WEBSITE DATA PROTECTION POLICY AND PRIVACY NOTICE
Effective Date June 1, 2022
This is the website data protection policy and privacy notice (“Policy”) for Mintz Group LLC (a Limited Liability Company incorporated in Delaware, USA) and associated offices of MG practicing under the MG name in other jurisdictions, together referred to as “MG” or “we.”
In addition to this Policy, we may separately provide you with other specific notices regarding your Personal Information, depending on the nature of our relationship with you and the context in which we collect your Personal Information. Any such separate notice should be read in conjunction with this Policy and, to the extent there is any conflict between such separate notice and this Policy, such separate notice shall control. For the purposes of certain data protection and privacy laws, we act as a controller in respect of your Personal Information.
This Policy may change from time to time and you should review it periodically.
The following definitions shall apply to this Policy:
“Personal Information” means any information which directly or indirectly identifies a natural living person, which is in the possession or under the control of MG (or its representatives or service providers). Such personal information may include name, an identification number, email address, address, telephone number, location data, financial data, or an online identifier of that natural living person. In addition to factual information, it may include any expression of opinion about an individual and any indication of the intentions of MG or any other person in respect of an individual. If you are a resident of a jurisdiction with data protection legislation that provides a different definition for this or any similar term (e.g. “personal data”) then “Personal Information” shall also include the data covered by such definition. For the avoidance of doubt, “Personal Information” shall include the data covered by the definition of ‘Personal Information’ as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively referred to herein as the “CCPA”), and ‘Personal Data’ as defined under the Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), and Utah Consumer Privacy Act (“UCPA”).
“Sensitive Personal Information” has the meaning ascribed to this or any similar term provided by applicable data protection legislation (e.g. “sensitive personal data”, “sensitive data” or “special categories of personal data”).
3. THE TYPES OF PERSONAL INFORMATION WE COLLECT
We may collect Personal Information directly from you, as well as from other sources, such as social media platforms, publicly available databases, joint marketing partners, press releases issued by companies and organizations, professional and other association membership lists, referrals from clients and other third parties, and lists of attendees at industry conferences and events. We may collect the following categories of Personal Information from or about you:
- Anonymous Browsing. You are able to browse the non-password-protected sections of MG’s website without actively providing us with your Personal Information. We do not collect Personal Information when you browse, such as your email address. However, when you access our website your computer’s browser may automatically provide us with certain information, including information about your computer’s browser type, operating system and IP address, as well as your access date and time and your referring and exiting URLs.
- Registration and Personal Information. In order to access certain areas of our website, sign up or register for MG-sponsored events, sign up for news, alerts or publications from MG, submit your resume or other information to apply for a job with MG, contact us or obtain further information from us via our website, we may ask you to provide information about yourself, including your name, address, telephone number, email address, organizational affiliation and certain other information that MG may use to identify you. If you choose not to provide such information, you may not be able to access certain areas of MG’s website or to receive information that you have requested from MG.
- Web Beacons. This website may use a technology known as “web beacons” (also known as Internet tags, pixel tags and clear GIFs) that allow this website to collect web log information. A web beacon is a graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit our website. The webserver automatically recognizes some non-personal information, such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using, the type of operating system you are using, and the domain name and address of your Internet service provider. We may also include web beacons in promotional e-mail messages in order to determine whether messages have been opened.
- Do Not Track Signals. MG does not track its users over time or across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.
4. OUR USE OF PERSONAL INFORMATION
We may use your Personal Information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including, for example, to: develop, improve, repair, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain and secure our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.
5. DISCLOSURE OF PERSONAL INFORMATION
We do not sell Personal Information to third parties or target advertising to individuals based on their Personal Information obtained from their online activity on nonaffiliated websites or applications (“cross-context behavioral advertising” or “targeted advertising”).
We have collected, and disclosed for a business purpose, the following categories of Personal Information within the last twelve (12) months:
- “Identifiers.” Identifiers, such as name and contact information;
- “Customer Records Information.” Personal Information as defined in the California customer records law, such as financial information;
- “Protected Class Information.” Characteristics of protected classifications under California or federal law, such as sex, age, race, and national origin;
- “Transaction Information.” Commercial information, such as transaction information and history;
- “Online Use Information.” Internet or network activity information, such as interactions with our website;
- “Geolocation Data.” Geolocation data such as device location and approximate location derived from IP address;
- “Audio/Video Data.” Audio, electronic, visual and similar information, such as photos and audio and video recordings;
- “Employment Information.” Professional or employment-related information, such as work history and prior employer; and
- “Inferences.” Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
We share Personal Information with the following categories of third parties:
- “Service Providers” We share with our trusted third-party service providers, to facilitate services they provide to us, such as internet services, personal information databases, website hosting, data analytics, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing, background checks, and other services.
- “Clients” We may share with our clients as part of the work we do for them.
- “Social Networks” We may share with social network platforms, who use the data we share in accordance with their own privacy policies.
- “Marketing Partners” We may share with our marketing partners to permit them to send you marketing communications, consistent with your choices.
- “Legal Authorities” We share with public and government authorities, including regulators and law enforcement, to respond to requests, as well as to protect and defend legal rights.
- “Other Parties in Litigation” We share information in the context of litigation discovery and in response to subpoenas and court orders.
In the preceding 12 months, we disclosed for our operational business purposes the following categories of Personal Information to the following categories of third parties:
|Categories of Personal Information||Disclosed to Which Categories of Third Parties for Operational Business Purposes|
|Identifiers||Service Providers, Clients, Social Networks, Marketing Partners, Legal Authorities, Other Parties in Litigation|
|Customer Records Information||Service Providers, Legal Authorities, Other Parties in Litigation|
|Protected Class Information||Service Providers, Clients, Social Networks, Legal Authorities, Other Parties in Litigation|
|Transaction Information||Service Providers, Clients, Social Networks, Legal Authorities, Other Parties in Litigation|
|Online Use Information||Service Providers, Social Networks, Legal Authorities, Other Parties in Litigation|
|Geolocation Data||Service Providers, Clients, Social Networks, Legal Authorities, Other Parties in Litigation|
|Audio/Video Data||Service Providers, Clients, Legal Authorities, Other Parties in Litigation|
|Employment Information||Service Providers, Clients, Legal Authorities, Other Parties in Litigation|
|Inferences||Service Providers, Clients, Social Networks, Legal Authorities, Other Parties in Litigation|
We may disclose or transfer your information to relevant third parties in the event of a divestiture, merger, consolidation, or asset sale, or in the unlikely event of a bankruptcy.
We may use or share anonymous or aggregated data with third parties such as service providers in order to facilitate our business operations. To the extent such data constitutes de-identified data under the CCPA, VCDPA, CPA, or UCPA, we will maintain and use such data without attempting to re-identify the data.
6. LINKS TO OTHER WEBSITES
7. HOW WE PROTECT YOUR PERSONAL INFORMATION
We have implemented and maintain commercially reasonable and appropriate technical and organizational measures designed to protect the confidentiality, integrity, and security of your Personal Information. Please note, however, that no security measures are perfect or impenetrable. We therefore cannot guarantee and do not warrant the absolute security of your Personal Information. We retain your Personal Information for no longer than reasonably necessary to fulfill the purposes for which we collected it or to comply with the law, prevent fraud, facilitate an investigation, defend against legal claims, or exercise our legal rights.
Depending on your location, the Personal Information we collect about you may be transferred to a jurisdiction that does not provide the same level of protection of Personal Information as the jurisdiction in which you reside. Where such transfers occur, we have adopted appropriate safeguards to better protect your Personal Information, consistent with applicable legal requirements. You may contact us using the contact information provided below to learn more about the appropriate safeguards that apply to your Personal Information and to request a copy of such safeguards.
8. YOUR RIGHTS
To the extent provided by the law of your jurisdiction, you may have legal rights in relation to the Personal Information about you that MG holds. These rights may include:
- the right to refuse to provide any Personal Information and the right to object at any time to the processing of your Personal Information. Please note that such refusal or objection may prevent us from providing services to you;
- the right to confirm whether we process your Personal Information and to obtain information regarding the processing of your Personal Information and access to the Personal Information about you that MG holds (including any available information as to the source of the Personal Information);
- where consent was provided for certain processing activities, the right to withdraw your consent to the collection, processing, use and/or disclosure of your Personal Information at any time. Please note, however, that this will not affect the lawfulness of any collection, processing, use or disclosure undertaken before your withdrawal and that MG may still be entitled to process your Personal Information if it has another legitimate reason (other than consent) or a consent exception for doing so. In some cases, withdrawing your consent to the collection, use process or disclosure of some or all of your Personal Information may prevent us from providing services to you;
- in some circumstances, the right to receive a copy of some Personal Information in a structured, commonly used and machine-readable format and/or request that MG transmit that data to a third party where this is technically feasible. Please note that this right may, depending on the jurisdiction, only apply to Personal Information that you have provided to MG;
- the right to request that MG correct or rectify your Personal Information if it is inaccurate or incomplete;
- in some circumstances, the right to request that MG delete or erase your Personal Information. Please note that such a request may prevent us from providing services to you and there may be circumstances where MG is legally entitled to retain Personal Information regardless of any such request;
- in some circumstances, the right to request that MG restrict, anonymize or block its processing of your Personal Information. Please note that such a request may prevent us from providing services to you and there may be circumstances where MG is legally entitled to retain Personal Information regardless of any such request;
- in some circumstances, the right to obtain information about the public and private entities with which MG made shared use of the Personal Information as a joint controller;
- in some circumstances, the right to receive information on the possibility of not providing consent and on the consequences of the refusal;
- in some circumstances, the right to non-discrimination against you for exercising your legal rights in relation to your Personal Information; and
- where applicable, the right to lodge a complaint with the data protection regulator in your jurisdiction if you think that any of your rights have been infringed by MG.
9. COOKIES AND HOW TO REMOVE THEM
10. CALIFORNIA PRIVACY RIGHTS
If you are a California resident, this section of the Policy is intended to provide you with information concerning your rights under the CCPA.
If you are a California resident, you have the right to request certain information from us regarding the manner in which we share with third parties certain categories of information that identify you. MG does not share Personal Information with third parties for those third parties’ own direct marketing purposes.
The CCPA provides you with certain rights that are in addition to the rights set out in Section 8 above:
- the right to request, up to twice in a twelve month period, your Personal Information (including, as applicable, any available information as to the source of the Personal Information, the retention period for the Personal Information, MG’s purposes for collecting such Personal Information, the categories of Personal Information we have disclosed and the categories of third parties to whom such Personal Information has been disclosed) in a format that is portable and, to the extent technically feasible, in a readily useable format that will allow you to transmit it to another entity.
- the right to request that we delete your Personal Information, except in circumstances where MG is legally entitled to retain Personal Information regardless of any such request.
- effective January 1, 2023, the right to request that we correct inaccurate Personal Information maintained about you.
- the right to opt out of any sale of your Personal Information to any third parties or, effective January 1, 2023, the sharing of your Personal Information for the purposes of cross context behavioral advertising. Note that we do not sell Personal Information to third parties or share it with third parties for purposes of cross context behavioral advertising.
- the right to limit our use of your Sensitive Personal Information to those uses which are necessary to perform our services or provide goods as reasonably expected.
- the right not to face discrimination, as defined under the law, for exercising your rights.
If you wish to exercise any of the rights enumerated in this section, please contact us at www.mintzgroup.com or 855-594-2130. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you, such as a copy of your ID, in order to verify your identity and protect against fraudulent requests. We may send our response to your request to the contact point in our records that is associated with the Personal Information that is requested. If you make a request to delete Personal Information, we may ask you to verify your request before we delete your Personal Information.
If you are the authorized agent of a consumer, exercising a consumer’s right on behalf of the consumer, we will ask you for:
- proof of your registration with the California Secretary of State to conduct business in California.
- proof that the consumer has authorized you to exercise a consumer’s right on the consumer’s
If an authorized agent has not provided us with a power of attorney from the consumer pursuant to Probate Code sections 4000-4465, we may also:
- require the consumer to provide you with a written permission signed by the consumer to make the request on the consumer’s behalf; and
- verify the identity of the consumer as we would if the consumer were making the request personally.
- Obtain verification from the consumer that they provided the authorized agent permission to make the request.
11. HOW TO CONTACT US
If you have any questions or complaints about MG’s handling of your Personal Information, or about this Policy, please contact us using the contact information set out below.
Mintz Group, LLP
110 Fifth Avenue, 8th Floor
New York, NY 10011
Attn: General Counsel
5.1 Disputes Generally
We may update or change this Policy. The “Effective Date” at the top of this page states when this Policy was last revised. Any change to this Policy will become effective when we post the revised Policy on our website. Keep in mind that your use of our website means that you accept our Policy.
If any change may materially and negatively affect the privacy of your Personal Information, we will use reasonable efforts to notify you in advance and give you a reasonable period of time to object to any changes.
We encourage you to periodically review this Policy to stay informed about how we collect, use, and share Personal Information.