What do we collect and how?
Anonymous and Aggregated Web Traffic Information
General traffic, site usage, browser information, length-of-stay information, and location data, is collected and stored in log files. This type of information is collected and used on an anonymous, aggregated basis meaning that we do not connect this information to your name or other personal information.
Personal Information (non-financial)
We collect all or some of the following personal information: first and last name, email address, company and other information, in the following contexts:
Alerts and Announcements: We use your contact information to provide you with e-alerts about legal developments and information about Stinson sponsored seminars and events. We always give you the opportunity to opt-out of these communications.
Extranet Site: When you log into our client extranet site to upload documents, we ask you for the Username and Password that have been previously provided to you.
Other Requests: When you report a problem with our website or services we will collect contact information along with a description of your problem. When you contact us via the firm email addresses, we will collect your contact information and any information you include in your email.
When you pay a bill online under our "Online Payments" section, we ask for transaction information including your company name, first and last name, mailing address, phone number, email address, client matter number, invoice number and payment information. If you chose to pay with a bank account, payment information includes accountholder name, address, and phone number along with bank routing number and bank account number. If the account is a corporate bank account, we ask for the name of the person submitting the payment on behalf of the company.
What we do with the info we collect
We process your information for the legitimate interest of communicating with clients, prospective clients, and other users about our legal services and our events and publications related to developments in the law. Processing your information for the purposes described is necessary for us to do what we do and it's in both of our interests. When we use your information based on our legitimate interests, we conduct a balancing test based on the legitimate interest, necessity of processing your information, and how such processing impacts you.
If you have any questions or concerns with us processing your information for this legitimate interest, please email us at email@example.com.
We'll ask for your consent before using your information for a purpose that extends beyond what you may reasonably expect from a law firm and that has a more significant privacy impact.
We occasionally hire other companies to provide limited services on our behalf, including website development and operation, preparing marketing materials, sending postal mail or email, analyzing website use, job applications, processing payments and processing data. We will only provide those companies the information they need to deliver the service, and they are contractually prohibited from using that information for any other reason.
What are Cookies and other collection technologies and how do we use them?
- Provide you with personalized content based on your use of our website
- Enable you to more easily use our website by remembering and using contact information
- Evaluate, monitor and analyze the use of our site and its traffic patterns to help improve our website and services
The types of technologies we use include:
We also employ a software technology known as a pixel tag or Web beacon. A pixel tag is a line of code that we place on our website or in e-mails which allows us to analyze our marketing and the general usage patterns of visitors to our website. These help us better manage content on our website by informing us what content or promotions are effective. Unless you consent, we do not collect personally identifiable information from you through the use of pixel tags. You may not disable pixel tags.
IP ADDRESSES AND LOG FILES
We record the IP addresses of visitors to our website. Recording these IP addresses is necessary for the website to function. Our server software keeps access logs, error logs, and security audit logs. This collection is critical in detecting and preventing fraud or unauthorized system access and addressing threats such as a DOS attack. We do not associate this log file information with other information.
Indirect Collection – Social Networking
Indirect Collection – Analytics
Opt-out: Download the browser plugin "Google Analytics Opt-out Browser Add-on" here.
We use Google Analytics to analyze the use of our website. We do not transfer personal information to Google Analytics.
What choices do you have about your info?
If you have signed up to receive e-alerts and marketing emails from us, you can unsubscribe or change your preferences by clicking on the links attached to the email.
You may also send us an email at firstname.lastname@example.org to request access to, correct, or delete any personal information that you have provided to us. Please note, we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
You may have heard about “Do Not Track” (DNT), which is a privacy preference that users can set in their web browsers. Our website does not support DNT codes.
How we protect your information
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We use two factor authentication for remote access to our systems.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long do we keep your information?
We keep your information only so long as we need it to provide the service you've requested of us (e-alerts, event information, etc.) and fulfill the purposes described in this policy. When we no longer need to use your information for the purpose we collected it and there is no need for us to keep it to comply with our legal obligations, we'll either remove it from our systems or depersonalize it so that we can't identify you.
Our policy on children’s information
If you are under 18 years of age you should not provide information to us without the involvement of a parent or guardian. We do not collect online contact information without prior parental consent or parental notification, including an opportunity for the parent to prevent use of the information and participation in the activity. We do not knowingly solicit personal information online from, or market online to, children under the age of 13.
For our friends in the EU
COLLECTION OF PERSONAL DATA
When you visit our website, we collect the personal data described above under "What Do We Collect and How?" In our legal practice, we typically represent corporate entities who are not data subjects under the GDPR. Sometimes, in providing services, we may receive personal information of individuals such as officers, representatives, adverse parties, related parties, vendors, suppliers, professional advisors and government representatives.
LEGAL BASIS FOR PROCESSING YOUR INFORMATION
As discussed above, we process your information for the legitimate interest of communicating with clients, prospective clients, and other users about our legal services and our events and publications related to developments in the law. Processing your information for the purposes described is necessary for us to do what we do and it's in both of our interests. When we use your information based on our legitimate interests, we conduct a balancing test based on the legitimate interest, necessity of processing your information, and how such processing impacts you.
We use personal information collected in the course of providing legal services solely to provide such legal services to our clients. Such processing is necessary for our compliance with legal obligations and our ethical and professional duties as lawyers. Our processing may also be necessary to fulfill a contract we have with you, such as an engagement letter for legal services.
Transfer of Personal Data
The firm and our websites are based in the United States and, regardless of where you access the website, the information collected as part of that use will be transferred to and maintained on servers located in the United States. The European Commission has determined that the US lacks an adequate level of protection for personal information of EU data subjects. The firm is not currently certified under the Privacy Shield. By providing your information, you are consenting to the transfer of your personal data to the U.S.
Although there is risk in transmitting your information to a country that does not have adequate protection, Stinson does take steps to secure your personal data. If you are aware that you will be transferring personal information to us, we will execute a Data Protection Agreement that includes Standard Contract Clauses for the transfer of personal information from the EU to the United States.
The GDPR provides you with certain privacy rights. You may also request to have your information deleted, although we may retain information for backups, prevention of fraud and abuse, satisfaction of legal obligations or other ongoing legitimate interests. You may decline to share certain personal
Right of Access
If you wish to access your personal information, please contact us at the address or number below.
Right to Correction
If the personal information we hold about you is inaccurate or incomplete, you may request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible. You may also ask us with whom we have shared your information. We will let you know, where possible and lawful, so that you can contact them directly.
Right to Erasure
You may ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to have your information deleted and if we have shared your personal information with others, we will let them know about the deletion where possible. You may also ask us with whom we have shared your information. We will let you know, where possible and lawful, so that you can contact them directly about erasure.
Right to Object
If you are an EU resident, you have the right to object to our processing that is based on legitimate interests by contacting us at the address or number below. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
Right to Data Portability
If you are an EU resident, you have the right you have the right, in certain circumstances, to receive a copy of personal information we've obtain from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Rights in Relation to Automated Decision-Making and Profiling
Right to Withdraw Consent
If you provide your consent to the processing of your personal information and that consent forms our legal basis for processing, you have the right to withdraw your consent at any time by contacting us at the number below.
Right to Lodge a Complaint
If you are located in the EU and you believe that we have infringed your rights under the GDPR, please contact us by sending an email to email@example.com or calling us at: 877-317-3502.
You have the right to lodge a complaint with a supervisory authority in your applicable Member State.
Your California Privacy Rights
The California Civil Code Section 1798.100–199, known as the California Consumer Privacy Act of 2018 ("CCPA"), gives California residents specific rights regarding their personal information which we collect for professional business purposes. To make such a request, please send an email to firstname.lastname@example.org or mail us at:
1201 Walnut Street
Kansas City, MO 64106
Please make sure to state that you are a California Resident. When validating a request, we may require additional information to verify your identity and determine the validity of such request for information in compliance with the CCPA.
Scope of Notice
This notice applies to personal information we collect about California residents both online and offline. It applies to California residents who are users of our websites; our clients; event attendees; individuals inquiring about our services; and all other California residents from whom we collect personal information.
As defined in the CCPA, personal information includes any information that identifies, relates to, or could reasonably be linked to a California resident or household. It includes identifiers, characteristics of protected classes, commercial information, biometrics, internet or electronic information, geolocation data, audio/visual or similar information, employment and educational information, and inferences drawn from any identifiable information. Personal information does not include publicly available information from a public government record.
This notice does not apply to information that is exempt from CCPA disclosure requirements. This includes personal information of individuals acting in their capacity as representatives of our clients, prospect clients, vendors, and other businesses that we conduct business with to the extent the information is collective with respect to a business-to-business transaction or business relationship. This disclosure also does not apply to individuals who are not California residents, any personal information exempted under Cal. Civ. Code Section 1798.145, or any other personal information not contemplated in the CCPA.
Rights of California Residents Under the CCPA
If you are a resident of the State of California, you have the following additional rights under the California Consumer Privacy Act of 2018 (CCPA):
- Right to Know — California residents may request that we disclose the following about the personal information we have used or collected over the 12-month period preceding a request:
- Categories of personal information collected;
- Specific pieces of personal information not otherwise protected by another form of privacy protection or subject to an exception;
- Categories of the sources from which we obtain personal information;
- Purposes for which we use the personal information;
- Categories of the third parties with whom we share personal information; and
- Categories of personal information we sell or disclose to third parties.
- Right to Opt-Out of Sale — Subject to exceptions, California residents may "opt-out" of allowing us to sell your personal information to third parties.
- Stinson, LLP does not sell information to third parties (such as advertisers or affiliated companies) for any valuable consideration (such as for marketing purposes). Therefore, we do not maintain a list of third parties with whom we sell personal information. If that changes, we will update our privacy notice. We do contract with third parties to provide employment application software and website analytics. These companies maintain their own privacy policies and information provided to them is subject to such privacy policies and notices.
- Right to Delete — Subject to exceptions, California residents may request we delete their personal information.
- Exceptions include, but are not limited to, information necessary for the following activities:
- Completing a transaction or service the individual requested;
- Detecting security incidents or identifying and repairing functionality issues;
- Complying with state or federal law or another legal obligation; and
- Solely internal activities aligning with the reasonable expectations of the consumers based on their business relationship with us.
- Exceptions include, but are not limited to, information necessary for the following activities:
- Right to Non-Discrimination — California residents must receive equal service and pricing even if they exercise their privacy rights under the CCPA. However, if California residents opt-out or request deletion of personal information necessary for us to provide a particular good or service, such good or service may not be completed or may be limited.
Categories of Information Collected
We collect the following categories of Personal Information:
- First and last name
- Email address
- Screen name or username for extranet and data room services
- Private password for extranet and data room services
- Mailing address
- Phone number
- Internet Protocol (IP) Address
- Social security number for job applicants
- Driver's license number for job applicants
- Personal Information Listed in the California Customer Records Statute
- The above identifiers
- Credit card number, expiration date and verification number for online bill payments
- Characteristics of Protected Classifications
- Not collected except as optional questions in job applications and HR materials
- Commercial Information
- Data you provide to us for legal work
- E-Alert and marketing event interests
- Experiences with the products and services we provide
- Data you upload to extranet or data room sites
- Survey responses
- Biometric Information
- We do not collect biometric information on our website
- Internet or Other Electronic Network Activity Information
- Domain name
- Browser type
- Operating system
- Usage data
- Geolocation Data
- Information that tells us from where you access our website
- Sensory Data
- Not collected
- Professional or Employment-Related Information
- Resumé information when you apply for a job.
- Non-public Education Information
- Resumé information when you apply for a job.
- Inferences Drawn from Other Personal Information
- Preferences for legal services of interest to you
Sources of Personal Information
We may collect the above information directly from an individual, automatically through website cookies, and from third parties such as clients, government entities, public record, data aggregators, parties involved in litigation, and other individuals and entities we interact with during the course of our business.
Purposes of Collecting, Using, and Disclosing Personal Information
As stated above, we use your information for the legitimate interest of communicating with clients, prospective clients, and other users about our legal services, events and publications related to developments in the law. We also collect information online which improves the performance, functionality and use of our website as well as for social media purposes through website cookies. We ask for your consent when requesting information outside of what you may reasonably expect from a law firm and that has a more significant privacy impact.
Categories of Information Provided to Third Parties
How to make a Deletion, Access or Opt-Out request.
If you are a California resident and still wish to request information about how to exercise your third party disclosure choices 2020, you must send a request to email@example.com, call 877-317-3502, or postal mail to the address below.
1201 Walnut Street
Kansas City, MO 64106
How we make changes to this policy
We may change this policy from time to time and if we do, we'll post any changes on this page. If you continue to use our website after those changes are in effect, you agree to the new policy. If the changes are significant, we may provide a more prominent notice or get your consent, as required by law.
If you have any questions about this policy or need to contact Stinson to exercise your rights as a data subject under the GDPR, please contact Stinson’s Privacy Officer at: firstname.lastname@example.org or call us at 877-317-3502.
Last Updated: September 25, 2020