Susman Godfrey L.L.P. (“SG”, “we”, or “us”) has offices in California, New York, Seattle, and Texas. We are committed to safeguarding the personal data that you provide us, that we collect in the course of our business, or that we receive from you after you have visited the SG Website.
This privacy policy (“SG Privacy Policy”) explains to you how we collect and process your personal data and your rights in relation to your personal data that we process. It is a global policy that applies to all SG offices.
Please note, if you reply to one of our marketing emails or otherwise send a communication to us, that communication does not create an attorney-client relationship with us. Please do not send any information that you consider confidential unless and until we have agreed in writing to represent you with respect to a matter. Any information provided to us prior to an agreement may not be protected from disclosure and may not be subject to applicable privileges.
Personal Data
Personal data is any information that enables us to identify you and that is related to an identified or identifiable natural person, such as your name, identification number(s), business or residential address, certain commercial information, online identifiers, and educational and employment history. It does not include data that is anonymized or de-identified.
Personal Data We Collect From or About You
From time to time, we collect and process the following types of personal data from you:
- Contact Data: this includes, for example, your name, your home or business address, your email address, your phone number, and your social media handles.
- Client Data: this includes, for example, personal data provided to us by or on behalf of our clients and personal data that we collect in the course of providing our services to our clients, such as personal data provided by third parties.
- Technical Data: this includes, for example, personal data that we collect from you when you interact with our website, applications, and email communications, such as your IP address and device ID.
- Financial Data: this includes, for example, your bank account, payment card, and other related financial data.
- Recruitment Data: this includes, for example, your CV, professional history, educational background, and related qualifications.
- Other Data: any other personal data that you provide to us and which can be reasonably used to identify you.
How We Collect Your Personal Data
We collect personal data from you through a variety of sources. We strive to collect only personal data that is adequate, relevant, and limited to achieve the purpose(s) for which it was collected. We may from time-to-time provide you with supplemental information at the time we collect your personal data to address unique or situational collection needs.
Examples of ways in which we collect your personal data include:
- Direct Interaction: you may provide us with your personal data when you interact with us, for example, by enquiring about our services, giving us your contact details, registering for one of our events, subscribing to our updates or promotional material, or engaging in any way with our partners, lawyers, and staff.
- Automated Technologies: we may collect personal data automatically when you visit our website through logging and analytics tools, cookies, or click on links in our emails.
- Private Third Party Sources: we may collect personal data from private third party sources, such as, for example, other law firms, banks, clients, recruitment agencies, regulators, certain governmental agencies, on or from social media platforms, other organizations that you may have dealings with, and electronic data sources.
- Publicly Available Sources: we may collect personal data from publicly available sources, including, for example, personal data available on the internet, from governmental agencies, or company registries.
How We Use Your Personal Data
We process and use your personal data to the extent permitted by applicable law. This means:
- We process your personal data if you have given us consent to process for one or more specific purposes;
- We process your personal data if it is necessary for compliance with a legal obligation to which we are subject; and/or
- We process your personal data if it is necessary for the purposes of our or a third-party’s legitimate interests where those interests are not overridden by your interests or fundamental rights and freedoms that require protection of your personal data.
How and to Whom We Share Your Personal Data
We share your personal data within SG and with our contracted third-party processors and/or service providers who assist us in the administration and operation of SG, and in providing our legal services to our clients. In addition, we share your personal data when required by law.
Third-party processors and service providers with whom we may share your personal data include:
- Our information technology and telecommunications service providers, including data centers and cloud storage providers.
- Our marketing service providers.
- Our litigation support service providers.
- Professional services organizations (for example, law, accountancy, auditing, insurance, forensic, and company formation service providers).
- Expert witnesses and jury consultants.
- Cybersecurity service providers.
- Other service providers to whom we outsource aspects of the provision of our legal services and the administration and operation of SG.
- Third parties when we believe it is required by, or necessary to comply with, applicable law, such as opposing parties in litigation.
We do not sell or rent your personal data to third parties for monetary or other valuable consideration and have not done so in the prior 12 months since the effective date of this privacy policy.
Your California Legal Rights
If you are a resident of California, you may have certain rights under applicable data protection laws in relation to your personal data, including the California Consumer Privacy Act of 2018 (CCPA), as amended by Proposition 24 (approved by California voters in November 2020, and effective January 1, 2023). Subject to certain exceptions and limitations, these rights include:
- The Right to Know. You have the right to request certain information about parties to whom we have disclosed or sold your personal data in the prior calendar year and a description of the categories of personal data shared.
- The Right to Data Portability. A subset of the Right to Know, this requires us to provide you the specific personal data about you that we collect and process in a portable and, to the extent technically feasible, readily useable format that allows you to transmit the information to another entity without hindrance.
- The Right to Delete. Subject to exceptions, the right to delete requires us to delete or de-identify your personal data.
- The Right to Opt-Out. This right allows you to opt-out of the disclosure of your personal data when that disclosure (also known as a “sale” as defined in the CCPA) is made by us in exchange for valuable consideration (whether for money or otherwise). Though you may submit such a request, we do not sell or rent your personal data to third parties for monetary or other valuable consideration and have not done so in the prior 12 months since the effective date of this privacy policy.
- The Right to Request a Record of Third-Party Direct Marketing Disclosures: Also known as the “Shine the Light” law, this permits California residents to request and obtain from us a list of what personal data we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties.
- The Right to Correct. This right allows you to correct any inaccurate personal information that we may have about you.
- The Right to Limit. This right allows you to limit the use and disclosure of the personal information that we may have about you, such as limiting its use to providing you with the services you requested.
If you exercise your applicable California rights, SG will not discriminate against you. Requests to know, port, or delete your personal data will be honored within 45 days. Requests to opt-out of the sale of personal data will be honored, to the extent applicable, within 15 calendar days. Requests for a record of direct marketing disclosures will be honored within 30 calendar days. If more time is needed to respond, we will notify you.
Notice to California Residents
Do Not Track Disclosure. We use analytics systems and providers that may collect information about your online activities, and these services may provide some of this information, which may include personal data, to us. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.
How We Protect Your Personal Data
We have put in place physical, administrative, and organizational security measures to protect your personal data from being accidentally lost, used, altered, accessed, or disclosed in an unauthorized manner. We have put in place procedures to address suspected security breaches; however, no method of safeguarding information is completely secure. While we use measures designed to protect your personal data, we, unfortunately, cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit to us is or will be secure.
How Long We Retain Your Personal Data
We retain your personal data for as long as necessary to fulfil the purpose for which we collected it, including any legal, regulatory, tax, accounting, or reporting requirements, and to the extent we reasonably deem necessary to protect our rights, property, or safety, and the rights, property, and safety of our users and other third parties. For details on the retention periods applicable to specific elements of your personal data, please contact us.
Third-Party Websites and Links
Our website and other services may contain links to other websites or otherwise direct you to a third party over which we have no control and whose privacy policies may differ from ours. You should consult the privacy policies or statements for those third parties and we do not accept any responsibility for their use of your personal data that you may provide.
Revisions to this Privacy Policy
SG reserves the right to revise or modify any part of this SG Privacy Policy from time to time. This SG Privacy Policy is effective as of January 1, 2023. Please review the policy periodically to check for changes. For substantive revisions, we will ensure that the notice of revision, along with a summary of such revisions, is conspicuous and accessible.
How to Submit a Request or Contact Us
Any questions about this policy should be directed to SG’s General Counsel, Jonathan Ross, who can be reached at jross@susmangodfrey.com.