Welcome to www.hodgsonruss.ca (the “Site”), a website provided by Hodgson Russ LLP, a New York limited liability partnership, (the “Firm”). The Firm, which is engaged in the practise of law, respects your privacy, and this policy covers the Firm’s handling, use and disclosure of information collected from you through the Site or other sources in the ordinary course of the Firm’s business.
You should review this policy carefully, and be sure you understand it, prior to using the Site or otherwise providing any information to the Firm. Your use of the Site or otherwise providing any information to the Firm is deemed to be irrevocable acceptance by you of this policy. If you do not agree to this policy, you should not use, and should immediately terminate your use of, the Site and not otherwise provide any information to the Firm. For purposes of this Section, accessing the Site only to review this policy is not deemed to be use of the Site.
Some of the information collected by the Firm may relate to residents of the European Union or Switzerland. The European Union and Switzerland have adopted requirements for the protection of certain information, and in order to satisfy such requirements, the Firm intends to (a) comply with (i) the E.U.-U.S. Privacy Shield Framework Principles, including the Supplemental Principles, designed by the U.S. Department of Commerce and the European Commission and (ii) the Swiss-U.S. Privacy Shield Framework Principles, including the Supplemental Principles, designed by the U.S. Department of Commerce and Swiss Administration and (b) elect to self-certify under the E.U.-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework administered by the U.S. Department of Commerce (the “Privacy Shield”). In particular, the Firm intends, with respect to all Shield Information, to adhere to the Privacy Shield’s principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, enforcement and liability. For purposes of enforcing compliance with the Privacy Shield, the Firm is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission, which can impose sanctions consisting of administrative orders and civil penalties. Upon completion of such self-certification, the Firm will be listed at https://www.privacyshield.gov/list as having certified to its compliance with the Privacy Shield. For more information regarding the Privacy Shield, please see the U.S. Department of Commerce’s website at http://privacyshield.gov.
In this policy:
(b) “Client Information” means all Non-Personal Information and all Personal Information obtained from a client of the Firm;
(c) “Collected Information” means all (i) Personal Information and (ii) Non-Personal Information;
(d) “Non-Personal Information” means all information collected by the Firm, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you may send to the Firm, and (iii) other sources in the ordinary course of the Firm’s business, that is not Personal Information (including, but not limited to, any Analytical Information);
(e) “Personal Information” means all information collected by the Firm, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you may send to the Firm, and (iii) other sources in the ordinary course of the Firm’s business, that relates to an individual and that identifies, or can be used in conjunction with other readily-accessible information to identify, such individual (including, but not limited to, name, e-mail address, physical address, phone number, credit card processing information, human resource data from employees and independent contractors of the Firm, and information relating to third-party individuals provided by clients of the Firm);
(f) “Sensitive Information” means all Shield Information of an individual that specifies (i) health data, (ii) racial or ethnic origin, (iii) political opinions, (iv) religious or philosophical beliefs, (v) union membership, (vi) genetic data, (vii) biometric data or (viii) the sex life or sexual orientation of such individual; and
(g) “Shield Information” means all Personal Information collected by the Firm, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you may send to the Firm, and (iii) other sources in the ordinary course of the Firm’s business that relates to individuals residing in the European Union or Switzerland and that is otherwise covered by the Privacy Shield.
No Collected Information is obtained from you, unless it is voluntarily provided, except for any Collected Information obtained automatically through the Site as set forth in this policy. Regardless of the method used to obtain Collected Information, the Firm will collect and retain Personal Information in its primary and backup files only to an extent that is relevant to the purposes for which it is provided by you, and except for Shield Information, for the Firm’s other legitimate business purposes (including, but not limited to, marketing). You are responsible for obtaining any approvals, authorizations, consents and permissions that are required in connection with your providing the Firm with any information (including, but not limited to, any information relating to a third party).
You may refuse to provide any information to the Firm at any time by terminating your use of the Site, or in all other cases not involving use of the Site, by notifying the Firm as set forth in Section 22. If you refuse to provide any information when requested to do so by the Firm or the Site, you may not be able to access, or otherwise enjoy the benefits of, certain services from the Firm or features of the Site.
Whether or not you have previously sent the Firm an e-mail message, you consent to the Firm’s sending you e-mail messages and other electronic communications (a) in connection with your use of the Site, (b) in the ordinary course of business, or (c) for any other legitimate business purpose (including, but not limited to, marketing). Since the Firm endeavors to send e-mail messages and other electronic communications only to individuals desiring to receive them, you can unsubscribe to such e-mail messages or other electronic communications at any time by contacting the Firm as set forth in Section 22 or by following the directions contained in such e-mail messages or other electronic communications.
When you access the Site, the Firm will collect Analytical Information. Your browser may provide you with the ability to not accept cookies, as well as the ability to delete already-existing cookies. If you refuse, or delete previously-existing, cookies, you may not be able to enjoy some features of the Site.Analytical Information will only be used by the Firm (a) to record your use of the Site, (b) to diagnose problems with the Site, (c) to improve the Site and make the Site more useful to you and other users, and (d) for other legitimate business purposes of the Firm (including, but not limited to, marketing). The Firm will collect Analytical Information either directly or through third parties acting on its behalf.
Any provision of this policy to the contrary notwithstanding, if the Firm collects any Sensitive Information from you, your explicit consent (i.e. among other things, you must “opt in”) will be obtained before such Sensitive Information is (a) disclosed to a third party or (b) used for a purpose other than the purposes for which such Sensitive Information was originally collected or subsequently authorized by you through the exercise of an “opt-in” choice. The Firm will also treat as Sensitive Information any Personal Information of an individual received by the Firm from a third party if the third party identifies it in writing to the Firm, and treats it, as sensitive.
All electronic Personal Information is controlled or processed by the Firm on servers located at the Firm’s place of business in Buffalo, New York, and on other servers located at an off-site data center located in Rochester, New York. The Firm may transfer Collected Information to a third-party sub-controller or processor only pursuant to Section 11.
The Firm will protect Client Information from loss, misuse and unauthorized access, alteration, destruction and disclosure as required by the Rules of Professional Conduct (or other rules) applicable to the Firm’s attorneys and all laws applicable to the Firm; provided, however, that, except as provided in the immediately following sentence, the Firm will, at a minimum, use commercially reasonable efforts to protect Personal Information from loss, misuse and unauthorized access, alteration, destruction and disclosure. Certain Personal Information posted by you on the Site may be accessible to the general public, and the Firm is not responsible for protecting such Personal Information from loss, misuse or unauthorized access, alteration, destruction or disclosure. For example, if you participate in a public forum on the Site, any information disclosed by you when doing so may be available to the general public. Also, since no transmission of information over the Internet or electronic storage of information is completely secure, it is possible that Collected Information could be lost, misused or accessed, altered, destroyed or disclosed without authorization, even if the Firm uses such reasonable efforts. In providing information to the Firm, you must assume the risk that Collected Information could be lost, misused or accessed, altered, destroyed or disclosed without authorization.
Use and Transfer of Collected Information
All Collected Information may be used by the Firm for any legitimate business purpose (including, but not limited to, marketing), except that, in the case of Shield Information and only to the extent required by the Privacy Shield, such purpose (a) is relevant to the purpose for which Shield Information has been provided by you or (b) has been subsequently authorized by you. If the Firm expressly states in this policy or in another writing that any Collected Information will only be used for a specific purpose, the Firm will only use such Collected Information for such purpose, unless you subsequently consent to its being used for another purpose.Any Collected Information obtained by the Firm, whether or not for a specific purpose, may be transferred to third parties retained by the Firm (including, but not limited to, any distributors, sub-contractors or vendors of the Firm) for any purposes for which the Firm could use such Collected Information, except that, in the case of Shield Information and only to the extent required by the Privacy Shield, (a) the Firm will notify you of such transfer, (b) such third party’s right to use Shield Information is limited to such purposes, (c) such third party is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield, (d) the Firm takes commercially reasonable steps to ensure that such third party effectively processes Shield Information in a manner consistent with the Firm’s obligations under the Privacy Shield, (e) such third party is required to notify the Firm if such third party makes a determination that it can no longer meet its obligation to provide the same level of privacy protection as required under the Privacy Shield, (f) upon such notice, the Firm must take commercially reasonable steps to stop and remediate unauthorized processing of Shield Information, and (g) upon the request of the U.S. Department of Commerce (or its designee), the Firm must provide a summary or representative copy of the relevant privacy provisions of its agreements with such third party. In cases of onward transfers to third parties of Shield Information, the Firm is potentially liable for the failure of such third party to comply with the Privacy Shield.
The Firm may also at any time, in its sole discretion, disclose and use any Collected Information (including, but not limited to, a computer’s Internet protocol addresses), whether or not you furnished such Collected Information for a specific purpose, to (a) comply with, or as permitted by, any applicable law or government request, (b) cooperate with law enforcement, and other third parties, in investigating a claim of fraud, illegal activity or infringement of intellectual property rights, (c) protect the rights, property or legitimate business interests of the Firm or a third party, or (d) transfer such Collected Information to a third party acquiring all, or substantially all, of the Firm’s assets. If Collected Information is so transferred, the Firm will have no responsibility for any action of the third party to whom or which such Collected Information is transferred.
The Firm does not warrant or represent that any Collected Information will be accurate or error-free. However, upon your request, the Firm will grant you access to your Shield Information in the possession, or under the control, of the Firm solely for the purpose of your correcting or deleting such Shield Information that is inaccurate or has been processed in violation of the Privacy Shield, except where the burden or expense of providing such access would be disproportionate to the risks to your privacy or where the rights of a third party would be violated. If you desire access to any Shield Information for such purpose, you must contact the Firm in writing as set forth in Section 22.
The Site is not intended for children under 13 years of age. However, if a parent or guardian of a child who is under 13 years of age discovers that the child’s personal information has been submitted to the Firm through the Site without the parent’s or guardian’s consent, the Firm will use commercially reasonable efforts to remove such information from the Site and the Firm’s servers at the parent’s or guardian’s request. To request the removal of personal information of a child under 13 years of age, the parent or guardian must contact the Firm as set forth in Section 22, and provide all information requested by the Firm to assist it in identifying the information to be removed.
This policy shall be governed by, and construed and interpreted in accordance with, (a) the laws of the state of New York, without regard to its principles of conflict of laws, and in the case of Shield Information, and only to the extent required by the Privacy Shield, (b) the Privacy Shield. If there is any conflict or inconsistency between any provision of this policy and any provision of any applicable law or the Privacy Shield, the latter shall control.
Except as provided in Section 17, any complaint by you regarding any Collected Information, or otherwise relating to this policy, whether or not covered by the Privacy Shield, must first be submitted to the Firm as set forth in Section 22, and the Firm must be given a reasonable opportunity of not less than 30 days to investigate and respond to your complaint. Upon the Firm’s completing such investigation and so responding, the Firm and you must then attempt, in good faith, to promptly resolve any remaining aspects of your complaint. If any aspect of your complaint remains unresolved after an additional reasonable period of time of not less than 30 days, (a) you may commence litigation against the Firm in connection with the unresolved portion of your complaint only in a court located in Erie County, New York, and having subject matter jurisdiction over your complaint, and (b) you consent to any such court’s being, and waive any objection (including, but not limited to, any such objection based on inconvenience) to such court’s not being, a proper venue for your complaint.
Independent Recourse Mechanism
If you have a complaint that relates to Shield Information, the Firm offers an independent recourse mechanism to resolve your complaint that you may use in lieu of the process described in Section 16. The independent recourse mechanism offered by the Firm is more fully described at http://privacyshield.gov. In order to access the independent recourse mechanism, you must file a complaint with the International Centre for Dispute Resolution of the American Arbitration Association (“ICDR”), and after receiving your complaint, ICDR will resolve the dispute between you and the Firm by following the ICDR Dispute Resolution Procedures located at http://go.adr.org/privacyshield.html. All fees of ICDR in connection with your use of its independent recourse mechanism described in this Section will be paid by the Firm.If all other options available to you for resolving a complaint are unsuccessful, and upon satisfaction of certain other conditions, you can lodge your complaint with the Privacy Shield Panel, which is an “arbitration mechanism” of three neutral arbitrators. Any decision of the Privacy Shield Panel is binding and enforceable in courts of the United States.
With respect to human resources data that is Shield Information and that is used by the Firm in the context of the employment relationship, the Firm will, as applicable, (a) cooperate with, and comply with the advice given by, the E.U. data protection authorities, and (b) cooperate with, and comply with the advice given by, the Swiss Federal Data Protection and Information Commissioner.
Except as set forth in this Section, this policy contains the entire agreement, and supersedes all prior oral and written agreements, proposals and understandings, between you and the Firm, with respect to Collected Information. If you use the Site or otherwise have business dealings with the Firm, such use or dealings will be subject to this policy, plus any other written agreement between the parties that is applicable thereto. To the extent there is any conflict or inconsistency between any provision of this policy and any provision of such other agreement, the former shall control.
Whenever possible, each provision of this policy shall be interpreted to be effective and valid under applicable law. If, however, any such provision shall be prohibited by or invalid under such law, it shall be deemed modified to conform to the minimum requirements of such law, or if for any reason it is not so modified, it shall be prohibited or invalid only to the extent of such prohibition or invalidity without the remainder of such provision, or any other provision of this policy, being prohibited or invalid.
The Firm may revise any provision of this policy from time to time by posting the revised provision on the Site so long as such revision does not conflict with any applicable law, the Rules of Professional Conduct (or other similar rules) applicable to the Firm’s attorneys or the Privacy Shield. Any such revision will take effect immediately upon such posting, and will apply to all Collected Information obtained by the Firm after such posting. It is your responsibility to periodically check this policy on the Site for revisions to this policy.
Except as provided in this policy or in the Privacy Shield or other applicable law, you are solely responsible for all fees and disbursements of any attorney or other advisor retained by you in connection with enforcing your rights under this policy.
If you have any questions or complaints, desire additional information, or need to notify the Firm of anything regarding the Firm’s handling of any Collected Information or otherwise relating to this policy, please promptly contact the Firm as follows:
Hodgson Russ LLP
Attn: Privacy Partner
140 Pearl Street, Suite 100
Buffalo, New York 14202
United States of America
Effective Date: May 25, 2018