Duane Morris LLP is a limited liability partnership organized under the laws of Delaware. References in this privacy notice to “Duane Morris”, “we” or “us” are references to Duane Morris LLP and our affiliated entities. This privacy notice together with our Website Disclaimer and (if applicable) our relevant terms of business or other contract between us (if applicable) set out the basis on which Duane Morris processes your personal data (and any mandated controller/processor information).
Reference in this privacy notice to “personal data” means any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information. Our “Website” means this website and any other websites of Duane Morris.
Duane Morris is committed to protecting personal data and respecting your privacy.
Please read this notice carefully to understand our practices with respect to personal data and how we treat it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give to you, that might apply to our use of your personal data in specific circumstances from time to time.
If you are an EEA or UK resident, Duane Morris is a “controller” in relation to the use of your personal data. This means that we make decisions about how and why we use your personal data and, because, of this, we are responsible for making sure that it is used in accordance with applicable data protection laws. The controller in respect of your personal data processed in connection with the website www.duanemorris.com is Duane Morris LLP. For the purposes of other processing activities, the controller will be the relevant Duane Morris affiliate with which you are directly interacting.
How We Obtain Your Personal Data
As a law firm, we regularly receive personal data as part of our professional activities.
Your personal data may be collected by us in a number of ways, including:
- when you request a proposal from us in relation to our services;
- as part of our business intake and compliance procedures;
- through our provision of legal services to you or your organization;
- during the course of dealings with you for or on behalf of a client;
- when you apply to us for a position (either directly or, for example, through a recruitment consultant);
- when you or your organization offer or provide services to us;
- when you browse or interact with our Website;
- when you use user IDs and passwords in relation to, or otherwise interact with, our online services;
- when you provide information to us by filling in forms on our Website. For example, this includes information provided at the time of registering for newsletters and updates on our Website, subscribing to our services, participating in webinars or requesting further services;
- when you provide us with information in relation to your attendance at any of our seminars, webinars or other hosted events;
- when you complete surveys that we use for research purposes; and
- when you contact us for the above and any other reason, we may monitor and keep a record of that correspondence (in whatever form).
Ordinarily, we will collect any such personal data directly from you. In some cases, however, we may collect personal data from third parties (for example our clients and other professional advisers on our clients’ matters, those on the other side of a transaction or litigation or third-party services or systems used for compliance or regulatory checks) or we may collect publicly available information about you or your business (including through electronic data sources).
The Type of Personal Data that We Collect and/or Process
We may collect and process a number of different categories of your personal data, including but not limited to the following:
- Personal details (such as name, postal address, email address, telephone number, fax and other contact details);
- Professional information (such as company, title/function, department and website or, previous jobs, professional experience and qualifications);
- Identification and background information provided by you or collected by us as part of our business acceptance processes or otherwise, subject to applicable laws and regulations;
- Financial information, such as billing, payment and bank account details;
- Where you provide it, information about your hobbies and interests;
- Marketing preferences, legal practice areas of interest, business industry sector interests and information from marketing activities to which you may have responded or in which you may have participated;
- Information from research or surveys conducted by us in which you may have participated;
- Details of your visits to our Website (please see the section headed “Cookies” below for further detail);
- Information we receive from other sources, such as publicly available information, and information provided to us by or on behalf of our clients, your employer or other relevant organizations or generated by us in the course of or relating to providing our services;
- Images captured by our offices’ CCTV cameras, if any.
Where necessary and legally permitted or volunteered by you, we may also collect more sensitive data such as diversity and health data, and details of offences and related proceedings. This includes, for example, access and dietary requirements when you attend meeting and events or information relevant to the provision of our services to you.
How We Use the Personal Data We Hold
We may process personal data about you for the following purposes:
- to prepare for entering into a contract with you;
- to provide you or a client with our services, including conducting new business intake and compliance processes;
- to contact you in the course of providing services to our clients;
- to deal with your enquiries and requests;
- to provide you with information that you request from us;
- to consider your application for a position and for other related human resources administration purposes;
- to manage our business relationship with you or your organization in connection with the provision or procurement of goods and services, including processing payments, communications, accounting, auditing, billing and collection and related support services;
- to manage and secure the access to our offices, systems and online platforms;
- to comply with our legal and regulatory obligations and responsibilities, including with respect to anti-money laundering, anti-terrorist financing and sanctions checks, professional responsibility matters, and new business intake compliance processes;
- to provide you with information related to our services, and to advise you of news and legal updates, events, reports and other information;
- to organize and host corporate events and meetings and to provide hospitality services to you;
- to seek your thoughts and opinions on the services we provide; and
- where we have other legitimate reasons for doing so (to the extent permitted by applicable law).
If you are an EEA or UK resident, we must have a lawful basis (i.e. a reason prescribed by law) for processing your personal data. If we process certain special categories of personal data (for example, details relating to your health) this requires a higher standard of protection under applicable laws. We may have more than one lawful basis for any of our relevant processing activities. For details of the purposes for which we process your personal data as well as legal basis on which we do so, please see the Schedule headed “Additional Information for EEA and UK Residents” at the end of this privacy notice, which is quickly accessible at this link.
If you refuse to provide us with certain information when requested, we may not be able to deal with you and/or perform any contract we have entered into with you. Moreover, we may be unable to comply with our legal or regulatory obligations.
When we collect contact information from you (for example, when you provide us with your business card), we may add your details to our contacts database and to our mailing lists. In all other cases, we will usually inform you (before collecting your information) if we intend to use your information for marketing purposes or if we intend to disclose your information to any third party for such purposes.
You can change your preferences for receiving Duane Morris event invitations, legal updates, marketing emails and other information from us by clicking on the link provided to “update my subscriptions” link in any such Duane Morris email you may receive containing such information.
You also have the right to ask us not to process your personal information for marketing purposes. You can exercise the above right at any time by clicking on the “unsubscribe” link in a Duane Morris marketing email, by sending us an email at firstname.lastname@example.org or by writing to us at the following address: Duane Morris LLP, FAO Data Privacy Manager, 30 South 17th Street, Philadelphia, PA 19103-4196, USA.
We will delete your personal data:
- when it is no longer reasonably required to fulfill the purpose for which it was collected;
- in accordance with any data retention policies, practices or requirements; or
- when you withdraw your consent (where applicable), provided that we are not asked by you or a regulatory authority or other professional body to keep your personal data for a valid reason or are legally required or otherwise permitted to continue to hold such data. For the avoidance of doubt, the aforesaid also applies to personal data we are processing from our prospective and/or past employees and/or partners.
We may retain your personal data for an additional period to the extent deletion would require us to overwrite our automated disaster recovery backup systems or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.
How We Share Personal Data
Duane Morris is a global undertaking and a list of our offices, together with relevant contact information, may be found on our Website. Irrespective of how we obtain your personal data, it may be shared among all the offices within Duane Morris. We will put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We may also, as set out below, share your personal data with third parties.
EEA and UK Residents Only
If you are a European Economic Area (EEA) or UK resident please note that when you provide information to us (or a third party on our behalf) it may accordingly be accessed and used in countries outside of the EEA or the UK respectively. In relation to such transfers, you acknowledge that you have been made aware that: (i) some countries outside the EEA and the UK provide levels of protection of personal data which are substantially poorer than those of countries within the EEA and the UK and (ii) in respect of such countries it is possible that this personal data might be intercepted and accessed by governmental and other authorities/agencies in those countries.
By submitting your personal data to us, you consent to this transfer, storing or processing.
Where your personal data is processed outside the EEA and UK without your express consent (for example to provide services to you or where we are mandated to do so at law), we are required to ensure a level of data protection at least as protective as those mandated by the EEA or the UK (as applicable). If you would like to know more about the safeguards used by us to protect the transfer of your personal data, please contact us at email@example.com or write to the UK Appointed Representative of Duane Morris LLP at the following address: Duane Morris, FAO UK Data Privacy Manager, 16th Floor, Citypoint, 1 Ropemaker Street, London EC2Y 9AW, United Kingdom.
Data Sharing with third parties
We may sometimes share your personal data with third parties where we are required to do so by law or any regulatory authority, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
“Third parties” includes our clients (in the course of providing our services) courts or other judicial or official bodies (for example in the context of providing our services or where we are asked to respond to an order or other binding request), regulatory bodies and law enforcement agencies (for example where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations or in connection with criminal investigations) or where otherwise permitted or required by applicable law. "Third parties" also includes third party service providers and external agencies that we engage on our clients’ or your behalf (or that our clients or you engage), including to provide you with information that you have requested (for example IT and data storage services, professional advisory services (such as accounting services, expert consulting services), word-processing, translation, duplication and other administration services, marketing services and banking services). We may also share your personal data with other third parties, for example in the context of the possible sale, merger or other restructuring of any of our businesses.
Some of these third parties (for example, other professional service providers such as accountants that we may engage on our behalf) may use your personal data as a “controller.” Where this is the case, they have their own privacy notices (which you should read) and their own responsibilities to comply with applicable data protection laws.
Where we engage third party service providers to carry out certain business functions for us, we will have in place an agreement with such third party service provider where required, which will restrict how they are able to process your personal information and impose appropriate security standards on them.
We may disclose your personal data in order to protect our rights or property or those of our clients or others; including exchanging information with other companies and organizations for the purposes of fraud prevention, compliance with professional responsibility and other regulatory requirements, compliance with anti-money laundering, anti-terrorist financing and ‘know your client’ requirements, and credit risk reduction.
Where we share or transfer your personal data with third parties, we will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure its integrity and protection.
Keeping Your Personal Data Secure
We seek to put in place and keep in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
Given that the internet is a global environment, using the internet to collect and process personal data necessarily involves the transmission of information on an international basis. By browsing our Website and communicating electronically with us, you therefore acknowledge and agree to our processing of personal data as described herein. The transmission of information via the internet is never completely secure and we accordingly cannot guarantee the security of your information transmitted to our Website; any transmission is at your own risk.
Our Website may, from time to time, contain links to other websites which are outside of our control and are not covered by this privacy notice. We do not accept any responsibility or liability for other sites’ privacy notices or policies. If you access other websites using the links provided, please check their policies before submitting any personal data.
Your Rights in Connection with Your Personal Data
It is important that the personal data we hold about you is accurate and current. Should your personal data change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
As set out above, you can ask us to stop sending you any marketing communications at any time.
California Consumer Privacy Act. The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Upon verification of your identity you may:
- No more than twice in any 12-month period, request disclosure of the following information:
- Categories of Personal Information we collect.
- Categories of sources from which Personal Information is collected.
- Categories of Personal Information sold or disclosed to third parties.
- Categories of third parties with whom such Personal Information is sold or disclosed.
- Business or commercial purpose for collecting or selling Personal Information.
- Specific pieces of Personal Information we collect.
- Request deletion of your Personal Information, subject to the exceptions provided by law.
- Opt-out from having your Personal Information sold to third parties, if applicable.
Requests to correct, know or delete can be submitted by calling our toll-free number at (844) 951-2348, emailing us at firstname.lastname@example.org, or completing a request form. Duane Morris does not sell any of your information. Duane Morris has no actual knowledge of any sales of Personal Information of minors under 16 years of age.
Please note that these rights apply only to select California consumers and certain others. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. Except where you have provided an agent with a Power of Attorney pursuant to Sections 4000-4465 of the California Probate Code, when using an authorized agent you must: (i) provide the agent with signed permission clearly describing their authority to make a request on your behalf; (ii) verify your own identity; and (iii) directly confirm that you have provided the authorized agent permission to submit the request. That agent must also be able to verify their identity with us and provide us with their authority to act on your behalf.
The verifiable consumer request initiated by you or your authorized agent must:
- Include your full legal name, email, and phone number, which we will need to contact you in order to verify that you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. One of our representatives will contact you in order to verify your identity. You may need to provide additional information in order to verify your request. Depending on the nature of the request, we may require additional verification actions be taken, including but not limited to providing a signed declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. We will only use this information to verify the requestor’s identity or authority to make the request.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.
The CCPA provides the right to be free from discrimination if you choose to exercise your rights under the statute, and we will not discriminate by:
- Denying you products or services.
- Charging you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties.
- Providing you a different level or quality of products or services.
- Suggesting that you may receive a different price or rate for products or services or a different level or quality of products or services.
Other California Privacy Rights. California residents have the right to receive information that identifies any third party companies or individuals that Duane Morris has shared your Personal Information with in the previous calendar year, as well as a description of the categories of Personal Information disclosed to that third party. You may obtain this information once a year and free of charge by contacting us at the address below.
Your ‘Do Not Track’ Browser Setting. Some web browsers incorporate a Do Not Track (“DNT”) feature that signals to the websites that you visit that you do not want to have your online activity tracked. At this time, our Website does not respond to DNT signals. Other third party websites may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their websites.
EEA and UK Residents Only
Under certain circumstance, in addition to the rights set out in this privacy notice, you may have the right to:
- access your personal data and to be provided with certain information in relation to it;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data;
- require us to restrict processing of your personal data;
- receive the personal data you may have provided to us, in machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated;
- object to a decision we make which is based on automated processing of your personal data; and
- submit a complaint to the relevant data protection supervisory authority.
Please contact us at email@example.com or write to the UK Appointed Representative of Duane Morris, FAO UK Data Privacy Manager, 16th Floor, Citypoint, 1 Ropemaker Street, London EC2Y 9AW, United Kingdom if you want to know more about or exercise any of these rights. Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Changes to This Privacy Notice
We reserve the right to amend this privacy notice from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on our Website and will be effective upon posting.
If you have any requests or queries concerning your personal data or any queries with regard to our practices, please contact us at firstname.lastname@example.org or write to us at the following address: Duane Morris LLP, FAO Data Privacy Manager, 30 South 17th Street, Philadelphia PA 19103-4196, USA.
This privacy notice was last updated on June 30, 2023.
EEA and UK data privacy laws require us to share with you the purposes for which we process your personal data (the “Permitted Purposes”), together with the corresponding ‘Legal Basis’. We have summarized these in the tables below.
When we refer to the processing of your personal data this may include, for example, obtaining, holding or carrying out any operation or set of operations on the data, such as organizing, copying, analyzing, amending, retrieving, using, disclosing, transferring, retaining, archiving, anonymizing, erasing or destroying it.
General Permitted Purposes
We process your personal data (including the types of data listed below in "Types of Personal Data" sections (A)-(K)) for one or more of the following general Permitted Purposes. Our processing can sometimes involve sensitive information. Please see the second table under the heading ‘Sensitive Information’ below in this regard.
Where it is necessary to perform our contract with you or your organization or to take steps at your request to enter into the contract
(a) to respond to your enquiries;
(b) to deliver our legal or related services to you or our clients;
(c) to manage and administer our relationship with you or our clients (including but not limited to human resources administration, communicating with you, file opening and management, producing reports and narratives to capture how we have spent our time in relation to client matters, billing and billing follow-up);
(d) to facilitate our internal business operations such as record keeping and accounting practices;
(e) to employ/engage you if you are applying for a position and have been successful with such application;
(f) to enter into or perform our agreement with you if you are a supplier or external adviser (including supplier account management, administration and payment of your invoices); or
(g) to enter into or perform any other kind of contract/agreement we may have with you.
Where it is necessary for compliance with a legal, regulatory or professional obligation
(a) to carry out internal new business intake, conflicts and other regulatory checks on new clients, new client matters and ongoing matters and to undertake appropriate client due diligence in accordance with anti-money laundering, anti-terrorist financing, trade regulation and other law;
(b) to perform appropriate pre-hiring checks of employees and partners in accordance with our professional obligations;
(c) to undertake appropriate checks of suppliers and external advisers (for example, to comply with our obligations under applicable privacy, tax payment and tax evasion, modern slavery, anti-bribery and corruption and confidentiality rules);
(d) to keep secure our systems and processes and to identify, record and prevent fraudulent, criminal and/or otherwise illegal activities;
(e) for health and safety and workplace accident prevention compliance;
(f) to comply with instructions, orders and requests from courts and/or law enforcement agencies;
(g) to co-operate with our regulators and other public authorities (including by responding to their lawful requests for information; undertaking internal investigations; and complying with our reporting and other professional obligations);
(h) to protect our and our clients’ personal data, and other information, property and assets;
(i) for equal opportunities monitoring and reporting purposes; and
(j) to comply with any other obligation to which we are subject under applicable rules and law.
Where it is necessary for the purposes of our or another party’s legitimate interests, except where these are overridden by your interests, rights or freedoms
(a) to host you at our offices and providing hospitality services;
(b) for general security and business continuity purposes;
(c) for business management and financial planning (including management of suppliers; business process improvement and quality purposes; management reporting and reviewing records; accounting and auditing; and corporate due diligence);
(d) for managing insurances, complaints and potential and/or actual claims;
(e) to obtain legal advice, establish, defend and enforce our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings);
(f) to ensure the application, audit and enforcement of our internal policies;
(g) to ensure the effective provision of legal services to clients;
(h) for the improvement of our recruitment and other business processes;
(i) for training and continuing professional development purposes;
(j) for marketing and public relations purposes, including preparing client pitches and other business development material; contacting you with legal blogs, legal updates, news and industry updates, reports, events and other information;
(k) to organize corporate events;
(l) to complete any requests you may make in relation to your marketing preferences and other preferences concerning our communications with you;
(l) to manage, protect and improve our website, newsletters, blogs and other online services (including: (i) to make sure our website functions as it should; (ii) to recognize you when you return to the website; and (iii) to analyze how our website and online services are performing)
(m) to continuously review and improve our services (including by seeking and obtaining your feedback) and developing new ones; and
(n) to manage the proposed merger, restructuring, transfer or merging of any or all part(s) of our business, including to respond to any queries form the prospective buyer or merging organization;
We consider that such legitimate interests and these uses are proportionate, and compatible with your interests, legal rights and freedoms.
Where you provide your consent
(a) to deal with your enquiries and requests for information about our firm and services;
(b) to respond to feedback from you and your recruitment agent;
(c) where we extend an offer for employment to you and you ask us to apply for or to renew, your practicing certificate, foreign lawyer registration, work visa or other regulatory registration/authorization on your behalf;
(d) to the extent applicable laws require your consent for advertising, marketing and public relations purposes; and
(e) where you otherwise provide us with your valid consent.
Where it is necessary to protect your vital interests or that of another person
For example the disclosure of your personal data to medical staff in the event of medical emergencies.
Where we are legally permitted to do so and one of the general Permitted Purposes apply, we will process sensitive information (see "Types of Personal Data" section (L)) for one or more of the following additional Permitted Purposes:
Where it is necessary for reasons of substantial public interest, on the basis of applicable law
(a) where this is legally permitted, processing details of criminal and regulatory offences, allegations and other sensitive information:
(i) for the prevention or detection of fraud and other unlawful acts;
(ii) to comply with our money laundering and terrorist financing reporting requirements; and/or
(iii) to protect the public against dishonesty, malpractice or other seriously improper conduct; unfitness or incompetence; mismanagement or failures in services.
(b) In the jurisdictions where this is legally permitted, processing of data concerning your health, diversity data and other sensitive information for equal opportunities monitoring and reporting purposes.
(c) Processing which is necessary for any other valid public interest reason.
Where the processing is necessary for the establishment, exercise or defense of legal or regulatory claims
For example, where this is legally permitted, where the processing of details of criminal and regulatory offences, allegations and proceedings and other sensitive information is necessary:
(a) to make or defend a claim, complaint or regulatory allegation on your behalf if you are a client;
(b) to exercise our legal rights against third parties;
(c) to defend claims, complaints or regulatory allegations made by you or other persons against us; and/or
(d) for the establishment, exercise or defense of any other claim.
Where the processing relates to sensitive information manifestly made public by you
For example, sensitive information included in the press, your LinkedIn profile or otherwise online and/or in public, which is processed for one or more of the general Permitted Purposes.
Where it is necessary to protect your vital interests or that of another person where you/they are physically or legally incapable of giving consent
For example, the disclosure of your sensitive information to medical staff in the event of medical emergencies in circumstances where consent cannot be provided.
Where you provide your explicit consent, except where applicable law prevents it
(a) You provide us with your dietary or health requirements so that we can host you at our offices and provide you with hospitality services;
(b) Where you ask us to apply for or to renew, your practicing certificate, foreign lawyer registration, work visa or other regulatory registration/authorization on your behalf which requires the disclosure of details of criminal and regulatory offences, allegations and proceedings and other ensitive nformation;
(c) You provide us with information about your racial or ethnic origin or sexual orientation to support our diversity and inclusion programs;
(d) You consent to us using your witness statement to investigate a health and safety incident or workplace accident; and/or
(e) You otherwise provide your valid explicit consent.
Types of Personal Data
The following are types of personal data that may be relevant to this policy.
- (A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- (B) Financial information, including bank account number, credit card number etc.
- (C) Protected classifications under California or federal law (race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex, age, or sexual orientation)
- (D) Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- (E) Biometric information.
- (F) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
- (G) Geolocation data.
- (H) Audio, electronic, visual, thermal, olfactory, or similar information.
- (I) Professional or employment-related information.
- (J) Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
- (K) Inferences drawn from any of the information identified to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- (L) Sensitive personal information, which is defined as:
- Personal information that reveals:
- Social security number, driver’s license number, California identification card number, tax identification number, passport number
- Consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
- a consumer's precise geolocation
- a consumer's racial or ethnic origin, religious or philosophical beliefs, or union membership;
- the contents of a consumer's mail, email and text messages, unless the business is the intended recipient of the communication
- a consumer's genetic data; and
- The processing of biometric information for the purpose of uniquely identifying a consumer
- Personal information collected and analyzed concerning a consumer's health; or
- Personal information collected and analyzed concerning a consumer's sex life or sexual orientation