Privacy
Barack Ferrazzano Kirschbaum & Nagelberg LLP Privacy Policy
Last Updated: June 8, 2020
Effective Date: June 8, 2020
Barack Ferrazzano is committed to protecting the privacy of our clients and other individuals whose personal data we receive, consistent with applicable laws and regulations, including:
- the General Data Protection Regulation (GDPR), to the extent that the personal data we use relates to individuals within the European Union (EU); and
- the California Consumer Privacy Act (CCPA), to the extent that the personal data we use relates to residents of California. If you are a California resident, please see the section below titled “Additional Information for California Residents.”
If we receive personal data about an individual, we will only use that information in accordance with this privacy policy.
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are aware of changes to the policy, noting the “Last Updated” date provided at the top.
This policy applies to information collected and used by Barack Ferrazzano Kirschbaum & Nagelberg LLP as well as BF Discovery LLC, our affiliated eDiscovery company. We refer to these entities collectively in this policy as “Barack Ferrazzano,” “we,” "us,” and “our,” depending on the context.
What personal data do we collect about individuals?
Personal data refers to any information relating to an identified or identifiable natural person, such as a name, an email or physical address, an identification number, as well as information specific to that natural person, such as genetic, cultural, and physical information. Personal data includes any information defined as “personal data,” “personal information,” “personally identifiable information” under applicable laws.
In the course of conducting the business of our law Firm and eDiscovery business, we may receive personal data about individuals in several ways. Examples of the categories of personal data we collect and how we collect it are:
- Contact Information: This information, which includes names, job titles, addresses, and email addresses, is generally provided to us by clients in connection with their engagement, and by parties contacting us through our website or through personal interactions at meetings and events. We use contact information to communicate with clients and others about Firm business, as well as about developments in the law, news about the Firm, or events in which the Firm is involved.
- Financial Information: This information, which includes credit card information, bank information, and general financial data, may be provided by our clients in connection with payment for legal services, or may be provided by our clients or third parties in connection with a transaction litigation or other matter with which we are involved.
- Health Information: We may receive health information of our clients and others to the extent relevant or required in connection with a legal matter for which we have been engaged. In addition, we may collect medical and health information from visitors to our offices – specifically your body temperature and whether you have or display certain symptoms such as fatigue, cough, sneezing, runny or stuffy nose, sore throat, headaches, shortness of breath, or other symptoms of respiratory illness – when necessary for us to engage in screening to address viruses and other health conditions.
- Other Information: In connection with our representation of our clients, our clients may provide us with other information that is considered “personal data” under applicable laws, if that personal data is necessary for or otherwise applicable to our work.
Why do we collect this personal data, and how do we use it?
We are a law firm in the business of providing legal advice to clients and representing their interests in transactions, litigation, before government agencies, and in other types of legal matters. Our eDiscovery business provides clients with a platform to provide discovery solutions.
For purposes of the GDPR, we only collect and process data if we have an appropriate legal basis for doing so, and we describe the applicable legal bases below. These legal bases are also consistent with our business and commercial purposes for collecting and using information.
If you have formally engaged us to provide legal or discovery services to you, our engagement letter forms a contract between you and us, and we will collect and use personal data as necessary to communicate with you about our representation, to perform the work you have hired us to do, and to process any payments made to our Firm.
We may also process personal data as necessary to comply with a legal obligation to which we are subject, such as producing information required by a court order.
In many cases, we will collect and process personal data as necessary to carry out our legitimate business interests, which are:
- to conduct our business as a law firm and represent our clients in transactional and litigation matters;
- to carry out our clients’ instructions;
- to communicate with our clients and third parties regarding ongoing matters;
- to produce certain information to opposing parties in litigation (subject to court orders governing the confidentiality of the information); and
- to keep our current and former clients and others informed about developments in the law, news about the Firm, and events in which the Firm is involved.
Where we rely on our legitimate interests to process your personal data, you have the right to object to such processing (meaning that you can ask us to stop).
Who do we share your personal data with?
The personal data that we receive from clients and other persons will be available to various employees at our Firm, including the lawyers and paralegals at our Firm who provide services to our clients, as well as to certain staff members who need access to the information to do their jobs, which may include staff who: (i) process invoices to clients; (ii) manage client trust accounts; (iii) draft correspondence or other documents; (iv) process data used in litigation; (v) evaluate potential conflicts of interest; or (vi) prepare and distribute marketing materials. Our personnel are subject to confidentiality obligations with respect to the information they receive.
In addition to the employees at our Firm, we may provide your personal data to vendors who we engage to hold our data in the cloud, manage our email security, or who process our data for shipping, e-billing, marketing or litigation purposes. These parties are under contractual obligations limiting their use and sharing of your information.
We may also provide your personal data to counsel for parties who are engaged in transactions or litigation in which we are representing clients, as required for the purpose of that representation, such as providing due diligence in a transaction or discovery in litigation.
We will not sell or lease your personal data to third parties unless we have your permission or are required by law to do so.
How long will we keep your personal data?
We typically retain the information we receive in the course of matters in which we represent clients for 7 years after the matter is over. We sometimes retain data for longer if the attorney responsible for the matter determines that it is appropriate to do so.
We retain contact information until we determine that it is no longer valid or we no longer have need to use that information.
What do we do to secure your personal data?
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How do we use cookies and other tracking technology?
Cookies. A cookie is a small file that asks permission to be placed on your computer's hard drive, if allowed by your browser’s cookie setting. If allowed, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website.
Do Not Track. Currently, certain browsers, including Firefox, Google Chrome, Safari, and Internet Explorer, offer a “do not track” (or, “DNT”) option. This option, using a technology known as a DNT header, sends a signal to websites visited by the user about the user’s DNT preference, if any, set on the browser. We do not currently commit to responding to browsers’ DNT signals. We cannot make this commitment because no common industry standard for DNT has been adopted by industry groups, technology companies, or regulators.
Third Party Services. Some features on our site may be served by third parties, including advertisers, ad networks and servers, content providers and application providers. These third parties may use cookies, alone or with web beacons or other tracking technology, to collect information about you when you use the site. They may be able to associate the information they collect with your personally identifiable information, or they may collect information, including personally identifiable information, about your online activities over time and across other website and online services. They may use this information to provide you with behavioral advertising or other targeted content. That content may appear either on our site, or on other websites. We cannot control any third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
How can you control the use of your personal data?
If you are a California resident, please also see the section below entitled “Additional Information for California Residents.”
You may choose to restrict the collection or use of your personal data in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes;
- if you have previously agreed to let us use your personal data for direct marketing purposes, you may change your mind at any time by writing to or emailing us at bfekina@bfkn.com.
You have the right to ask us for a copy of the personal data we have about you, along with related information about our purposes for processing that data.
If you believe that any information we are holding about you is incorrect or incomplete, you have the right to ask us to correct that information. We will promptly correct any information found to be incorrect.
In addition, you have the right to ask us to erase your personal data. If you do so, we will delete your information, unless we continue to have an overriding legitimate interest in retaining the information. We will always honor a request to delete information that we use solely for direct marketing purposes.
If you would like to make any request to us about your personal data, please contact us at bfekina@bfkn.com.
Who can you contact with complaints?
If you have a complaint about how we are using your personal data, you can contact us and we will promptly address your complaint.
If you are a California resident, please also see the section below entitled “Additional Information for California Residents.”
If you are in the EU, the GDPR also gives you the right to lodge a complaint with the governing Data Protection Authority within your jurisdiction. You can find your national Data Protection Authority here.
Who is your “Data Controller”?
Under the GDPR, our Firm – Barack Ferrazzano Kirschbaum & Nagelberg LLP – is considered the “Data Controller” with respect to the personal data we collect directly, because we are responsible for deciding how to use that data.
You may communicate with us by writing to us at:
Barack Ferrazzano Kirschbaum & Nagelberg LLP
200 W. Madison Street
Chicago, IL 60606
bfekina@bfkn.com
Attention: Edward F. Malone
A note to visitors from outside the United States
If you reside outside the United States ("U.S."), any information you provide to our website will be transferred out of your country and into the U.S. If you do not want any personal information to be transferred to the U.S., please do not provide that information to us or our website. By providing personal information to us or our website, you expressly consent to the transfer of that information to the U.S.
Additional information for California residents
This section of our privacy notice provides information required by the CCPA and is for residents of California. It describes our collection and use practices over the past 12 months (as of the date you may be viewing this policy), and also provides information about your rights as a California consumer. Terms used in this section, such as “personal information,” “consumer,” “service provider,” “third party,” and “sale” have the meanings given to them in the CCPA.
The categories of personal information we collect.
The section above entitled “What personal data do we collect about individuals?” describes the types of personal information we collect, and the section above entitled “Why do we collect this personal data, and how do we use it?” provides information about our business and commercial purposes for collecting that personal information.
For purposes of the CCPA, the personal information we collect falls into the categories listed below. For each category listed below, we also provide more information about the sources of that personal information, and our business and/or commercial purpose for collecting this information.
Category of Personal Information We Collect | Examples | Where Obtained (i.e., the Categories of Sources of the Information) | Business or Commercial Purpose of Collection |
---|---|---|---|
Identifiers | Real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other, similar, identifiers. | Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us).
| Communication with consumers; providing services as counsel to the consumer or another party; communicating with consultants and vendors for purposes relating to our business. |
Personal information categories listed in the California Consumer Records statute (Cal. Civ. Code §1798.80(e)) | Name, signature, Social Security number, physical characteristics or descriptions, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
| Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us). | Communication with consumers; providing services as counsel to the consumer or another party; communicating with consultants and vendors for purposes relating to our business; engaging in health screening of visitors when required to address health conditions. |
Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us). | Providing services as counsel to the consumer or another party. |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us). | Providing services as counsel to the consumer or another party. |
Internet or other similar network activity | Browsing history, search history, information on interaction with a website, application, or advertisement. | Indirectly through website activity, such as a consumer’s employer’s IP address. | Assessing our marketing and Firm outreach efforts and evaluating the relevance of, interest in, and engagement with content we publicize. |
Sensory data | Audio and visual information; temperature and other physical health symptoms. | We collect audio information directly from the consumers via voicemail, and visual information through the use of security cameras that are used in connection with building security; We collect audio information directly from the consumers via voicemail, and visual information through the use of security cameras that are used in connection with building security; we may collect temperature and other health symptom information directly from consumers visiting our offices. | Audio information is used solely to review and respond to messages. Video information is used solely to investigate a physical security breach. Temperature and other physical health symptom information is used solely to screen visitors to our offices when necessary to address health conditions. |
Professional or employment-related information | Current or past job history or performance evaluations. | Directly from the consumer and/or from the consumer’s, counsel, employer, family member, or other party who may provide information in connection with our legal and eDiscovery services (including by providing such personal information within documents provided to us). | Providing services as counsel to the consumer or another party; evaluating and responding to applications for employment; tracking relationships and evaluating networking opportunities. |
Inferences drawn from other personal information | Profile reflecting a consumer’s personal preferences. | Directly from the consumer, including through attendance by the consumer at events we may attend or host. | To accommodate the consumer’s preferences (such as dietary requests). |
The parties to whom we disclose information.
The section above entitled “Who do we share your personal data with?” describes how we share personal information. Some of our sharing of information is with service providers (as defined in the CCPA), and other businesses with whom we have contractual relationships, and we share the personal information in the course of our business relationship with those service providers and businesses.
We also share information with the following categories of third parties:
- Co-counsel, opposing counsel, and other representatives, with whom we may share information in the context of our representation of our clients;
- Third parties such as analytics providers, who may use tracking technologies to measure the effectiveness of our website. In connection with their analytics services, they may receive information about your internet or other similar network activity.
We do not sell personal information to third parties.
Rights of California consumers.
The CCPA provides California residents with specific rights regarding their personal information. If you are a California resident, you have the rights described below. Please note that your rights are subject to limitations and exceptions described in the CCPA, which we will provide more detail about if and when you make a CCPA-related request.
- Right to Access Certain Information - You have the right to ask us to provide you with information about our collection and use of your personal information over the past 12 months.
- Right to Data Portability - You have the right to ask us to provide you with copies of the personal information we have collected about you, in a portable and readily-usable format.
- Rights to Request Deletion of Certain Information - You have the right to ask us to delete personal information about you that we collected from you and have retained.
- Right to Non-Discrimination - You have the right not to be discriminated against for exercising any of your CCPA rights.
How to submit a verifiable consumer request and exercise your rights
To exercise your rights described above, you must submit a verifiable consumer request to us by either:
- Calling us (toll-free) at 888-874-1987; or
- Emailing us at DataPrivacy@bfkn.com.
Only you, or a person registered with the California Secretary of State that you expressly authorize to act on your behalf, can make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within any 12-month period.
We cannot respond to your request or provide you with information if we cannot identify you or confirm your authority to make the request, so any request will require you to provide sufficient information to allow us to reasonably verify your identity. We will only use any personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will respond to any verifiable consumer requests in the manner and within the timeframes required by the CCPA.