Main Menu
Print

Privacy

Barack Ferrazzano Kirschbaum & Nagelberg LLP Privacy Policy

Last Updated: June 8, 2020
Effective Date: June 8, 2020

Barack Ferrazzano is committed to protecting the privacy of our clients and other individuals whose personal data we receive, consistent with applicable laws and regulations, including:

If we receive personal data about an individual, we will only use that information in accordance with this privacy policy.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are aware of changes to the policy, noting the “Last Updated” date provided at the top.

This policy applies to information collected and used by Barack Ferrazzano Kirschbaum & Nagelberg LLP as well as BF Discovery LLC, our affiliated eDiscovery company. We refer to these entities collectively in this policy as “Barack Ferrazzano,” “we,” "us,” and “our,” depending on the context.

What personal data do we collect about individuals?

Personal data refers to any information relating to an identified or identifiable natural person, such as a name, an email or physical address, an identification number, as well as information specific to that natural person, such as genetic, cultural, and physical information. Personal data includes any information defined as “personal data,” “personal information,” “personally identifiable information” under applicable laws.

In the course of conducting the business of our law Firm and eDiscovery business, we may receive personal data about individuals in several ways. Examples of the categories of personal data we collect and how we collect it are:

Why do we collect this personal data, and how do we use it?

We are a law firm in the business of providing legal advice to clients and representing their interests in transactions, litigation, before government agencies, and in other types of legal matters. Our eDiscovery business provides clients with a platform to provide discovery solutions.

For purposes of the GDPR, we only collect and process data if we have an appropriate legal basis for doing so, and we describe the applicable legal bases below. These legal bases are also consistent with our business and commercial purposes for collecting and using information.

If you have formally engaged us to provide legal or discovery services to you, our engagement letter forms a contract between you and us, and we will collect and use personal data as necessary to communicate with you about our representation, to perform the work you have hired us to do, and to process any payments made to our Firm.

We may also process personal data as necessary to comply with a legal obligation to which we are subject, such as producing information required by a court order.

In many cases, we will collect and process personal data as necessary to carry out our legitimate business interests, which are:

Where we rely on our legitimate interests to process your personal data, you have the right to object to such processing (meaning that you can ask us to stop).

Who do we share your personal data with?

The personal data that we receive from clients and other persons will be available to various employees at our Firm, including the lawyers and paralegals at our Firm who provide services to our clients, as well as to certain staff members who need access to the information to do their jobs, which may include staff who: (i) process invoices to clients; (ii) manage client trust accounts; (iii) draft correspondence or other documents; (iv) process data used in litigation; (v) evaluate potential conflicts of interest; or (vi) prepare and distribute marketing materials. Our personnel are subject to confidentiality obligations with respect to the information they receive.

In addition to the employees at our Firm, we may provide your personal data to vendors who we engage to hold our data in the cloud, manage our email security, or who process our data for shipping, e-billing, marketing or litigation purposes. These parties are under contractual obligations limiting their use and sharing of your information.

We may also provide your personal data to counsel for parties who are engaged in transactions or litigation in which we are representing clients, as required for the purpose of that representation, such as providing due diligence in a transaction or discovery in litigation.

We will not sell or lease your personal data to third parties unless we have your permission or are required by law to do so.

How long will we keep your personal data?

We typically retain the information we receive in the course of matters in which we represent clients for 7 years after the matter is over. We sometimes retain data for longer if the attorney responsible for the matter determines that it is appropriate to do so.

We retain contact information until we determine that it is no longer valid or we no longer have need to use that information.

What do we do to secure your personal data?

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How do we use cookies and other tracking technology?

Cookies. A cookie is a small file that asks permission to be placed on your computer's hard drive, if allowed by your browser’s cookie setting. If allowed, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website.

Do Not Track. Currently, certain browsers, including Firefox, Google Chrome, Safari, and Internet Explorer, offer a “do not track” (or, “DNT”) option. This option, using a technology known as a DNT header, sends a signal to websites visited by the user about the user’s DNT preference, if any, set on the browser. We do not currently commit to responding to browsers’ DNT signals. We cannot make this commitment because no common industry standard for DNT has been adopted by industry groups, technology companies, or regulators.

Third Party Services. Some features on our site may be served by third parties, including advertisers, ad networks and servers, content providers and application providers. These third parties may use cookies, alone or with web beacons or other tracking technology, to collect information about you when you use the site. They may be able to associate the information they collect with your personally identifiable information, or they may collect information, including personally identifiable information, about your online activities over time and across other website and online services. They may use this information to provide you with behavioral advertising or other targeted content. That content may appear either on our site, or on other websites. We cannot control any third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

How can you control the use of your personal data?

If you are a California resident, please also see the section below entitled “Additional Information for California Residents.”

You may choose to restrict the collection or use of your personal data in the following ways:

You have the right to ask us for a copy of the personal data we have about you, along with related information about our purposes for processing that data.

If you believe that any information we are holding about you is incorrect or incomplete, you have the right to ask us to correct that information. We will promptly correct any information found to be incorrect.

In addition, you have the right to ask us to erase your personal data. If you do so, we will delete your information, unless we continue to have an overriding legitimate interest in retaining the information. We will always honor a request to delete information that we use solely for direct marketing purposes.

If you would like to make any request to us about your personal data, please contact us at bfekina@bfkn.com.

Who can you contact with complaints?

If you have a complaint about how we are using your personal data, you can contact us and we will promptly address your complaint.

If you are a California resident, please also see the section below entitled “Additional Information for California Residents.”

If you are in the EU, the GDPR also gives you the right to lodge a complaint with the governing Data Protection Authority within your jurisdiction. You can find your national Data Protection Authority here.

Who is your “Data Controller”?

Under the GDPR, our Firm – Barack Ferrazzano Kirschbaum & Nagelberg LLP – is considered the “Data Controller” with respect to the personal data we collect directly, because we are responsible for deciding how to use that data.

You may communicate with us by writing to us at:

Barack Ferrazzano Kirschbaum & Nagelberg LLP
200 W. Madison Street
Chicago, IL 60606
bfekina@bfkn.com
Attention: Edward F. Malone

A note to visitors from outside the United States

If you reside outside the United States ("U.S."), any information you provide to our website will be transferred out of your country and into the U.S. If you do not want any personal information to be transferred to the U.S., please do not provide that information to us or our website. By providing personal information to us or our website, you expressly consent to the transfer of that information to the U.S.

Additional information for California residents

This section of our privacy notice provides information required by the CCPA and is for residents of California. It describes our collection and use practices over the past 12 months (as of the date you may be viewing this policy), and also provides information about your rights as a California consumer. Terms used in this section, such as “personal information,” “consumer,” “service provider,” “third party,” and “sale” have the meanings given to them in the CCPA.

The categories of personal information we collect.

The section above entitled “What personal data do we collect about individuals?” describes the types of personal information we collect, and the section above entitled “Why do we collect this personal data, and how do we use it?” provides information about our business and commercial purposes for collecting that personal information.

For purposes of the CCPA, the personal information we collect falls into the categories listed below. For each category listed below, we also provide more information about the sources of that personal information, and our business and/or commercial purpose for collecting this information.

Category of Personal Information We Collect

Examples

Where Obtained (i.e., the Categories of Sources of the Information)

Business or Commercial Purpose of Collection

Identifiers

Real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other, similar, identifiers.

Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us).


Indirectly through online platforms such as LinkedIn, Twitter, Facebook and Google.

Communication with consumers; providing services as counsel to the consumer or another party; communicating with consultants and vendors for purposes relating to our business.

Personal information categories listed in the California Consumer Records statute (Cal. Civ. Code §1798.80(e))

Name, signature, Social Security number, physical characteristics or descriptions, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.


Some personal information included in this category may overlap with other categories.

Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us).

Communication with consumers; providing services as counsel to the consumer or another party; communicating with consultants and vendors for purposes relating to our business; engaging in health screening of visitors when required to address health conditions.

Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us).

Providing services as counsel to the consumer or another party.

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us).

Providing services as counsel to the consumer or another party.

Internet or other similar network activity

Browsing history, search history, information on interaction with a website, application, or advertisement.

Indirectly through website activity, such as a consumer’s employer’s IP address.

Assessing our marketing and Firm outreach efforts and evaluating the relevance of, interest in, and engagement with content we publicize.

Sensory data

Audio and visual information; temperature and other physical health symptoms.

We collect audio information directly from the consumers via voicemail, and visual information through the use of security cameras that are used in connection with building security; We collect audio information directly from the consumers via voicemail, and visual information through the use of security cameras that are used in connection with building security; we may collect temperature and other health symptom information directly from consumers visiting our offices.

Audio information is used solely to review and respond to messages. Video information is used solely to investigate a physical security breach. Temperature and other physical health symptom information is used solely to screen visitors to our offices when necessary to address health conditions.

Professional or employment-related information

Current or past job history or performance evaluations.

Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us).

Providing services as counsel to the consumer or another party; evaluating and responding to applications for employment; tracking relationships and evaluating networking opportunities.

Inferences drawn from other personal information

Profile reflecting a consumer’s personal preferences.

Directly from the consumer, including through attendance by the consumer at events we may attend or host.

To accommodate the consumer’s preferences (such as dietary requests).

The parties to whom we disclose information.

The section above entitled “Who do we share your personal data with?” describes how we share personal information. Some of our sharing of information is with service providers (as defined in the CCPA), and other businesses with whom we have contractual relationships, and we share the personal information in the course of our business relationship with those service providers and businesses.

We also share information with the following categories of third parties:

We do not sell personal information to third parties.

Rights of California consumers.

The CCPA provides California residents with specific rights regarding their personal information. If you are a California resident, you have the rights described below. Please note that your rights are subject to limitations and exceptions described in the CCPA, which we will provide more detail about if and when you make a CCPA-related request.

How to submit a verifiable consumer request and exercise your rights

To exercise your rights described above, you must submit a verifiable consumer request to us by either:

Only you, or a person registered with the California Secretary of State that you expressly authorize to act on your behalf, can make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within any 12-month period.

We cannot respond to your request or provide you with information if we cannot identify you or confirm your authority to make the request, so any request will require you to provide sufficient information to allow us to reasonably verify your identity. We will only use any personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We will respond to any verifiable consumer requests in the manner and within the timeframes required by the CCPA.

Back to Page