What do we collect and how?
Anonymous and Aggregated Web Traffic Information
General traffic, site usage, browser information, length-of-stay information, and location data, is collected and stored in log files. This type of information is collected and used on an anonymous, aggregated basis meaning that we do not connect this information to your name or other personal information.
Personal Information (non-financial)
We collect all or some of the following personal information: first and last name, email address, company and other information, in the following contexts:
Alerts and Announcements: We use your contact information to provide you with e-alerts about legal developments and information about Stinson sponsored seminars and events. We always give you the opportunity to opt-out of these communications.
Extranet Site: When you log into our client extranet site to upload documents, we ask you for the Username and Password that have been previously provided to you.
Other Requests: When you report a problem with our website or services we will collect contact information along with a description of your problem. When you contact us via the firm email addresses, we will collect your contact information and any information you include in your email.
When you pay a bill online under our "Online Payments" section, we ask for transaction information including your company name, first and last name, mailing address, phone number, email address, client matter number, invoice number and payment information. If you chose to pay with a bank account, payment information includes accountholder name, address, and phone number along with bank routing number and bank account number. If the account is a corporate bank account, we ask for the name of the person submitting the payment on behalf of the company.
What we do with the info we collect
We process your information for the legitimate interest of communicating with clients, prospective clients, and other users about our legal services and our events and publications related to developments in the law. Processing your information for the purposes described is necessary for us to do what we do and it’s in both of our interests. When we use your information based on our legitimate interests, we conduct a balancing test based on the legitimate interest, necessity of processing your information, and how such processing impacts you.
If you have any questions or concerns with us processing your information for this legitimate interest, please email us at email@example.com.
We’ll ask for your consent before using your information for a purpose that extends beyond what you may reasonably expect from a law firm and that has a more significant privacy impact.
We occasionally hire other companies to provide limited services on our behalf, including website development and operation, preparing marketing materials, sending postal mail or email, analyzing website use, job applications, processing payments and processing data. We will only provide those companies the information they need to deliver the service, and they are contractually prohibited from using that information for any other reason.
What are Cookies and other collection technologies and how do we use them?
- Provide you with personalized content based on your use of our website
- Enable you to more easily use our website by remembering and using contact information
- Evaluate, monitor and analyze the use of our site and its traffic patterns to help improve our website and services
The types of technologies we use include:
We also employ a software technology known as a pixel tag or Web beacon. A pixel tag is a line of code that we place on our website or in e-mails which allows us to analyze our marketing and the general usage patterns of visitors to our website. These help us better manage content on our website by informing us what content or promotions are effective. Unless you consent, we do not collect personally identifiable information from you through the use of pixel tags. You may not disable pixel tags.
IP ADDRESSES AND LOG FILES
We record the IP addresses of visitors to our website. Recording these IP addresses is necessary for the website to function. Our server software keeps access logs, error logs, and security audit logs. This collection is critical in detecting and preventing fraud or unauthorized system access and addressing threats such as a DOS attack. We do not associate this log file information with other information.
Indirect Collection – Social Networking
Indirect Collection – Analytics
Opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here.
We use Google Analytics to analyze the use of our website. We do not transfer personal information to Google Analytics.
What choices do you have about your info?
If you have signed up to receive e-alerts and marketing emails from us, you can unsubscribe or change your preferences by clicking on the links attached to the email.
You may also send us an email at firstname.lastname@example.org to request access to, correct, or delete any personal information that you have provided to us. Please note, we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
You may have heard about “Do Not Track” (DNT), which is a privacy preference that users can set in their web browsers. Our website does not support DNT codes.
How we protect your information
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long do we keep your information?
We keep your information only so long as we need it to provide the service you’ve requested of us (e-alerts, event information, etc.) and fulfill the purposes described in this policy. When we no longer need to use your information for the purpose we collected it and there is no need for us to keep it to comply with our legal obligations, we’ll either remove it from our systems or depersonalize it so that we can't identify you.
Our policy on children’s information
If you are under 18 years of age you should not provide information to us without the involvement of a parent or guardian. We do not collect online contact information without prior parental consent or parental notification, including an opportunity for the parent to prevent use of the information and participation in the activity. We do not knowingly solicit personal information online from, or market online to, children under the age of 13.
For our friends in the EU
COLLECTION OF PERSONAL DATA
When you visit our website, we collect the personal data described above under "What Do We Collect and How?" In our legal practice, we typically represent corporate entities who are not data subjects under the GDPR. Sometimes, in providing services, we may receive personal information of individuals such as officers, representatives, adverse parties, related parties, vendors, suppliers, professional advisors and government representatives.
LEGAL BASIS FOR PROCESSING YOUR INFORMATION
As discussed above, we process your information for the legitimate interest of communicating with clients, prospective clients, and other users about our legal services and our events and publications related to developments in the law. Processing your information for the purposes described is necessary for us to do what we do and it’s in both of our interests. When we use your information based on our legitimate interests, we conduct a balancing test based on the legitimate interest, necessity of processing your information, and how such processing impacts you.
We use personal information collected in the course of providing legal services solely to provide such legal services to our clients. Such processing is necessary for our compliance with legal obligations and our ethical and professional duties as lawyers. Our processing may also be necessary to fulfill a contract we have with you, such as an engagement letter for legal services.
Transfer of Personal Data
The firm and our websites are based in the United States and, regardless of where you access the website, the information collected as part of that use will be transferred to and maintained on servers located in the United States. The European Commission has determined that the US lacks an adequate level of protection for personal information of EU data subjects. The firm is not currently certified under the Privacy Shield. By providing your information, you are consenting to the transfer of your personal data to the U.S.
Although there is risk in transmitting your information to a country that does not have adequate protection, Stinson does take steps to secure your personal data. If you are aware that you will be transferring personal information to us, we will execute a Data Protection Agreement that includes Standard Contract Clauses for the transfer of personal information from the EU to the United States.
The GDPR provides you with certain privacy rights. You may also request to have your information deleted, although we may retain information for backups, prevention of fraud and abuse, satisfaction of legal obligations or other ongoing legitimate interests. You may decline to share certain personal data, in which case we may not be able to provide you with some features and benefits.
Right of Access
If you wish to access your personal information, please contact us at the address or number below.
Right to Correction
If the personal information we hold about you is inaccurate or incomplete, you may request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible. You may also ask us with whom we have shared your information. We will let you know, where possible and lawful, so that you can contact them directly.
Right to Erasure
You may ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to have your information deleted and if we have shared your personal information with others, we will let them know about the deletion where possible. You may also ask us with whom we have shared your information. We will let you know, where possible and lawful, so that you can contact them directly about erasure.
Right to Object
If you are an EU resident, you have the right to object to our processing that is based on legitimate interests by contacting us at the address or number below. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
Right to Data Portability
If you are an EU resident, you have the right you have the right, in certain circumstances, to receive a copy of personal information we've obtain from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Rights in Relation to Automated Decision-Making and Profiling
Right to Withdraw Consent
If you provide your consent to the processing of your personal information and that consent forms our legal basis for processing, you have the right to withdraw your consent at any time by contacting us at the number below.
Right to Lodge a Complaint
If you are located in the EU and you believe that we have infringed your rights under the GDPR, please contact us by sending an email to email@example.com or calling us at: (816) 842-8600.
You have the right to lodge a complaint with a supervisory authority in your applicable Member State.
For our friends in CA
California Civil Code Section 1798.83 permits our website visitors who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please make sure to state that you are a California Resident.
After January 1, 2020, you will have additional rights under the California Consumer Privacy Act of 2018 (CCPA). If you are a resident of the State of California, you will have the right to:
- Request what personal information we have collected about you, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold;
- “Opt out” of allowing a us to sell your personal information to third parties;
- Require us to delete your personal information with some limited exceptions such as completing transactions, detecting security incidents and complying with legal obligations; and
- Receive equal service and pricing even if your exercise your privacy rights under the CCPA.
The CCPA also provides that if a company has a privacy notice that allows you to opt-out or opt-in to the use of your personal information by third parties (such as advertisers or affiliated companies) for marketing purposes, the company may instead provide you with information on how to exercise your disclosure choice options.
We do not currently share your personal information with third parties for marketing purposes. Therefore, we do not maintain a list of third parties with whom we share personal information for marketing purposes. If that changes, we will update our privacy notice.
If you are a California resident and still wish to request information about how to exercise your third party disclosure choices after January 1, 2020, you must send a request to the by email or postal mail to the address below.
How we make changes to this policy
We may change this policy from time to time and if we do, we’ll post any changes on this page. If you continue to use our website after those changes are in effect, you agree to the new policy. If the changes are significant, we may provide a more prominent notice or get your consent, as required by law.
If you have any questions about this policy or need to contact Stinson to exercise your rights as a data subject under the GDPR, please contact Stinson’s Privacy Officer at: email@example.com or call us at (816) 842-8600.
Last Updated: May 1, 2019