HODGSON RUSS, LLP
Welcome to www.hodgsonruss.ca (the “Site”), a website provided by Hodgson Russ LLP, a New York limited liability partnership, (the “Firm”). The Firm, which is engaged in the practice of law, respects your privacy, and this policy covers the Firm’s handling, use and disclosure of information collected from you through the Site or other sources in the ordinary course of the Firm’s business, including the provision of legal services.
You should review this policy carefully, and be sure you understand it, prior to using the Site or otherwise providing any information to the Firm. Your use of the Site, providing any information to the Firm or any other indication of your assent is deemed to be acceptance by you of this policy. If you do not agree to this policy, you should not use, and should immediately terminate your use of, the Site and not otherwise provide any information to the Firm. For purposes of this Section, accessing the Site only to review this policy is not deemed to be use of the Site.
2. Privacy Shield
Some information collected by the Firm relates to individuals in the European Union or Switzerland. The European Union and Switzerland have adopted requirements for the protection of certain information, and in order to satisfy such requirements, the Firm complies with, and has self-certified to the U.S. Department of Commerce under, (a) the E.U.-U.S. Privacy Shield Framework Principles, including the Supplemental Principles, and the Swiss-U.S. Privacy Shield Framework Principles, including the Supplemental Principles, regarding the Firm’s protection, transfer and use of personal data transferred from the European Union and Switzerland, as applicable, to the United States (the “Privacy Shield Principles”). In particular, the Firm has self-certified that, with respect to all Personal Information that relates to individuals in the European Union or Switzerland, it will adhere to the Privacy Shield’s Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.
For purposes of enforcing compliance with the Privacy Shield Principles, the Firm is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission, which can impose sanctions consisting of administrative orders and civil penalties. Hodgson Russ is listed at https://www.privacyshield.gov/list as having certified to its compliance with the Privacy Shield Principles. Additional information regarding the Privacy Shield Principles can be found at the U.S. Department of Commerce’s website at http://privacyshield.gov.
In this policy:
(b) “California Information” means all Personal Information that relates to residents of California and that is covered by the California Consumer Privacy Act or the California Online Privacy Protection Act (collectively, the “California Laws”);
(c) “Collected Information” means all (i) Personal Information and (ii) Non-Personal Information;
(d) “Non-Personal Information” means all information collected by the Firm, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you may send to the Firm, and (iii) other sources in the ordinary course of the Firm’s business, that is not Personal Information (including, but not limited to, any Analytical Information);
(e) “Personal Information” means all information collected by the Firm, whether electronically or manually, through (i) the Site, (ii) e-mail messages and other electronic communications that you may send to the Firm, and (iii) other sources in the ordinary course of the Firm’s business, that relates to an individual and that identifies, or can be used in conjunction with other readily-accessible information to identify, such individual (including, but not limited to, name, e-mail address, physical address, phone number and human resource data relating to employees of the Firm or individuals applying for employment);
(f) “Sensitive Information” means all Shield Information of an individual that specifies (i) health data, (ii) racial or ethnic origin, (iii) political opinions, (iv) religious or philosophical beliefs, (v) union membership, (vi) genetic data, (vii) biometric data or (viii) the sex life or sexual orientation of such individual; and
(g) “Shield Information” means all Personal Information that relates to individuals in the European Union or Switzerland and that is covered by the Privacy Shield.
Except for any Collected Information obtained automatically through the Site as set forth in this policy, no Collected Information is obtained from you, unless it is voluntarily provided. For example, the Firm collects the full name, email address, postal address, phone number, and other identification and contact data from its clients or from consumers who sign-up to receive legal alerts and similar publications. Regardless of the method used to obtain Collected Information, the Firm will only collect and retain Personal Information in a manner that is consistent with the purposes for which it is provided, and except for Shield Information, the Firm’s other legitimate business purposes (including, but not limited to, marketing). You are responsible for obtaining any approvals, authorizations, consents, permissions and permits that are required in connection with your providing the Firm with any information (including, but not limited to, any information relating to a third party). The categories of California Information collected by the Firm are set forth in the Firm’s California Privacy Disclosures and are accessible as set forth in Section 16.
You may refuse to provide any information to the Firm at any time by terminating your use of the Site, or in all other cases not involving use of the Site, by notifying the Firm as set forth in Section 24. If you refuse to provide any information when requested to do so by the Firm or the Site, you may not be able to access, or otherwise receive the benefits of certain services from the Firm or features of the Site.
6. Electronic Communications
Whether or not you have previously sent the Firm an e-mail message, you consent to the Firm’s sending you e-mail messages and other electronic communications (a) in connection with your use of the Site, (b) in the ordinary course of business, or (c) for any other legitimate business purpose (including, but not limited to, marketing). Since the Firm endeavors to send e-mail messages and other electronic communications only to individuals desiring to receive them, you can unsubscribe to such e-mail messages or other electronic communications at any time by contacting the Firm as set forth in Section 24 or by following the directions contained in such e-mail messages or other electronic communications. Any request to unsubscribe to e-mail or other electronic communications will likely be effective within 48 hours after your request is received by the Firm.
7. Analytical Information
When you access the Site, you will be asked to agree to the storing of cookies on your device for certain purposes. If you do not agree, you should not agree to the storage of cookies or continue to browse the Site. In addition, your browser may provide you with the ability to not accept cookies, as well as the ability to delete already-existing cookies. If you refuse, or delete previously-existing, cookies, you may not be able to receive the benefits of certain features of the Site.
Analytical Information will only be used by the Firm (a) to record your use of the Site, (b) to diagnose problems with the Site, (c) to improve the Site and make the Site more useful to you and other users, (d) to assist in the Firm’s marketing efforts, and (e) for other legitimate business purposes of the Firm. The Firm will collect Analytical Information either directly or through third parties acting on its behalf. For example, Google Analytics is one of the the third parties used by the Firm to collect Analytical Information. These third parties may combine and use data collected through your use of the Site with data they collect over time and across different websites for their own purposes. You can learn about how Google collects and processes data at https://policies.google.com/technologies/partner-sites. You can also learn about the controls Google offers to manage the collection and use of your data at https://policies.google.com/privacy. The Firm recommends that you review the privacy policies or notices of these third parties.
8. Sensitive Information
Any provision of this policy to the contrary notwithstanding, in the unlikely event the Firm collects any Sensitive Information, your explicit consent (i.e. among other things, you must “opt in”) will be obtained before such Sensitive Information is (a) disclosed to a third party or (b) used for a purpose other than the purposes for which such Sensitive Information was originally collected.
The Firm will protect client information from loss, misuse and unauthorized access, alteration, destruction and disclosure as required by the Rules of Professional Conduct (or other rules) applicable to the Firm’s attorneys and all laws applicable to the Firm; provided, however, that, except as provided in the immediately following sentence, the Firm will, at a minimum, use commercially reasonable efforts to protect Personal Information from loss, misuse and unauthorized access, alteration, destruction and disclosure. Certain Personal Information posted by you on the Site may be accessible to the general public, and the Firm is not responsible for protecting such Personal Information from loss, misuse or unauthorized access, alteration, destruction or disclosure. For example, if you participate in a public forum on the Site, any information disclosed by you when doing so may be available to the general public. Also, since no transmission of information over the Internet or electronic storage of information is completely secure, it is possible that Collected Information could be lost, misused or accessed, altered, destroyed or disclosed without authorization, even if the Firm uses such reasonable efforts. In providing information to the Firm, you must assume the risk that Collected Information could be lost, misused or accessed, altered, destroyed or disclosed without authorization.
All Collected Information may be used by the Firm for any legitimate business purpose, including, but not limited to, representing our clients, conducting business operations, operating the Site and responding to requests for information. However, in the case of Shield Information, and only to the extent required by the Privacy Shield Principles, the Collected Information may only be used if such purpose (a) is not incompatible with the purposes for which Shield Information has been collected by the Firm or (b) has been subsequently authorized by you. If the Firm expressly states in this policy or in another writing that any Collected Information will only be used for a specific purpose, the Firm will only use such Collected Information for such purpose, unless you subsequently consent to its being used for another purpose. The purposes for which California Information is collected by the Firm are set forth in the Firm’s California Privacy Disclosures and are accessible as set forth in Section 16.
Any Collected Information obtained by the Firm, whether or not for a specific purpose, may be transferred to third parties designated by the Firm (including, but not limited to, any affiliates, distributors, sub-contractors or vendors engaged by the Firm to perform administrative and technological functions) for any purposes for which the Firm could use such Collected Information. However, in the case of Shield Information, and only to the extent required by the Privacy Shield Principles, (a) the Firm will notify you of such transfer, (b) such third party’s right to use Shield Information is limited to such purposes, (c) such third party is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield Principles, (d) the Firm takes commercially reasonable steps to ensure that such third party effectively processes Shield Information in a manner consistent with the Firm’s obligations under the Privacy Shield Principles, (e) such third party is required to notify the Firm if such third party makes a determination that it can no longer meet its obligation to provide the same level of privacy protection as required under the Privacy Shield Principles, (f) upon such notice, the Firm must take commercially reasonable steps to stop and remediate unauthorized use of Shield Information, and (g) upon the request of the U.S. Department of Commerce (or its designee), the Firm must provide a summary or representative copy of the relevant privacy provisions of its agreements with such third party. In cases of onward transfers to third parties of Shield Information, the Firm is potentially liable for the failure of such third party to comply with the Privacy Shield Principles. The categories of third parties with whom we share California Information are set forth in the Firm’s California Privacy Disclosures and are accessible as set forth in Section 16.
The Firm may also at any time, in its sole discretion, transfer any Collected Information (including, but not limited to, a computer’s Internet protocol addresses), whether or not you furnished such Collected Information for a specific purpose, to (a) comply with, or as permitted by, any applicable law or lawful request of a government or public authority for purposes of satisfying, among others, national security and law enforcement requirements, (b) cooperate with law enforcement, and other third parties, in investigating a claim of fraud, illegal activity or infringement of intellectual property rights, (c) protect the rights, property or legitimate business interests of the Firm or a third party, or (d) transfer such Collected Information to a third party acquiring all, or substantially all, of the Firm’s assets. If Collected Information is so transferred, the Firm will have no responsibility for any action of the third party to whom or which such Collected Information is transferred.
Upon your sending a request to the Firm as set forth in Section 24, the Firm will delete Shield Information or California Information from its servers (and servers of third parties acting on behalf of the Firm) when it is no longer required for the purposes for which it was collected and processed, unless the Firm is legally permitted or required to continue holding it, or it is relevant to the Firm’s interests in any pending dispute, judicial proceeding, government investigation or has another lawful basis to continue holding it.
13. Inaccurate Shield Information
The Firm does not warrant or represent that any Collected Information will be accurate or error-free. Upon your request, the Firm will grant you access to your Shield Information in the possession of the Firm solely for the purpose of correcting such Shield Information that is inaccurate or has been processed in violation of the Privacy Shield Principles, except when the burden or expense of providing such access would be disproportionate to the risks to your privacy or where the rights of a third party would be violated. If you desire access to any Shield Information for such purpose, you must contact the Firm in writing as set forth in Section 24.
14. Third-Party Sites
The Site is not intended for children under 13 years of age. However, if a parent or guardian of a child who is under 13 years of age discovers that Personal Information of such child has been submitted to the Firm through the Site without the parent’s or guardian’s consent, the Firm will use commercially reasonable efforts to remove such information from the Site and the Firm’s servers at the parent’s or guardian’s request. To request the removal of such Personal Information, the parent or guardian must contact the Firm as set forth in Section 24, and provide all information requested by the Firm to assist it in identifying the Personal Information to be removed.
16. California Residents
The Firm does not sell any California Information. The Firm will, to the extent required by the California Laws, disclose, delete or take any other action with respect to any California Information. A resident of California may request (a “California Request”) pursuant to the California Laws, among other things, that the Firm:
(a) Disclose to such resident:
(i) The categories of California Information relating to such resident that are collected by the Firm;
(ii) The categories of sources from whom or which California Information relating to such resident is collected by the Firm;
(iii) The purposes for the Firm’s collecting California Information relating to such resident;
(iv) The categories of third parties to whom or which the Firm transfers California Information relating to such resident;
(v) The specific pieces of California Information relating to such resident collected by the Firm; and
(vi) If California Information is disclosed for a business purpose to a third party, the categories of such California Information relating to such resident that are disclosed for a business purpose, and the categories of third parties to whom or which such California Information are disclosed for a business purpose; and
(b) Except in certain circumstances, delete California Information of such resident.
A California Request (a) can only be made twice in a 12-month period, (b) will require the collection of certain information by the Firm to verify the identity of such resident, and (c) must be submitted to the Firm as set forth in Section 24. The Firm will respond to any such request within 45 days after receiving such information.
The California Laws require certain additional disclosures that can be found below this policy or by clicking this link: California Privacy Disclosures. The Firm will not discriminate against a resident of California for exercising any right of such resident under the California Laws, except as permitted under the California Laws.
17. Applicable Law
This policy shall be governed by, and construed and interpreted in accordance with, (a) in the case of Shield Information, and solely to the extent required by the Privacy Shield Principles, the Privacy Shield Principles, (b) in the case of California Information, and solely to the extent required by the California Laws, the California Laws, (c) any other applicable privacy law solely to the extent required by such law, and (d) in all other cases, the laws of the state of New York, without regard to its principles of conflict of laws,. If there is any conflict or inconsistency between any provision of this policy and any provision of any applicable law, the latter shall control.
Except as provided in Section 19, any complaint by you regarding any Collected Information, or otherwise relating to this policy, whether or not covered by the Privacy Shield Principles, must first be submitted to the Firm as set forth in Section 24, and the Firm must be given a reasonable opportunity of not less than 45 days to investigate and respond to your complaint. Upon the Firm’s completing such investigation and so responding, the Firm and you must then attempt, in good faith, to promptly resolve any remaining aspects of your complaint. If any aspect of your complaint remains unresolved after an additional reasonable period of time of not less than 45 days, you may commence litigation against the Firm in connection with the unresolved portion of your complaint only in a court located in Erie or Niagara Counties, New York, and having subject matter jurisdiction over your complaint. You consent to any such court’s being a proper venue for your complaint, and waive any objection thereto based on inconvenience.
19. Independent Recourse Mechanism
If you have a complaint that relates to Shield Information, the Firm offers an independent recourse mechanism to resolve your complaint that you may use in lieu of the process described in Section 18. The independent recourse mechanism offered by the Firm is more fully described at this link: http://privacyshield.gov. In order to access the independent recourse mechanism, you must file a complaint with the International Centre for Dispute Resolution of the American Arbitration Association (“ICDR”), and after receiving your complaint, ICDR will resolve the dispute between you and the Firm by following the ICDR Dispute Resolution Procedures located at this link: http://go.adr.org/privacyshield.html. All fees of ICDR in connection with your use of its independent recourse mechanism described in this Section will be paid by the Firm.
If all other options available to you for resolving a complaint under the Privacy Shield Principles are unsuccessful, and upon satisfaction of certain other conditions, you can lodge your complaint with the Privacy Shield Panel, which is an “arbitration mechanism” of three neutral arbitrators. Any decision of the Privacy Shield Panel will be binding on the Firm and enforceable in certain courts of the United States.
With respect to human resources data that is Shield Information and that is used by the Firm in the context of an employment relationship, the Firm will cooperate with investigations of, and comply with the advice given by, the E.U. data protection authorities, and the Swiss Federal Data Protection and Information Commissioner, as applicable.
20. Entire Agreement
Except as set forth in this Section, this policy contains the entire agreement, and supersedes all prior oral and written agreements, proposals and understandings, between you and the Firm, with respect to Collected Information. If you use the Site or otherwise have business dealings with the Firm, such use or dealings will be subject to this policy, plus any other written agreement between the parties that is applicable thereto. To the extent there is any conflict or inconsistency between any provision of this policy and any provision of such other agreement, the former shall control.
Whenever possible, each provision of this policy shall be interpreted to be effective and valid under applicable law. If, however, any such provision shall be prohibited by or invalid under such law, it shall be deemed modified to conform to the minimum requirements of such law, or if for any reason it is not so modified, it shall be prohibited or invalid only to the extent of such prohibition or invalidity without the remainder of such provision, or any other provision of this policy, being prohibited or invalid.
The Firm may revise any provision of this policy from time to time by posting the revised provision on the Site so long as such revision does not conflict with any applicable law. Any such revision will take effect immediately upon such posting, and will apply to all Collected Information obtained by the Firm after such posting. It is your responsibility to periodically check this policy on the Site for revisions to this policy. The latest version of this policy will always be the one posted on the Site.
Except as provided in this policy, or any applicable law, you are solely responsible for all fees and disbursements of any attorney or other advisor retained by you in connection with enforcing your rights under this policy.
24. Contact Information
If you (a) desire to make a California Request, or (b) have any questions or complaints, desire additional information, or need to notify the Firm of anything, regarding this policy, please promptly contact the Firm using one of the methods set forth below:
Regular mail to:
Hodgson Russ LLP
Attn: Privacy Partner
22 Adelaide Street West, Suite 2050
Toronto, ON M5H 4E3
E-mail to: firstname.lastname@example.org; or
Toll-free phone number: (800) 724-5184
HODGSON RUSS, LLP
PRIVACY DISCLOSURES FOR CALIFORNIA RESIDENTS
Categories of Personal Information Collected
The following categories of personal information are collected by the Firm:
- Identifiers (e.g. name, Internet protocol address, email address, physical address, and phone number);
- Professional or Employment-Related Information;
- Education Information;
- Bank account number, credit card number, debit card number, or other financial information
- Internet and Network Activity Information; and
- Commercial Information.
Categories of Sources of Personal Information Collected
The Firm obtains personal information from consumers using the Site, individuals or entities using the Site on behalf of consumers, or individuals or entities with whom or which the Firm has a business relationship. The Firm may also obtain personal information from clients and employees in the ordinary course of business.
Purposes for Collecting Personal Information
The Firm uses personal information collected by it for one or more of the following purposes:
- To achieve the purposes for which you, an individual or entity acting on your behalf, or an individual or entity with whom or which the Firm has a business relationship, provided personal information;
- To enable the lawyers at the Firm to render a legal analysis or provide legal services;
- To provide you with support, and to respond to your questions, regarding the services of the Firm;
- To record use of the Firm’s website, to diagnose problems with the website, and to improve and make the website more useful to consumers;
- To send e-mail messages, newsletters and other relevant information about the Firm’s legal services;
- To process payments for the Firm’s legal services;
- To consider consumers for employment or employ consumers;
- To administer employment benefits or distribute wages;
- To respond to requests from law enforcement or other governmental authorities;
- To comply with any applicable law or legal obligation;
- To prosecute or defend itself in a legal dispute or proceeding; and
- For any other business purpose permitted by the CCPA.
Categories of Third Parties with whom The Firm Shares Personal Information
The Firm does not sell any personal information to Third Parties. The Firm may share personal information—including any category of personal information collected by the Firm—with Third Parties that enable the Firm to render legal services. Categories of Third Parties with whom the Firm may share personal information include vendors that provide the following services to the Firm: credit card processing, electronic billing systems, law firm accounting systems, business intelligence/financial analysis, document management systems, collaboration sites, document production, faxing, email, email management and security, learning management systems, project management, digital dictation, scheduling systems, payroll and benefits systems, contact relationship management systems, conflict of interest and new business intake systems, information governance systems, bankruptcy data tracking application, Cloud storage, applications for tracking and managing employee benefits data, applications for preparing governmental forms for estates and trusts, applications for managing and preparing forms for immigration, electronic discovery applications, docketing software, case/practice Management software, applications used for preparing required tax forms, applications used for intellectual property or trademark management, government entities and data brokers.
Summary of Consumers’ Rights
The following is a summary of a consumer’s rights under the CCPA:
Access to Specific Information and Data Portability Rights
You have the right to request that the Firm disclose certain information to you regarding your personal information collected by the Firm as follows:
- The categories of personal information collected about you;
- The categories of sources of the personal information collected about you;
- The Firm’s business or commercial purpose for collecting or, if applicable, sharing your personal information;
- The categories of third parties with which or whom the Firm shares your personal information;
- The specific pieces of personal information collected about you;
- The categories of personal information, if any, the Firm disclosed for a business purpose to a third party in the preceding 12 months.
You may request that the Firm delete any of your personal information retained by the Firm, subject to certain exceptions. Upon receiving and confirming your verifiable consumer request, the Firm will delete (and direct its service providers to delete) such personal information from the Firm’s (or such service providers’) records, except that the Firm may deny your request if retaining the personal information is necessary for the Firm or one of its service providers to:
- Complete the transaction for which the Firm collected the personal information, provide the legal service requested by you, take actions reasonably anticipated within the context of the Firm’s ongoing business relationship with you, or otherwise perform a contract between the Firm and you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activity;
- Debug products to identify and repair errors that impair intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise his or her free speech rights, or exercise another right provided by law;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the Firm;
- Comply with a legal obligation; and
- Make other internal and lawful uses of personal information that are compatible with the context in which you provided it.
Verifiable Consumer Requests
To exercise your rights described in these disclosures, you must submit a verifiable consumer request to the Firm as set forth in the Policy. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request relating to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows the Firm to reasonably determine you are the person about whom the Firm collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows the Firm to properly understand, evaluate, and respond to it.
The Firm cannot respond to your request or provide you with personal information if it cannot verify your identity or authority to make the request and confirm the personal information relates to you. The Firm will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
The Firm’s Response
The Firm endeavors to respond to a verifiable consumer request within 45 days of its receipt. If the Firm requires more time (up to an additional 45 days), the Firm will inform you of the reason and extension period in writing. The Firm will deliver its written response by mail or electronically, at your option. Any disclosures provided by the Firm will only cover the 12-month period preceding receipt of the verifiable consumer request. The response provided by the Firm will, if applicable, also explain the reasons it cannot comply with a request. For data portability requests, the Firm will select a format to provide your personal information that is readily useable and should allow you to electronically transmit the information from one entity to another entity without hindrance.
The Firm does not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If the Firm determines that any request warrants a fee, it will tell you why a fee is warranted and provide you with a cost estimate before completing your request.
The Firm will not discriminate against you for exercising any rights under the CCPA. In particular, if you exercise any such rights, the Firm will not:
- Deny you services or access to your client file;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of services; or
- Suggest that you may receive a different price or rate for services, or a different level or quality of services.
The Firm may revise these disclosures from time to time by posting the revisions on the Site. Any such revision will take effect immediately upon such posting, but will only relate to personal information collected after such revision is posted. It is your responsibility to periodically check the Site for revisions to these disclosures.
 The Firm is aware of the July 16, 2020 judgment issued by the Court of Justice of the European Union (case C-311/18) which invalidated the E.U.-U.S. Privacy Shield Framework. However, in accordance with statements published by the United States Department of Commerce, the Firm will maintain compliance with its obligations under the E.U.-U.S. Privacy Shield Framework until further guidance is issued.
 The Firm is aware of the September 8, 2020 opinion issued by Switzerland’s Federal Data Protection and Information Commissioner (“FDIC”) who concluded that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection. The Firm will, however, maintain its compliance with the Swiss-U.S. Privacy Shield Framework, which is consistent with the U.S. Department of Commerce’s public statement that participants are not relieved of their obligations following the FDIC’s opinion.