WEBSITE DATA PROTECTION POLICY AND PRIVACY NOTICE

Effective Date January 1, 2023

1. Introduction

This is the website data protection policy and privacy notice (“Policy”) for Mintz Group LLC (a Limited Liability Company incorporated in Delaware, USA) and associated offices of MG practicing under the MG name in other jurisdictions, together referred to as “MG” or “we.”

This Policy describes the types of Personal Information (as defined below) we collect, how we may use it and with whom we may share it; how we protect your information; and your rights with respect to your Personal Information. You can read our EU Privacy Policy at https://mintzgroup.com/gdpr/. If you are a MG employee or job applicant, our policies and practices regarding the collection and processing of your Personal Information are detailed in our Employee Privacy Notice.

In addition to this Policy, we may separately provide you with other specific notices regarding your Personal Information, depending on the nature of our relationship with you and the context in which we collect your Personal Information. Any such separate notice should be read in conjunction with this Policy and, to the extent there is any conflict between such separate notice and this Policy, such separate notice shall control. For the purposes of certain data protection and privacy laws, we act as a controller in respect of your Personal Information. In addition, we may collect certain categories of Personal Information from or about you as a service provider to our clients. Such Personal Information is not covered by this policy and is instead subject to any privacy policy maintained by such client.

This Policy may change from time to time and you should review it periodically. This Policy is available in alternative formats upon request. Please contact dataprotectionteam@mintzgroup.com or 855-594-2130 to request this Privacy Notice in an alternative format.

2. DEFINITIONS

The following definitions shall apply to this Policy:

• “Personal Information” means any information which directly or indirectly identifies a natural living person, which is in the possession or under the control of MG (or its representatives or service providers). Such personal information may include name, an identification number, email address, address, telephone number, location data, financial data, or an online identifier of that natural living person. In addition to factual information, it may include any expression of opinion about an individual and any indication of the intentions of MG or any other person in respect of an individual. If you are a resident of a jurisdiction with data protection legislation that provides a different definition for this or any similar term (e.g. “personal data”) then “Personal Information” shall also include the data covered by such definition. For the avoidance of doubt, “Personal Information” shall include the data covered by the definition of ‘Personal Information’ as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively referred to herein as the “CCPA”), and ‘Personal Data’ as defined under the Virginia Consumer Data Protection Act (“VCDPA”).
• “Sensitive Personal Information” has the meaning ascribed to this or any similar term provided by applicable data protection legislation (e.g. “sensitive personal data”, “sensitive data,” or “special categories of personal data”).

3. OUR COLLECTION AND USE OF PERSONAL INFORMATION

We may collect Personal Information directly from you, as well as from other sources, such as social media platforms, publicly available databases, joint marketing partners, press releases issued by companies and organizations, professional and other association membership lists, referrals from clients and other third parties, and lists of attendees at industry conferences and events. In the past 12 months, we have collected the following categories of Personal Information from or about you from the following sources:

• Online Activity and Geolocation Data.
  • Cookies, Device and Usage Information.  Like many organizations, MG’s web servers (computers that host websites) place a “cookie” (a small data file) on the hard drive of your computer when you first connect to our site.  As a result,when you access our website, your computer’s browser may automatically provide us with certain information about your computer’s browser type, operating system and IP address, as well as your access date and time and your referring and exiting URLs. For more information about cookies and for guidance on how to refuse cookies, please see Section 8 below.
  • Web Beacons. This website may use a technology known as “web beacons” (also known as Internet tags, pixel tags and clear GIFs) that allow this website to collect web log information from your device when you visit our website. The web beacon technology automatically recognizes and collects from your device the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using, the type of operating system you are using, and the domain name and address of your Internet service provider. We also include web beacons in some promotional e-mail messages in order to determine whether messages have been opened.

• Identifiers, Protected Classifications, and Professional and Employment-Related Information. In order to access certain areas of our website, sign up or register for MG-sponsored events, sign up for news, alerts or publications from MG, submit your resume or other information to apply for a job with MG, contact us or obtain further information from us via our website, we collect information directly from you, including your name, address, telephone number, email address, organizational affiliation and certain other information that MG may use to identify you (known as “Identifiers”). This information may include protected classifications under California or federal law, including race, color, national origin, religion, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, genetic information, disability, citizenship status, and military and veteran status. If you choose not to provide such information, you may not be able to access certain areas of MG’s website or to receive information that you have requested from MG. MG may also collect Identifiers and professional and employment-related information from you directly as a potential or actual client of MG or as a visitor to MG’s website, as well as from social media and professional networking platforms, proprietary databases and other public record sources, including news articles, regulatory filings and corporate record filings.
• Other information you create or provide to us, including the content of your communications with us.

We do not knowingly collect or solicit any categories of Personal Information from any individual under the age of eighteen (18).

Use of Personal Information. We have used your Personal Information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including, for example, to: develop, improve, repair, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain and secure our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, auditing, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.

Sensitive Personal Information. Some of the information we collect from or about you, as described above, may be defined as Sensitive Personal Information, which may include racial or ethnic origin; religious beliefs; biometric data; as well as contents of a consumer’s mail, email and text messages. To the extent we collect your Sensitive Personal Information, we will not use or disclose such information for purposes other than (i) to perform services/goods that you reasonably expect from us; (ii) to prevent, detect and investigate security incidents; (iii) to resist illegal actions directed at the business and prosecute or defend our rights; (iv) to ensure the physical safety of others; (v) for short-term, transient use; (vi) to perform services necessary for the business; (vii) to verify and maintain the quality and safety of our product or services; and (viii) generally for purposes that do not infer characteristics about you.

Do Not Track Signals. MG does not track its users over time or across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.

4. DISCLOSURE OF PERSONAL INFORMATION

We do not sell Personal Information to third parties or target advertising to individuals based on their Personal Information obtained from their online activity on nonaffiliated websites or applications (“cross-context behavioral advertising” or “targeted advertising”).

We disclose Personal Information to the following categories of third parties:

• We may share data with our clients as part of the work we do for them.
• “Marketing Partners” We may share data with our marketing partners to permit them to send you marketing communications on our behalf, consistent with your choices.
• We may share data in the context of litigation discovery and in response to regulatory inquiries, subpoenas and court orders.
• We may share data in connection with a corporate transaction such as a sale, merger or other change in corporate control or a restructuring, or in the unlikely event of a bankruptcy.

In addition, we may disclose or transfer your information to relevant third parties in the event of a divestiture, merger, consolidation, or asset sale, or in the unlikely event of a bankruptcy. We may share anonymous or aggregated data with third parties such as service providers in order to facilitate our business operations. To the extent such data constitutes de-identified data under the CCPA, VCDPA, CPA, or UCPA, we will maintain and use such data without attempting to re-identify the data.

In the preceding 12 months, we disclosed the following categories of Personal Information to the following categories of third parties for the following business purposes:

Categories of Personal Information	Categories of Third Parties	Business Purposes
Identifiers	Service Providers, Clients, Social Networks, Marketing Partners, Legal Authorities, Other Parties in Litigation, Counterparties in Corporate Transactions	Operating, managing, and maintaining our business; providing our products and services; developing, improving, repairing, and maintaining our products and services; personalizing and marketing our products and services; conducting research, analytics, and data analysis; maintaining and securing our facilities and infrastructure; undertaking quality and safety assurance measures; conducting risk and security control and monitoring; detecting and preventing fraud; performing identity verification; performing accounting, auditing, and other internal functions, such as internal investigations; complying with law, legal process, and internal policies; maintaining business records; and exercising and defending legal claims.
Protected Classifications	Service Providers, Clients, Social Networks, Legal Authorities, Other Parties in Litigation, Counterparties in Corporate Transactions	Operating, managing, and maintaining our business; providing our products and services; developing, improving, repairing, and maintaining our products and services; personalizing and marketing our products and services; conducting research, analytics, and data analysis; maintaining and securing our facilities and infrastructure; undertaking quality and safety assurance measures; conducting risk and security control and monitoring; detecting and preventing fraud; performing identity verification; performing accounting, auditing, and other internal functions, such as internal investigations; complying with law, legal process, and internal policies; maintaining business records; and exercising and defending legal claims.
Online Activity	Service Providers, Social Networks, Legal Authorities, Other Parties in Litigation, Counterparties in Corporate Transactions	Operating, managing, and maintaining our business; providing our products and services; developing, improving, repairing, and maintaining our products and services; personalizing and marketing our products and services; conducting research, analytics, and data analysis; maintaining and securing our facilities and infrastructure; undertaking quality and safety assurance measures; conducting risk and security control and monitoring; detecting and preventing fraud; performing identity verification; performing accounting, auditing, and other internal functions, such as internal investigations; complying with law, legal process, and internal policies; maintaining business records; and exercising and defending legal claims.
Professional and Employment-Related Information	Service Providers, Clients, Legal Authorities, Other Parties in Litigation, Counterparties in Corporate Transactions	Operating, managing, and maintaining our business; providing our products and services; developing, improving, repairing, and maintaining our products and services; personalizing and marketing our products and services; conducting research, analytics, and data analysis; maintaining and securing our facilities and infrastructure; undertaking quality and safety assurance measures; conducting risk and security control and monitoring; detecting and preventing fraud; performing identity verification; performing accounting, auditing, and other internal functions, such as internal investigations; complying with law, legal process, and internal policies; maintaining business records; and exercising and defending legal claims.

5. LINKS TO OTHER WEBSITES

From time to time, we may provide links to other websites for your information or convenience or offer additional services through separate websites linked to this website. These websites operate independently from our website and may be subject to alternative terms of use, including terms concerning use of your Personal Information. We have not reviewed these third party sites and do not control and are not responsible for any of these sites, their content or their privacy policies. Thus, we do not endorse or make any representations about them, or any information, software, or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites listed on our website, you do so at your own risk.

6. RETENTION AND SECURITY

We only store your information for as long as may be needed to provide services to you, with the exception of information that we may need to store for a longer period of time to comply with legal or regulatory obligations, resolve disputes, enforce our agreements, or for records management purposes. Even after removal, copies of information that you have posted may remain viewable in cached and archived pages or if other users have copied or stored such information.

We have implemented and maintain commercially reasonable and appropriate technical and organizational measures designed to protect the confidentiality, integrity, and security of your Personal Information. Please note, however, that no security measures are perfect or impenetrable. We therefore cannot guarantee and do not warrant the absolute security of your Personal Information.

Depending on your location, the Personal Information we collect about you may be transferred to a jurisdiction that does not provide the same level of protection of Personal Information as the jurisdiction in which you reside. Where such transfers occur, we have adopted appropriate safeguards to better protect your Personal Information, consistent with applicable legal requirements. You may contact us using the contact information provided below to learn more about the appropriate safeguards that apply to your Personal Information and to request a copy of such safeguards.

7. YOUR RIGHTS

To the extent provided by the law of your jurisdiction, you may have legal rights in relation to the Personal Information about you that MG holds. These rights may include:

• the right to refuse to provide any Personal Information and the right to object at any time to the processing of your Personal Information. Please note that such refusal or objection may prevent us from providing services to you;
  • the right to confirm whether we process your Personal Information and to obtain information regarding the processing of your Personal Information and access to the Personal Information about you that MG holds (including any available information as to the source of the Personal Information);
  • where consent was provided for certain processing activities, the right to withdraw your consent to the collection, processing, use and/or disclosure of your Personal Information at any time. Please note, however, that this will not affect the lawfulness of any collection, processing, use or disclosure undertaken before your withdrawal and that MG may still be entitled to process your Personal Information if it has another legitimate reason (other than consent) or a consent exception for doing so. In some cases, withdrawing your consent to the collection, use process or disclosure of some or all of your Personal Information may prevent us from providing services to you;
  • in some circumstances, the right to receive a copy of some Personal Information in a structured, commonly used and machine-readable format and/or request that MG transmit that data to a third party where this is technically feasible. Please note that this right may, depending on the jurisdiction, only apply to Personal Information that you have provided to MG;
  • the right to request that MG correct or rectify your Personal Information if it is inaccurate or incomplete;
  • in some circumstances, the right to request that MG delete or erase your Personal Information. Please note that such a request may prevent us from providing services to you and there may be circumstances where MG is legally entitled to retain Personal Information regardless of any such request;
  • in some circumstances, the right to request that MG restrict, anonymize or block its processing of your Personal Information. Please note that such a request may prevent us from providing services to you and there may be circumstances where MG is legally entitled to retain Personal Information regardless of any such request;
  • in some circumstances, the right to obtain information about the public and private entities with which MG made shared use of the Personal Information as a joint controller;
  • in some circumstances, the right to receive information on the possibility of not providing consent and on the consequences of the refusal;
  • in some circumstances, the right to non-discrimination against you for exercising your legal rights in relation to your Personal Information; and
  • where applicable, the right to lodge a complaint with the data protection regulator in your jurisdiction if you think that any of your rights have been infringed by MG.

You can inquire about your rights, which are applicable to you, by contacting MG using the details listed below in Section 10.

8. COOKIES AND HOW TO REMOVE THEM

When you use this website, we may send one or more cookies (which are small text files containing a string of alphanumeric characters) to your computer or mobile device, to help analyze our web page flow, customize our content, measure promotional effectiveness, and promote trust and safety.  You are always free to decline our cookies if your browser permits, although doing so may interfere with your ability to use this website or certain features of this website.  We may also use Google Analytics or a similar service that uses cookies to help us analyze how users use this website.

9. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, this section of the Policy is intended to provide you with information concerning your rights under the CCPA. 

If you are a California resident, you have the right to request certain information from us regarding the manner in which we share with third parties certain categories of information that identify you. MG does not share Personal Information with third parties for those third parties’ own direct marketing purposes.

The CCPA provides you with certain rights that are in addition to the rights set out in Section 7 above:

1. the right to request, up to twice in a twelve month period, your Personal Information (including, as applicable, any available information as to the source of the Personal Information, the retention period for the Personal Information, MG’s purposes for collecting such Personal Information, the categories of Personal Information we have disclosed and the categories of third parties to whom such Personal Information has been disclosed) in a format that is portable and, to the extent technically feasible, in a readily useable format that will allow you to transmit it to another entity.
2. the right to request that we delete your Personal Information, except in circumstances where MG is legally entitled to retain Personal Information regardless of any such request.
3. the right to request that we correct inaccurate Personal Information maintained about you.
4. the right to opt out of any sale of your Personal Information to any third parties or the sharing of your Personal Information for the purposes of cross context behavioral advertising.  Note that we do not sell Personal Information to third parties or share it with third parties for purposes of cross context behavioral advertising.
5. the right to limit our use of your Sensitive Personal Information to those uses which are necessary to perform our services or provide goods as reasonably expected. If MG collects any sensitive personal information, it will use it only for purposes listed above in Section 3. As such, any sensitive personal information that we collect does not come within this right to limit use.
6. the right not to face discrimination, as defined under the law, for exercising your rights.

If you wish to exercise any of the rights enumerated in this section, please contact us at www.mintzgroup.com, 855-594-2130 or via the contact information provided in Section 10 below. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request.  We may need to request additional Personal Information from you, such as a copy of your ID, in order to verify your identity and protect against fraudulent requests.  We may send our response to your request to the contact point in our records that is associated with the Personal Information that is requested.  If you make a request to delete Personal Information, we may ask you to verify your request before we delete your Personal Information. We will use the information you submit and the information we have in our systems to try to verify your identity and to match the Personal Information we have collected about you, if any, to your identity.

If you are the authorized agent of a consumer, exercising a consumer’s right on behalf of the consumer, we will ask you for:

1. proof of your registration with the California Secretary of State to conduct business in California; and
2. proof that the consumer has authorized you to exercise a consumer’s right on the consumer’s behalf.  This must be a permission signed by the consumer. “Signed” means that the permission has either been physically signed or provided electronically in accordance with the Uniform Electronic Transactions Act, Civil Code 1633.7 et seq.

If an authorized agent has not provided us with a power of attorney from the consumer pursuant to Probate Code sections 4000-4465, we may also:

1. Require the consumer to provide you with a written permission signed by the consumer to make the request on the consumer’s behalf
2. Verify the identity of the consumer as we would if the consumer were making the request personally.
3. Obtain verification from the consumer that they provided the authorized agent permission to make the request.

10. HOW TO CONTACT US

If you have any questions or complaints about MG’s handling of your Personal Information, or about this Policy, please contact us using the contact information set out below.

Mintz Group, LLP
116 E 16^th Street, 4^th Floor
New York, New York, 10003

Attn: General Counsel

Email: dataprotectionteam@mintzgroup.com

11. UPDATES TO THIS PRIVACY POLICY

We may update or change this Policy. The “Effective Date” at the top of this page states when this Policy was last revised. Any change to this Policy will become effective when we post the revised Policy on our website. Keep in mind that your use of our website means that you accept our Policy.

If any change may materially and negatively affect the privacy of your Personal Information, we will use reasonable efforts to notify you in advance and give you a reasonable period of time to object to any changes.

We encourage you to periodically review this Policy to stay informed about how we collect, use, and share Personal Information.