Duane Morris LLP is a limited liability partnership organized under the laws of Delaware. References in this privacy notice to “Duane Morris”, “we” or “us” are references to Duane Morris LLP and our affiliated entities. This privacy notice together with our Website Disclaimer and (if applicable) our relevant terms of business or other contract between us (if applicable) set out the basis on which Duane Morris processes your personal data (and any mandated controller/processor information).
Reference in this privacy notice to “personal data” means any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information. Our “Website” means this website and any other websites of Duane Morris.
Duane Morris is committed to protecting personal data and respecting your privacy.
Please read this notice carefully to understand our practices with respect to personal data and how we treat it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give to you, that might apply to our use of your personal data in specific circumstances from time to time.
If you are an EEA or UK resident, Duane Morris is a “controller” in relation to the use of your personal data. This means that we make decisions about how and why we use your personal data and, because, of this, we are responsible for making sure that it is used in accordance with applicable data protection laws. The controller in respect of your personal data processed in connection with the website www.duanemorris.com is Duane Morris LLP. For the purposes of other processing activities, the controller will be the relevant Duane Morris affiliate with which you are directly interacting.
How We Obtain Your Personal Data
As a law firm, we regularly receive personal data as part of our professional activities.
Your personal data may be collected by us in a number of ways, including:
- when you request a proposal from us in relation to our services;
- as part of our business intake and compliance procedures;
- through our provision of legal services to you or your organization;
- during the course of dealings with you for or on behalf of a client;
- when you apply to us for a position (either directly or, for example, through a recruitment consultant);
- when you or your organisation offer or provide services to us;
- when you browse or interact with our Website;
- when you use user IDs and passwords in relation to, or otherwise interact with, our online services;
- when you provide information to us by filling in forms on our Website. For example, this includes information provided at the time of registering for newsletters and updates on our Website, subscribing to our services, participating in webinars or requesting further services;
- when you provide us with information in relation to your attendance at any of our seminars, webinars or other hosted events;
- when you complete surveys that we use for research purposes; and
- when you contact us for the above and any other reason, we may monitor and keep a record of that correspondence (in whatever form).
Ordinarily, we will collect any such personal data directly from you. In some case, however, we may collect personal data from third parties (for example our clients and other professional advisers on our clients’ matters or those on the other side of a transaction or litigation or third-party systems used for regulatory checks) or we may collect publicly available information about you or your business (including through electronic data sources).
The Type of Personal Data that We Collect and/or Process
We may collect and process a number of different categories of your personal data, including but not limited to the following:
- Personal details (such as name, postal address, email address, telephone number, fax and other contact details);
- Professional information (such as company, title/function, department and website or, previous jobs, professional experience and qualifications);
- Identification and background information provided by you or collected by us as part of our business acceptance processes, subject to applicable laws and regulations;
- Financial information, such as billing, payment and bank account details;
- Where you provide it, information about your hobbies and interests;
- Marketing preferences, legal practice areas of interest, business industry sector interests and information from marketing activities to which you may have responded or in which you may have participated;
- Information from any research or surveys conducted by us in which you may have participated;
- Details of your visits to our Website (please see the section headed “Cookies” below for further detail);
- Information we receive from other sources, such as publicly available information, and information provided to us by or on behalf of our clients, your employer or other relevant organizations or generated by us in the course of providing our services;
- Images captured by our offices’ CCTV cameras, if any.
Where necessary and legally permitted or volunteered by you, we may also collect more sensitive data such as diversity and health data, and details of offences and related proceedings. This includes, for example, access and dietary requirements when you attend meeting and events.
How We Use the Personal Data We Hold
We may process personal data about you for the following purposes:
- to prepare for the entering into a contract with you;
- to provide you or a client with our services;
- to contact you in the course of providing services to our clients;
- to deal with your enquiries and requests;
- to provide you with any other information that you request from us;
- to consider your application for a position and for other related human resources administration purposes;
- to manage our business relationship with you or your organization in connection with the provision or procurement of goods and services, including processing payments, accounting, auditing, billing and collection and related support services;
- to manage and secure the access to our offices, systems and online platforms;
- to comply with our legal and regulatory obligations and responsibilities, including with respect to anti-money laundering, anti-terrorist financing and sanctions checks;
- to provide you with information related to our services, and to advise you of news and legal updates, events, reports and other information;
- to organise and host corporate events and meetings and to provide hospitality services to you;
- to seek your thoughts and opinions on the services we provide; and
- where we have other legitimate reasons for doing so (to the extent permitted by applicable law).
If you are an EEA or UK resident, we must have a lawful basis (i.e. a reason prescribed by law) for processing your personal data. If we process certain special categories of personal data (for example, details relating to your health) this requires a higher standard of protection under applicable laws. We may have more than one lawful basis for any of our relevant processing activities. For details of the purposes for which we process your personal data as well as legal basis on which we do so, please see the Schedule headed “Additional Information for EEA and UK Residents” at the end of this privacy notice, which is quickly accessible at this link.
If you refuse to provide us with certain information when requested, we may not be able to deal with you and/or perform any contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
When we collect contact information from you (for example, when you provide us with your business card), we may add your details to our contacts database and to our mailing lists. In all other cases, we will usually inform you (before collecting your information) if we intend to use your information for marketing purposes or if we intend to disclose your information to any third party for such purposes.
You can change your preferences for receiving Duane Morris event invitations, legal updates, marketing emails and other information from us by clicking on the link provided to “update my subscriptions” link in any Duane Morris email you may receive containing such information.
You also have the right to ask us not to process your personal information for marketing purposes. You can exercise the above right at any time by clicking on the “unsubscribe” link in a Duane Morris email, by sending us an email at firstname.lastname@example.org or by writing to us at the following address: Duane Morris LLP, FAO Data Privacy Manager, 30 South 17th Street, Philadelphia, PA 19103-4196, USA.
We will delete your personal data:
- when it is no longer reasonably required to fulfil the purpose for which it was collected; or
- when you withdraw your consent (where applicable), provided that we are not asked by you or a regulatory authority or other professional body to keep your personal data for a valid reason or are legally required or otherwise permitted to continue to hold such data. For the avoidance of doubt, the aforesaid also applies to personal data we are processing from our prospective and/or past employees and/or partners.
We may retain your personal data for an additional period to the extent deletion would require us to overwrite our automated disaster recovery backup systems or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.
How We Share Personal Data
Duane Morris is a global undertaking and a list of our offices, together with relevant contact information, may be found on our Website. Irrespective of how we obtain your personal data, it may be shared among all the offices within Duane Morris. We will put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We may also, as set out below, share your personal data with third parties.
EEA and UK Residents Only
If you are a European Economic Area (EEA) or UK resident please note that when you provide information to us (or a third party on our behalf) it may accordingly be accessed and used in countries outside of the EEA or the UK respectively. In relation to such transfers, you acknowledge that you have been made aware that: (i) some countries outside the EEA and the UK provide levels of protection of personal data which are substantially poorer than those of countries within the EEA and the UK and (ii) in respect of such countries it is possible that this personal data might be intercepted and accessed by governmental and other authorities/agencies in those countries.
By submitting your personal data to us, you consent to this transfer, storing or processing.
Where your personal data is processed outside the EEA and UK without your express consent (for example to provide services to you or where we are mandated to do so at law), we are required to ensure a level of data protection at least as protective as those mandated by the EEA or the UK (as applicable). If you would like to know more about the safeguards used by us to protect the transfer of your personal data, please contact us at email@example.com or write to the UK Appointed Representative of Duane Morris LLP at the following address: Duane Morris, FAO UK Data Privacy Manager, 16th Floor, Citypoint, 1 Ropemaker Street, London EC2Y 9AW, United Kingdom.
Data Sharing with third parties
We may sometimes share your personal data with third parties where we are required to do so by law or any regulatory authority, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
“Third parties” includes our clients (in the course of providing our services) courts or other judicial or official bodies (for example in the context of providing our services or where we are asked to respond to an order or other binding request), regulatory bodies and law enforcement agencies (for example where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations or in connection with criminal investigations) or where otherwise permitted or required by applicable law, as well as third party service providers and external agencies that we engage on our clients’ or your behalf, including to provide you with information that you have requested (for example IT and data storage services, professional advisory services (such as accounting services), word-processing, translation and other administration services, marketing services and banking services). We may also share your personal data with other third parties, for example in the context of the possible sale, merger or other restructuring of any of our businesses.
Some of these third parties (for example, other professional service providers such as accountants that we may engage on our behalf) may use your personal data as a “controller.” Where this is the case, they have their own privacy notices (which you should read) and their own responsibilities to comply with applicable data protection laws.
Where we engage third party service providers to carry out certain business functions for us, we will have in place an agreement with such third party service provider where required, which will restrict how they are able to process your personal information and impose appropriate security standards on them.
We may disclose your personal data in order to protect our rights or property or those of our clients or others; and this includes exchanging information with other companies and organizations for the purposes of fraud prevention, compliance with anti-money laundering, anti-terrorist financing and ‘know your client’ requirements, and credit risk reduction.
Where we share or transfer your personal data with third parties, we will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure its integrity and protection.
Keeping Your Personal Data Secure
We seek to put in place and keep in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
Given that the internet is a global environment, using the internet to collect and process personal data necessarily involves the transmission of information on an international basis. By browsing our Website and communicating electronically with us, you therefore acknowledge and agree to our processing of personal data in this way. The transmission of information via the internet is never completely secure and we accordingly cannot guarantee the security of your information transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
Our Website may, from time to time, contain links to other websites which are outside of our control and are not covered by this privacy notice. We do not accept any responsibility or liability for other sites’ privacy notices or policies. If you access other websites using the links provided, please check their policies before submitting any personal data.
Your Rights in Connection with Your Personal Data
It is important that the personal data we hold about you is accurate and current. Should your personal data change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
As set out above, you can ask us to stop sending you any marketing communications at any time.
EEA and UK Residents Only
Under certain circumstance, in addition to the rights set out in this privacy notice, you may have the right to:
- access your personal data and to be provided with certain information in relation to it;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data;
- require us to restrict processing of your personal data;
- receive the personal data you may have provided to us, in machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated;
- object to a decision we make which is based on automated processing of your personal data; and
- submit a complaint to the relevant data protection supervisory authority.
Please contact us at firstname.lastname@example.org or write to the UK Appointed Representative of Duane Morris, FAO UK Data Privacy Manager, 16th Floor, Citypoint, 1 Ropemaker Street, London EC2Y 9AW, United Kingdom if you want to know more about or exercise any of these rights. Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Changes to This Privacy Notice
We reserve the right to amend this privacy notice from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on our Website and will be effective upon posting.
If you have any requests or queries concerning your personal data or any queries with regard to our practices, please contact us at email@example.com or write to us at the following address: Duane Morris LLP, FAO Data Privacy Manager, 30 South 17th Street, Philadelphia PA 19103-4196, USA.
This privacy notice was last updated on March 11, 2022.
Additional Information for EEA and UK Residents
EEA and UK data privacy laws require us to share with you the purposes for which we process your personal data (the “Permitted Purposes”), together with the corresponding ‘Legal Basis’. We have summarised these in the tables below.
When we refer to the processing of your personal data this may include, for example, obtaining, holding or carrying out any operation or set of operations on the data, such as organising, copying, analysing, amending, retrieving, using, disclosing, transferring, retaining, archiving, anonymising, erasing or destroying it.
General Permitted Purposes
We process your personal data for one or more of the following general Permitted Purposes. Our processing can sometimes involve sensitive information. Please see the second table under the heading ‘Sensitive Information’ below in this regard.
Where it is necessary to perform our contract with you or your organisation or to take steps at your request to enter into the contract
(a) to respond to your enquiries;
(b) to deliver our legal or related services to you or our clients;
(c) to manage and administer our relationship with you or our clients (including but not limited to human resources administration, communicating with you, file opening and management, producing reports and narratives to capture how we have spent our time in relation to client matters, billing and billing follow-up);
(d) to facilitate our internal business operations such as record keeping and accounting practices;
(e) to employ/engage you if you are applying for a position and have been successful with such application;
(f) to enter into or perform our agreement with you if you are a supplier or external adviser (including supplier account management, administration and payment of your invoices); or
(g) to enter into or perform any other kind of contract/agreement we may have with you.
Where it is necessary for compliance with a legal, regulatory or professional obligation
(a) to carry out internal conflicts and other regulatory checks on new clients and new client matters and to undertake appropriate client due diligence in accordance with anti-money laundering and anti-terrorist financing law;
(b) to perform appropriate pre-hiring checks of employees and partners in accordance with our professional obligations;
(c) to undertake appropriate checks of suppliers and external advisers (for example, to comply with our obligations under applicable privacy, tax payment and tax evasion, modern slavery, anti-bribery and corruption and confidentiality rules);
(d) to keep secure our systems and processes and to identify, record and prevent fraudulent, criminal and/or otherwise illegal activities;
(e) for health and safety and workplace accident prevention compliance;
(f) to comply with instructions, orders and requests from courts and/or law enforcement agencies;
(g) to co-operate with our regulators and other public authorities (including by responding to their lawful requests for information; undertaking internal investigations; and complying with our reporting and other professional obligations);
(h) to protect our and our clients’ personal data, and other information, property and assets;
(i) for equal opportunities monitoring and reporting purposes; and
(j) to comply with any other obligation to which we are subject under applicable rules and law.
Where it is necessary for the purposes of our or another party’s legitimate interests, except where these are overridden by your interests, rights or freedoms
(a) to host you at our offices and providing hospitality services;
(b) for general security and business continuity purposes;
(c) for business management and financial planning (including management of suppliers; business process improvement and quality purposes; management reporting and reviewing records; accounting and auditing; and corporate due diligence);
(d) for managing insurances, complaints and potential and/or actual claims;
(e) to obtain legal advice, establish, defend and enforce our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings);
(f) to ensure the application, audit and enforcement of our internal policies;
(g) to ensure the effective provision of legal services to clients;
(h) for the improvement of our recruitment and other business processes;
(i) for training and continuing professional development purposes;
(j) for marketing and public relations purposes, including preparing client pitches and other business development material; contacting you with legal blogs, legal updates, news and industry updates, reports, events and other information;
(k) to organize corporate events;
(l) to complete any requests you may make in relation to your marketing preferences and other preferences concerning our communications with you;
(l) to manage, protect and improve our website, newsletters, blogs and other online services (including: (i) to make sure our website functions as it should; (ii) to recognize you when you return to the website; and (iii) to analyse how our website and online services are performing)
(m) to continuously review and improve our services (including by seeking and obtaining your feedback) and developing new ones; and
(n) to manage the proposed merger, restructuring, transfer or merging of any or all part(s) of our business, including to respond to any queries form the prospective buyer or merging organization;
We consider that such legitimate interests and these uses are proportionate, and compatible with your interests, legal rights and freedoms.
Where you provide your consent
(a) to deal with your enquiries and requests for information about our firm and services;
(b) to respond to feedback from you and your recruitment agent;
(c) where we extend an offer for employment to you and you ask us to apply for or to renew, your practicing certificate, foreign lawyer registration, work visa or other regulatory registration/authorization on your behalf;
(d) to the extent applicable laws require your consent for advertising, marketing and public relations purposes; and
(e) where you otherwise provide us with your valid consent.
Where it is necessary to protect your vital interests or that of another person
For example the disclosure of your personal data to medical staff in the event of medical emergencies.
Where we are legally permitted to do so and one of the general Permitted Purposes apply, we will process sensitive information for one or more of the following additional Permitted Purposes:
Where it is necessary for reasons of substantial public interest, on the basis of applicable law
(a) In the UK, where this is legally permitted, processing details of criminal and regulatory offences, allegations and other sensitive information:
(i) for the prevention or detection of fraud and other unlawful acts;
(ii) to comply with our money laundering and terrorist financing reporting requirements; and/or
(iii) to protect the public against dishonesty, malpractice or other seriously improper conduct; unfitness or incompetence; mismanagement or failures in services.
(b) In the jurisdictions where this is legally permitted, processing of data concerning your health, diversity data and other sensitive information for equal opportunities monitoring and reporting purposes.
(c) Processing which is necessary for any other valid public interest reason.
Where the processing is necessary for the establishment, exercise or defense of legal or regulatory claims
For example, in the UK, where this is legally permitted, where the processing of details of criminal and regulatory offences, allegations and proceedings and other sensitive information is necessary:
(a) to make or defend a claim, complaint or regulatory allegation on your behalf if you are a client;
(b) to exercise our legal rights against third parties;
(c) to defend claims, complaints or regulatory allegations made by you or other persons against us; and/or
(d) for the establishment, exercise or defence of any other claim.
Where the processing relates to sensitive information manifestly made public by you
For example, sensitive information included in the press, your LinkedIn profile or otherwise online and/or in public, which is processed for one or more of the general Permitted Purposes.
Where it is necessary to protect your vital interests or that of another person where you/they are physically or legally incapable of giving consent
For example the disclosure of your sensitive information to medical staff in the event of medical emergencies in circumstances where consent cannot be provided.
Where you provide your explicit consent, except where applicable law prevents it
(a) You provide us with your dietary or health requirements so that we can host you at our offices and provide you with hospitality services;
(b) Where you ask us to apply for or to renew, your practicing certificate, foreign lawyer registration, work visa or other regulatory registration/authorization on your behalf which requires the disclosure of details of criminal and regulatory offences, allegations and proceedings and other
(c) You provide us with information about your racial or ethnic origin or sexual orientation to support our diversity and inclusion programs;
(d) You consent to us using your witness statement to investigate a health and safety incident or workplace accident; and/or
(e) You otherwise provide your valid explicit consent.