This Client Privacy Notice describes how Foley & Lardner LLP collects and uses Personal Data about clients and other related entities as a result of our representation of our clients, including through email, text, and other electronic communications between clients and other related entities and Foley.
Foley & Lardner LLP (“Foley” or “we” or “us”) respect our clients and prospective clients (“Clients”) and, to the extent required by law, other related entities (including our clients’ individual employees, officers, owners, directors, medical staff members, contractors, or other personnel, and parties adverse to our clients) (“Related Entities”) privacy and are committed to protecting it through our compliance with this policy. However, as a law firm, the applicable Rules of Professional Conduct (“Rules”) govern over any conflict between this Policy and the Rules and may limit your rights and Foley’s obligations described in this Client Privacy Notice.
This Client Privacy Notice (our “Client Privacy Notice”) describes the types of information we may collect from any Client or Related Entities or that any Client or Related Entities may provide as part of our representation of a Client in a legal matter for which we have been engaged, retained, or proposed to be engaged or retained (each, a “Matter”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect as part of our legal representation of a Client in Matters through any means, including through email, phone, and facsimile, our client portal, our FTP site, and other communications.
It does not apply to information collected by any of our websites, including our websites at www.foley.com or any other information collected for any purpose not related to our representation or proposed representation of a Client in a Matter.
Please read this policy carefully to understand our policies and practices regarding our Client’s and Related Entities information and how we will treat it. This Client Privacy Notice may change from time to time (see Changes to Our Client Privacy Notice). Your continued use of Foley for legal services (whether as a Client or as a Related Entity) after we make changes is deemed to be acceptance of those changes, so please check this Client Privacy Notice periodically for updates.
Although during the course of providing our legal services to our Clients we may receive information about a child under 18, unless specifically agreed by Foley, our legal services are not intended for children under the age of 18 (or other legal age of maturity in the applicable jurisdiction, if higher). Unless otherwise required by our obligations to our clients or ethical obligations under the Rules, we will remove any information about a child under the age of 18 (or other legal age of maturity in the applicable jurisdiction, if higher) if we become aware of it.
Our legal services are generally not intended for children under 18 years of age (or, if higher, the age of legal maturity in the applicable jurisdiction) (i.e. the “Age of Maturity”). Although we may collect information about a Related Entity who is under the Age of Maturity from Clients or Related Entities, no one under the Age of Maturity may directly engage us for legal services or directly provide any information to us as part of our representation of a Client without consent of his or her legal guardian, at the direction of a court, or on special circumstances where the Firm agrees to represent a child under the Age of Maturity. If we learn we have directly collected or received Personal Data from a child under the Age of Maturity without such consent or under such circumstances, we will consult with our Client and delete that information.
We collect different types of information about individuals, including information that may directly identify an individual, information that is about an individual but individually does not personally identify such individual. This includes information that we collect directly from our Client or Related Entities or otherwise collected in relation to a Matter.
We collect several types of information from and about individuals (“Personal Data”):
We collect this information:
We use the Personal Data we collect from Clients to bill and collect our fees and to provide legal services in our Client’s Matters. Some of the Personal Data we collect is required to enter into a contract with Foley for legal services, for Foley to perform under the contract, and to provide our Clients with our legal services. If you, as a Client, refuse to provide such Personal Data or withdraw your consent to our processing of Personal Data (when appropriate), then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it.
We use Personal Data for various purposes described below, including to:
We use information that we collect about Clients or Related Entities or that they provide to us, including any Personal Data:
With our Client’s consent, we may use our Client’s Personal Data to contact them about current legal news and other thought leadership. Client’s may consent to this use by registering for one of our blogs or other client mailing lists. If Client wishes to change their choice, a Client may do so at any time by clicking the “unsubscribe” link on the bottom of any applicable email we have sent them, contact their relationship partner, or contact Foley at the contact information below.
We do not share, sell, or otherwise disclose Clients’ or Related Entities’ Personal Data for purposes other than those outlined in this Client Privacy Notice. We disclose their Personal Data to a few third parties, including:
We may also disclose your Personal Data when required or permitted by our ethical duties under the Rules or applicable law.
We do not share, sell, or otherwise disclose any Clients’ or Related Entities’ Personal Data for purposes other than those outlined in this Client Privacy Notice. As lawyers, our disclosure of a Client’s or a Related Entity’s Personal Data may be restricted by our obligations under applicable professional responsibility rules or other similar laws applicable to lawyers or the particular Personal Data. However, we may disclose aggregated information about our Clients without restriction.
We may disclose Personal Data that we collect or that is provided by a Client or a Related Entity as described in this Client Privacy Notice:
We may also disclose our Clients’ and Related Entities’ Personal Data when permitted or required pursuant to our ethical obligations under the Rules. This includes when an exception to our duty of confidentiality exists in the applicable jurisdiction, generally including if we reasonably believe disclosure is necessary:
We may also disclose the Personal Information of a Related Entity to the extent not related to our representation of a Client in a Matter if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Foley, our clients, or others.
Clients and Related Entities may access, update, or delete their Personal Data by contacting us through the contact information below or by contacting the Client’s relationship partner.
Access and Update. Clients and Related Entities may review and change their respective Personal Data by contacting us at the Contact Information below or by contacting the Client’s relationship partner of any changes or errors in any Personal Data we have about the Client or a Related Entity to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate a Client’s or a Related Entities’ request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
Deletion. Clients may request that we delete all of the Client’s and applicable Related Entities’ Personal Data. We cannot delete the Client’s and Related Entities’ Personal Data except by also terminating our representation of our Client in the Matter, and we will only terminate such representation when we are permitted to do so under applicable law. We may not accommodate a request to erase information if we believe the deletion would cause the information to be incorrect, would violate our document retention and information governance policies (subject to applicable law), or would violate any law or legal requirement, including any obligations for law firms to retain Client and Related Entity Information, which may include such retention for conflicts of interests purposes and financial records requirements. We may also retain your Personal Data when necessary for the Firm’s establishment, exercise, or defense of legal claims. In addition, we may not accommodate a request to erase information if we believe the deletion would conflict with our rights to retain copies of our representation files. In all other cases, we will retain our Client’s and the appliable Related Entities’ Personal Data as set forth in this policy. In addition, we cannot completely delete our Client’s and the applicable Related Entities’ Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our document retention and information governance policies.
The law in certain jurisdictions may provide their residents or individuals located in that jurisdiction with additional rights regarding our use of our Clients’ or Related Entities’ Personal Information.
The law in some jurisdictions may provide our Clients and Related Entities with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to our Clients or Related Entities as a resident of or an individual otherwise located in one of these jurisdictions, please see the privacy addendum for the applicable jurisdiction that is linked below.
If you are located in the European Economic Area, you have the additional rights described in the GDPR Client Privacy Addendum.
Clients and Related Entities that are residents of California have the additional rights described in the California Client Privacy Addendum.
Information transmitted over the Internet is not completely secure, but we take reasonable steps to protect our Clients’ and Related Entities’ Personal Data.
We have implemented measures designed to secure our Clients’ and Related Entities’ Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.
Unfortunately, the transmission of information via the internet is not completely secure. Although we take reasonable steps to protect our Clients’ and Related Entities Personal Data, we cannot guarantee the security of their Personal Data transmitted over the Internet, including through email and through teleconferencing services. Any transmission of Personal Data is at our Client’s and the Related Entities’ own risk.
We may process the Personal Data of our Clients and Related Entities outside of their home country, including in the United States.
In order to provide our Clients with our legal services, we may need to send and store their Personal Data outside of their home country where Clients or Related Entities reside or are located, including in countries that may not or do not provide an equivalent level of protection for their Personal Data. Clients’ and Related Entities’ Personal Data may be processed and stored in the United States and, as part of the Matter or as otherwise required by law, federal, state, and local governments, courts, or law enforcement or other regulatory agencies in the United States may receive Clients’ and Related Entities’ Personal Data. By using our legal services, Clients represent and warrant that they have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where the Client or the Related Entities reside or located, including in the United States. Clients further represent and warrant that they have obtained all required consents from Related Entities to the foregoing.
We will post any changes to our Client Privacy Notice on our client-facing websites. If we make material changes to our Client Privacy Notice, we may notify our Clients of such changes through their contact information we have on file and invite them to review (and accept, if necessary) the changes and notify any Related Entities, if necessary.
We may change this Client Privacy Notice at any time. It is our policy to post any changes we make to our Client Privacy Notice on this page. If we make material changes to how we treat our Clients’ and Related Entities’ Personal Data, we may also notify our Clients by email or through other communications channels via the contact information we have on file for our Clients. The date this Client Privacy Notice was last revised is identified at the top of the page. Clients are responsible for ensuring we have an up-to-date active and deliverable contact information for them.
Clients and Related Entities may contact our Data Protection Officer through the contact information below. If a Client or Related Entity wishes to contact us, they must contact both us and our representative through the contact information below.
If Clients or Related Entities have any questions about our processing of their Personal Data, or have any requests related to their Personal Data pursuant to applicable laws, please contact or Data Protection Officer at the contact information below. If Clients or Related Entities have any questions, concerns, complaints or suggestions regarding our Client Privacy Notice or otherwise need to contact us, please contact both us (or our Data Protection Office) and our representative in the European Union at the contact information below.
To Contact Foley
Foley & Lardner LLP
Attn: Office of the General Counsel/Privacy Officer
321 N. Clark Street, Suite 2800
Chicago, IL 60654
+1 (833) 701-1071