This Notice to California Consumers (“California Privacy Notice”) supplements the provisions of Osborne Clarke’s Privacy Policy, available by clicking here. All capitalized terms in this California Privacy Notice that are not otherwise defined have the meaning set forth in our Privacy Policy. For more information about the member entities that operate as part of Osborne Clarke association under the OC Member Firms umbrella, please click here .

Scope of California Privacy Notice

This California Privacy Notice is provided as required by the California Consumer Privacy Act of 2018 (“CCPA”) and applies solely to all visitors, clients, and others who reside in the State of California (“Consumers”). It applies to the Personal Information that the OC Member Firms collect both online and offline about Consumers, including:

  • Information that we or our vendors collect from visitors to our website;
  • Information from and about individuals who attend events hosted or sponsored by us, or who otherwise communicate with us; and
  • Information from and about our clients, including potential clients and individuals who inquire about our legal services.

This California Privacy Notice does not apply to the following categories of Personal Information or processing activities:

  • Personal Information about individuals who are not Consumers;
  • Personal Information that is specifically exempt from the scope of CCPA (Section 1798.145);
  • Our collection and processing of information from employees, contractors or job applicants, which is governed by a separate notice; and
  • Personal Information that we collect and process about individuals acting in their capacity as business representatives of our clients, prospective clients, vendors and other businesses with whom we conduct business, and which is necessary in the context of said business relationship, and which relates to due diligence or providing or receiving our services.

In the event of a conflict, discrepancy or inconsistency between the Privacy Policy and this California Privacy Notice, the California Privacy Notice will prevail for Consumers.

Categories of Personal Information We Collect

Within the last twelve (12) months, we have collected the following categories of Personal Information (as that term is defined in the CCPA) from Consumers:

Category General Examples
A. Identifiers. A real name, unique personal identifier, online identifier, Internet Protocol address, email address, account name
B. Customer Records Information (Cal. Civ. Code § 1798.80(e)). A name, signature, address, telephone number, employment.
C. Protected classification characteristics under California or federal law. Age, gender.
D. Commercial information. Records of products purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information. Fingerprints, faceprints or voiceprints.
F. Internet or other similar network activity. Browsing history, information on a Consumer’s interaction with a website or application.
G. Geolocation data. Physical location or movements.
H. Sensory data. Audio, visual information.
I. Non-public education information (per the Family Educational Rights and Privacy Act). Education records directly related to a student, such as grades, transcripts, or student disciplinary records.
J. Inferences drawn from other Personal Information Profile information reflecting a person’s preferences, characteristics, behavior, attitudes, or aptitudes.

As explained in more detail in our Privacy Policy, we obtain the categories of Personal Information listed above from the following categories of sources:

  • Directly from you. For example, when you contact us about our legal services, become a client, or sign up for an event. This includes the following categories of Personal Information:
    • Identifiers;
    • Customer Records Information (Cal. Civ. Code § 1798.80(e));
    • Protected classification characteristics under California or federal law;
    • Commercial information;
    • Biometric information;
    • Geolocation data;
    • Sensory data;
    • Non-public education information (per the Family Educational Rights and Privacy Act).

 

  • Indirectly. For example, from observing your actions on our website, including by the use of cookies or from third parties. This includes the following categories of Personal Information:
    • Commercial information;
    • Internet or other similar network activity;
    • Geolocation data;
    • Inferences drawn from other Personal Information.

Purpose of Collection of Personal Information

We use the categories of Personal Information listed above for a number of purposes, which are more specifically explained in our Privacy Policy, including to:

  • Analyze, improve and prevent the misuse of our website;
  • Provide our legal services and other related services;
  • Respond to inquiries and otherwise communicate with clients or individuals inquiring about our legal services or events;
  • Optimize and personalize your experience with our website, such as to identify and/or store your location;
  • Register you for events that we host or sponsor;
  • Send you marketing information such as news, alerts and events that may be of interest to you, if you subscribe to receive our communications;
  • Comply with regulatory requirements, including legal and ethical obligations;
  • Support our recordkeeping, legal services and other business operations;
  • Protect or defend our rights and the rights of others, or as otherwise required by law; and
  • Further any business transfers, such as in the event of a sale, a merger or bankruptcy reorganization (and sale).

Disclosure of Personal Information

We may disclose your Personal Information to a third party (also referred to as a “service provider”) for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the service provider recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail in our Privacy Policy, we share your Personal Information with certain categories of service providers who assist us in providing our legal services and with our business operations.

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, we have disclosed some or all of the categories of Personal Information listed above for a business purpose. Service providers include:

  • Companies that do things to help us provide our website and our services, such as hosting service providers, certain analytics providers, payment service providers, event co-sponsors, and communication tools;
  • Professional service providers, such as auditors, lawyers, consultants, accountants and insurers.

Sales of Personal Information

We do not sell your Personal Information.

Your Rights and Choices Under CCPA

The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive your request and verify your identity (see Exercising Your Rights) and subject to any exceptions, we will disclose to you:

  • The categories of Personal Information we have collected about you;
  • The categories of sources for the Personal Information we have collected about you;
  • Our business or commercial purpose for collecting your Personal Information;
  • The categories of third parties with whom we share your Personal Information; and
  • The specific pieces of Personal Information we have collected about you (also called a data portability request).

Deletion Request Rights

You have the right to request that we delete your Personal Information, subject to certain exceptions. Once we receive your request and verify your identity (see Exercising Your Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) for certain reasons as permitted and set forth in the CCPA. These reasons include (just to name a few):

  • Completing the transaction for which the Personal Information was collected;
  • Providing a service requested by you;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities;
  • Complying with a legal obligation.

Exercising Your Rights

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your Personal Information. You may also make a verifiable Consumer request on behalf of your minor child. An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf, as explained in the CCPA. To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to us by emailing us at Risk&Compliance@osborneclarke.com. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. The verifiable Consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Please note that we cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable Consumer request for the limited purpose of verifying the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your verifiable Consumer request. If applicable, our response will also explain the reasons for which we cannot comply with a request. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable Consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note, however, that in order to provide our services or otherwise respond to your requests, we do require the collection of your Personal Information. For example, we require the collection and storage of Personal Information in order to provide our legal services or register you for an event that we are hosting. While you may request to delete your Personal Information under CCPA, such deletions may affect our ability to offer these and other services.

Questions

If you have any questions regarding this CCPA Notice, please contact us at: Risk&Compliance@osborneclarke.com ‪+1 888 987 6314