Privacy Policy
Privacy Policy
Last Updated: January 1, 2023
Morrison & Foerster LLP and its affiliates want you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we collect online and offline:
COLLECTION OF PERSONAL INFORMATION
Collectively, we refer to the Websites, the Apps, Our Social Media, Emails, SharePoint Sites, Client Services and Offline Interactions as the “Services.”
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual.
We and our service providers collect Personal Information in a variety of ways, including:
We need to collect Personal Information in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
USE OF PERSONAL INFORMATION
We and our service providers use Personal Information for legitimate business purposes, including:
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
We will engage in this activity with your consent or where we have a legitimate interest.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
DISCLOSURE OF PERSONAL INFORMATION
We disclose Personal Information:
We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:
OTHER INFORMATION
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual
If we are required to treat Other Information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy.
We and our service providers may collect Other Information in a variety of ways, including:
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
SECURITY
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
CHOICES AND ACCESS
You have choices regarding marketing-related communications. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the unsubscribe instructions in any such message or by contacting us by email at MoFoNews@MoFo.com. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
If you would like to request to review, correct, update, suppress/delete, or object to or restrict processing of Personal Information that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company, please use our online form which you can find here, or feel free to contact us in accordance with the Contacting Us section below. We will respond to your request consistent with applicable law. If you are a California resident, please refer to the “Additional Information Regarding California” section at the end of this Policy for more information about the requests you may make under the CCPA.
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note, however, that certain Personal Information may be exempt from requests pursuant to applicable data protection laws or other laws and regulations, such as for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
RETENTION PERIOD
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
THIRD PARTY SERVICES
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties.
This includes any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media.
SPECIAL NOTIFICATION ABOUT WEBINARS
Webinars offered as a service to users of the Services (“Webinars”) are hosted by unaffiliated third party vendors, and not by us.
Our third-party vendors require users to provide Personal Information. This Personal Information includes name and email address. Users seeking continuing legal education credit also may be asked to provide their State Bar number(s). Please note that this Personal Information is collected by our vendors and not by us. We encourage you to read the privacy statements of our vendors, which control how such vendors handle Personal Information provided by you to register for the Webinars.
Additionally, our third-party vendors provide us with Personal Information about users of our Webinars. We use this Personal Information to track attendance, to facilitate future communication with such users, and for other purposes set forth in this Privacy Policy.
USE OF SERVICES BY MINORS
The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 18.
CROSS-BORDER TRANSFER
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers. By using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
Some countries outside of the European Economic Area (the “EEA”) are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these “specified countries” is available here). The UK recognizes the EEA and the specified countries as providing an adequate level of data protection according to UK standards. For transfers from the EEA or the UK to countries not considered adequate by the European Commission or the UK government (as applicable), we have put in place adequate measures, such as standard contractual clauses adopted by the relevant authority, to protect your Personal Information. You may obtain a copy of these measures by clicking here.
SENSITIVE INFORMATION
We ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
UPDATES TO THIS PRIVACY POLICY
The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services.
CONTACTING US
Morrison & Foerster LLP, located at 425 Market Street. 32nd Floor, San Francisco, CA USA 94105, is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Policy.
If you have any questions about this Privacy Policy, please contact us.
You can reach us at Compliance@MoFo.com or at:
Morrison Foerster, Human Resources - Data Compliance, 425 Market Street, 32nd Floor, San Francisco, CA 94105
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
AFFILIATES
For purposes of this Privacy Policy, these entities are considered to be “affiliates” of Morrison & Foerster LLP:
ADDITIONAL INFORMATION REGARDING THE EEA AND THE UK
You may lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. A list of EEA data protection authorities is available at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Information regarding the UK data protection authority is available at: https://ico.org.uk/.
ADDITIONAL INFORMATION REGARDING CALIFORNIA
California Consumer Privacy Act
Pursuant to the California Consumer Privacy Act of 2018, as amended by the Consumer Privacy Rights Act of 2020, (collectively, the “CCPA”), we are providing the following additional details regarding the categories of Personal Information about California residents that we collect, use, and disclose about California residents and households. This section supplements the information provided above in this Privacy Policy.
Categories of Personal Information Collected and Disclosed
The following chart details which categories of Personal Information about California residents we plan to collect, as well as which categories of Personal Information we have collected and disclosed for our operational business purposes in the preceding 12 months:
Category of Information Collected | Disclosed | |
Identifiers such as name, postal address, online/device identifier, IP address, email address and social media account. | To affiliates and service providers. | |
Personal information as defined in the California customer records law, such as name, signature, contact information, and social media account handle and other information you may share or make public on social networks. | To affiliates and service providers. | |
Characteristics of protected classifications under California or federal law, which we may collect in order to provide you with our Client Services, such as age. | To affiliates and service providers. | |
Commercial information, such as Client Services transaction history, financial details and payment information. | To affiliates and service providers. | |
Internet or other electronic network activity information, such as browsing history and interactions with our Websites, applications, systems, and emails. | To affiliates and service providers. | |
Geolocation data, such as device location and IP location. | To affiliates and service providers. | |
Audio, electronic, visual and similar information, such as call recordings and CCTV footage created for safety and security purposes, and audio and video recordings of events, conferences and meetings. | To affiliates and service providers. | |
Professional or employment-related information, such as employer name and role/title. | To affiliates and service providers. | |
Education information subject to the federal Family Educational Rights and Privacy Act, such as student records. | To affiliates and service providers. | |
Sensitive Personal Information. Personal Information that reveals an individual’s Social Security, driver’s license, state identification card, government-issued ID or passport number. | To affiliates and service providers. |
We do not “sell” Personal Information, including Sensitive Personal Information, and we do not “share” Personal Information, including Sensitive Personal Information, for purposes of cross-context behavioral advertising, as defined under the CCPA.We have not engaged in such activities in the preceding 12 months. Without limiting the foregoing, we do not sell or “share” Personal Information, including Sensitive Personal Information, of minors under 16 years of age.
Purposes for the Collection and Use of Sensitive Personal Information
We may use Sensitive Personal Information for purposes of performing services for our business, providing goods or services as requested by you, ensuring security and integrity, short term transient use, servicing accounts, providing customer service, verifying customer information, processing payments, and activities relating to quality and safety control or product improvement.
Individual Requests
You may, subject to applicable law, make the following requests:
1. You may request that we disclose to you the following information:
a. The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
b. The business or commercial purpose for collecting Personal Information about you; and
c. The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).
2. You may request that we correct inaccuracies in your Personal Information.
3. You may request that we delete Personal Information we collected from you.
4. You may request to receive the specific pieces of your Personal Information, including a copy in a portable format.
To make a request, please use our online form which you can find here, or feel free to contact us in accordance with the Contacting Us section above or by calling toll-free at 1-866-734-0477.
We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. For your protection, we may need to request additional information from you (such as your name, email address, mailing address, and relationship with us) in order to verify your identity and protect against fraudulent requests. If you make a deletion request, we may ask you to verify your request before we delete your Personal Information.
You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
Authorized Agents
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.
De-Identified Information
Where we maintain or use de-identified information, we will continue to maintain and use that information only in a de-identified form and will not attempt to re-identify the information.
California “Shine the Light” Disclosures
As noted above in Disclosure of Personal Information, we may disclose Personal Information to affiliates of Morrison & Foerster LLP, which may use this information for all purposes outlined in this Privacy Policy. Because separate legal entities are considered “third parties” for purposes of California Civil Code Section 1798.83, and certain communications from our affiliates might be viewed as promoting their legal services. If you would like to learn more about this or to make a request to discontinue this type of sharing, please email us at Compliance@MoFo.com or by mail at the following address:
Morrison Foerster, Human Resources – Data Privacy, 425 Market Street, 32nd Floor, San Francisco, CA 94105
We will provide a list of the categories of Personal Information disclosed to third parties (i.e., our affiliates) for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We will respond to your request in accordance with applicable law and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this section.