our Client’s Matters. Some of the Personal Data we collect is required to enter into a contract with Foley for legal services, for Foley to perform under the contract, and to provide our Clients with our legal services. If you, as a Client, refuse to provide such Personal Data or withdraw your consent to our processing of Personal Data (when appropriate), then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it. 

4. How We Use Our Clients’ and Related Entities’ Information

We use Personal Data for various purposes described below, including to:

• provide our Clients with the legal services related to the Matter;
• communicate with tribunals, governmental agencies, arbitrators, mediators, insurers, accountants, auditors, opposing counsel, and similar entities in connection with our legal services; 
• communicate with Related Entities as required by legal process;
• communicate with, retain, or otherwise obtain information from experts and other witnesses;
• enforce our rights arising from contracts and other legal processes;
• comply with the Rules of Professional Conduct;
• notify our Clients about changes; and
• provide our Clients with notices about their account

We use information that we collect about Clients or Related Entities or that they provide to us, including any Personal Data:

• to provide our Client with our legal services related to a Matter;
  
• to communicate with Related Entities as applicable during our representation of our Client; 
  
• to communicate with tribunals, governmental agencies, arbitrators, mediators, insurers, accountants, auditors, opposing counsel, and similar entities; 
  
• to comply with the Rules of Professional Conduct; 
  
• to provide our Client with notices about their account or status of a Matter, including for billing and collections;
  
• to carry out our obligations and enforce our rights arising from any engagement letters or other contracts entered into between our Client and us, or that we enter into on behalf of our Clients, including for billing and collection;
  
• in any other way we may describe when we are provided with the Personal Data; 
  
• to fulfill any other purpose for which we are provided with the Personal Data; and
  
• for any other purpose with our Client’s or the Related Entity’s consent.

With our Client’s consent, we may use our Client’s Personal Data to contact them about current legal news and other thought leadership. Client’s may consent to this use by registering for one of our blogs or other client mailing lists. If Client wishes to change their choice, a Client may do so at any time by clicking the “unsubscribe” link on the bottom of any applicable email we have sent them, contact their relationship partner, or contact Foley at the contact information below.

5.  Disclosure of Our Clients’ and Related Entities’ Information

We do not share, sell, or otherwise disclose Clients’ or Related Entities’ Personal Data for purposes other than those outlined in this Client Privacy Notice. We disclose their Personal Data to a few third parties, including:

• our subsidiaries and our affiliates;
• our third-party service providers that we use to support our business;
• courts, tribunals, and opposing counsel, when necessary;
• with our Client’s or a Related Entity’s consent.

We may also disclose your Personal Data when required or permitted by our ethical duties under the Rules or applicable law.

We do not share, sell, or otherwise disclose any Clients’ or Related Entities’ Personal Data for purposes other than those outlined in this Client Privacy Notice. As lawyers, our disclosure of a Client’s or a Related Entity’s Personal Data may be restricted by our obligations under applicable professional responsibility rules or other similar laws applicable to lawyers or the particular Personal Data. However, we may disclose aggregated information about our Clients without restriction. 

We may disclose Personal Data that we collect or that is provided by a Client or a Related Entity as described in this Client Privacy Notice:

• to our subsidiaries and affiliates;
  
• to contractors, service providers, and other third parties we use to support our business. These entities provide IT and infrastructure support services, discovery (including electronic discovery), experts and other similar consultants, billing and collections, litigation support, and other similar services provided by third-parties used during our representation of our Clients;
  
• to a court, tribunal, or to opposing counsel, if any, when necessary to do so during the course of representing our Client in a matter;
  
• to regulators and other government agencies, such as the USPTO, when appropriate during our representation of a Client in a Matter;
  
• to other counsel if our Client requests that we transfer information related to our Client’s Matters to another law firm; 
  
• to fulfill the purpose for which our Client or a Related Entity provides it; for example, if a Client or a Related Entity gives us contact information for a witness, we may disclose some of the Personal Data provided to prepare and depose the witness;
  
• for any other purpose disclosed by us when our Client or a Related Entity provides the information; and
  
• with our Client’s or the Related Entity’s express written consent.

We may also disclose our Clients’ and Related Entities’ Personal Data when permitted or required pursuant to our ethical obligations under the Rules. This includes when an exception to our duty of confidentiality exists in the applicable jurisdiction, generally including if we reasonably believe disclosure is necessary:

• to prevent reasonably certain death or substantial bodily harm;
  
• to prevent our Client from committing a crime or fraud that is reasonably certain to result in substantial injury to the financial interests or property of another and in the furtherance of which the Client has used or is using Foley’s legal services;
  
• to prevent mitigate, or rectify substantial injury to the financial interests or property of another that is reasonably certain or has resulting from our Client’s commission of a crime or fraud in furtherance of which the Client has used Foley’s services;
  
• for Foley to secure legal advice with our compliance with applicable professional responsibility rules;
  
• to establish a claim or defense on behalf of Foley or our lawyers in a controversy between Foley or our lawyers and the Client, to establish a defense to a criminal charge or civil claim against Foley or our lawyers based on conduct in which the Client was involved, or to respond to allegations in any proceeding concerning Foley or our lawyers representation of the Client;
  
• to comply with any court order, law, or legal process, including to respond to any government or regulatory request; or
  
• to detect and resolve conflicts of interest arising from our lawyers’ change of employment or from changes in the composition or ownership of Foley, but only if the revealed Personal Data would not compromise attorney-client privilege or otherwise prejudice our Client.

We may also disclose the Personal Information of a Related Entity to the extent not related to our representation of a Client in a Matter if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Foley, our clients, or others. 

6.  Accessing, Changing, and Deleting Clients’ and Related Entities’ Information

Clients and Related Entities may access, update, or delete their Personal Data by contacting us through the contact information below or by contacting the Client’s relationship partner. 

Access and Update. Clients and Related Entities may review and change their respective Personal Data by contacting us at the Contact Information below or by contacting the Client’s relationship partner of any changes or errors in any Personal Data we have about the Client or a Related Entity to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate a Client’s or a Related Entities’ request if we believe it would violate any law or legal requirement or cause the information to be incorrect. 

Deletion. Clients may request that we delete all of the Client’s and applicable Related Entities’ Personal Data. We cannot delete the Client’s and Related Entities’ Personal Data except by also terminating our representation of our Client in the Matter, and we will only terminate such representation when we are permitted to do so under applicable law. We may not accommodate a request to erase information if we believe the deletion would cause the information to be incorrect, would violate our document retention and information governance policies (subject to applicable law), or would violate any law or legal requirement, including any obligations for law firms to retain Client and Related Entity Information, which may include such retention for conflicts of interests purposes and financial records requirements. We may also retain your Personal Data when necessary for the Firm’s establishment, exercise, or defense of legal claims. In addition, we may not accommodate a request to erase information if we believe the deletion would conflict with our rights to retain copies of our representation files. In all other cases, we will retain our Client’s and the appliable Related Entities’ Personal Data as set forth in this policy. In addition, we cannot completely delete our Client’s and the applicable Related Entities’ Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our document retention and information governance policies. 

7. Jurisdiction-Specific Privacy Rights

The law in certain jurisdictions may provide their residents or individuals located in that jurisdiction with additional rights regarding our use of our Clients’ or Related Entities’ Personal Information.

The law in some jurisdictions may provide our Clients and Related Entities with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to our Clients or Related Entities as a resident of or an individual otherwise located in one of these jurisdictions, please see the privacy addendum for the applicable jurisdiction that is linked below.

For Individuals Located Within the European Economic Area

If you are located in the European Economic Area, you have the additional rights described in the GDPR Client Privacy Addendum. 

Your California Privacy Rights

Clients and Related Entities that are residents of California have the additional rights described in the California Client Privacy Addendum. 

8.  Data Security

Information transmitted over the Internet is not completely secure, but we take reasonable steps to protect our Clients’ and Related Entities’ Personal Data. 

We have implemented measures designed to secure our Clients’ and Related Entities’ Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we take reasonable steps to protect our Clients’ and Related Entities Personal Data, we cannot guarantee the security of their Personal Data transmitted over the Internet, including through email and through teleconferencing services. Any transmission of Personal Data is at our Client’s and the Related Entities’ own risk. 

9.  Consent to Processing Personal Data in the United States

We may process the Personal Data of our Clients and Related Entities outside of their home country, including in the United States. 

In order to provide our Clients with our legal services, we may need to send and store their Personal Data outside of their home country where Clients or Related Entities reside or are located, including in countries that may not or do not provide an equivalent level of protection for their Personal Data. Clients’ and Related Entities’ Personal Data may be processed and stored in the United States and, as part of the Matter or as otherwise required by law, federal, state, and local governments, courts, or law enforcement or other regulatory agencies in the United States may receive Clients’ and Related Entities’ Personal Data. By using our legal services, Clients represent and warrant that they have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where the Client or the Related Entities reside or located, including in the United States. Clients further represent and warrant that they have obtained all required consents from Related Entities to the foregoing.

10.  Changes to Our Client Privacy Notice

We will post any changes to our Client Privacy Notice on our client-facing websites. If we make material changes to our Client Privacy Notice, we may notify our Clients of such changes through their contact information we have on file and invite them to review (and accept, if necessary) the changes and notify any Related Entities, if necessary. 

We may change this Client Privacy Notice at any time. It is our policy to post any changes we make to our Client Privacy Notice on this page. If we make material changes to how we treat our Clients’ and Related Entities’ Personal Data, we may also notify our Clients by email or through other communications channels via the contact information we have on file for our Clients. The date this Client Privacy Notice was last revised is identified at the top of the page. Clients are responsible for ensuring we have an up-to-date active and deliverable contact information for them.

11.  Contact Information

Clients and Related Entities may contact our Data Protection Officer through the contact information below. If a Client or Related Entity wishes to contact us, they must contact both us and our representative through the contact information below. 

If Clients or Related Entities have any questions about our processing of their Personal Data, or have any requests related to their Personal Data pursuant to applicable laws, please contact or Data Protection Officer at the contact information below. If Clients or Related Entities have any questions, concerns, complaints or suggestions regarding our Client Privacy Notice or otherwise need to contact us, please contact both us (or our Data Protection Office) and our representative in the European Union at the contact information below. 

To Contact Foley
Foley & Lardner LLP
Attn: Office of the General Counsel/Privacy Officer
321 N. Clark Street, Suite 2800
Chicago, IL 60654
United States
+1 (833) 701-1071
[email protected]