Privacy Policy
Last Updated: September 3, 2024
Morrison & Foerster LLP and its affiliates (“Morrison Foerster,” “we,” “us,” or “our”) want you to be familiar with how we collect, use and disclose Personal Information. This Privacy Statement describes our practices in connection with Personal Information that we collect through:
- Our websites (“Websites”);
- The software applications we make available for use on computers and mobile devices (“Apps”);
- Social media properties (“Our Social Media”) from which you are accessing this Privacy Notice;
- HTML-formatted email messages or other communications that we send to you that link to this Privacy Notice (“Emails”);
- SharePoint sites made available to our clients and third parties (“SharePoint Sites”);
- Services we provide to our corporate, institutional, and other clients (“Client Services”); and
- Any other offline business interactions you may have with us (“Offline Interactions”).
Collectively, we refer to the Websites, Apps, our Social Media, Emails, SharePoint Sites, Client Services and Offline Interactions as the “Services.”
PERSONAL INFORMATION COLLECTED
“Personal Information” is information that identifies an individual or relates to an identifiable individual. We collect the following categories of Personal Information:
We need to collect Personal Information to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.
PERSONAL INFORMATION PROCESSING PURPOSES
We use Personal Information for legitimate business purposes, including:
Purpose | Examples of Processing Activities |
Administering the Services | Verifying your information; responding to your inquiries and fulfilling your requests, such as when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions or comments, or when you request other information about our Services); to send you administrative information, such as information regarding the Services and changes to our terms, conditions and policies; to allow you to send Services-related content to another person through the Services if you choose to do so. |
Providing Client and Legal Services | Validating authorized signatories when concluding agreements and transactions, contacting individuals (including employees of institutional clients) in connection with providing Client Services, responding to inquiries and fulfilling requests from our clients, administering client file(s), providing legal services and managing our relationships, preparing, sending or receiving invoices and managing credit control. |
Operations and general business | Administering online Services (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and hosting data; and facilitating mergers, acquisitions and other reorganizations and restructurings of our business (including prospective transactions). |
Conferences, visits, and other events | Facilitating and participating in conferences and events, welcoming guests and visitors to our premises. |
Marketing | Sending you our newsletters, publications, legal updates, event invitations, and mailings that we think may be of interest to you; fulfilling your event registration requests and providing services, including the providing seminars and other events. |
Relationship building and engagement | Facilitating and responding to any social sharing and posts on our Services, communicating with clients on various issues, such as organizing client events, and other client relationship building activities. |
Personalizing our Services | Personalizing our interactions with you and providing you with information and/or offers tailored to your interests, such as delivering content via our Services that we believe will be relevant and interesting to you. |
Improving and developing new work product and Services that we may provide to you | Conducting data analysis, for example, monitoring and analyzing Services use and using data analytics to improve the efficiency of our Services; developing new Services; considering ways to enhance, improve, repair, maintain or modify our Services; identifying usage trends, for example, understanding which parts of our Services are most interesting to users; determining the effectiveness of our promotional campaigns, so we can adapt our campaigns to the needs and interests of our users; and operating and expanding our business activities. |
Aggregation and/or anonymization | Aggregating and/or anonymizing Personal Information so that it will no longer be considered Personal Information. |
Security and fraud prevention | Conducting audits, verifying that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements; monitoring for and preventing fraud; and for security purposes, including maintaining system security and on-site security of our premises. |
Legal and compliance | Fulfil our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; meeting national security or law enforcement requirements, compliance with requirements set by industry-specific supervisory bodies, such as, bar associations. Enforcing our terms and conditions and standards; protecting our operations; protecting the rights, privacy, or property of the Company; responding to auditors; and allowing us to pursue available legal remedies and make insurance claims, defend claims, and limit the damages that the Company may sustain. See the EU/UK Supplement for more information regarding our processing for legal and compliance purposes. |
Emergency and incident response | Ensuring the safety of on-site personnel and visitors; responding to, handling, and documenting on-site accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response, and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio-visual device prompts, etc.). |
Client and counterparty due diligence and anti-fraud checks | Conducting fraud, sanctions, credit and anti-money laundering checks, KYC checks (where required by applicable law) and sharing your Personal Information with fraud prevention agencies databases, where required by applicable law. |
For more information on our use of Personal Information subject to the EU or UK General Data Protection Regulation for the purposes described above, please see the “EEA/UK SUPPLEMENT” section.
DISCLOSURE OF PERSONAL INFORMATION
We disclose Personal Information to third parties and for the purposes described below, depending on each specific jurisdiction and applicable law:
Recipients | Purpose |
Morrison & Foerster LLP and the relevant MoFo affiliate are responsible for the management of any jointly-used Personal Information. | |
Website hosting service providers |
|
Information technology and related infrastructure service providers |
|
Email delivery service providers |
|
Advertising networks |
|
Client service or related benefits (including special promotions) service providers |
|
Analytics providers for our Services |
|
Law enforcement, public, regulatory and government authorities, courts, or tribunals |
|
Emergency services |
|
Professional advisors, such as accountants, actuaries, auditors, experts, consultants, lawyers, banks, and financial institutions |
|
Other services, including, without limitation, our Social Media Pages |
|
To comply with applicable law and regulations | This may include laws outside your country or region of residence that could legally require us to process your Personal Information. |
To a third party, such as an acquiring entity and its advisors, in connection with a sale or business transaction | We may disclose or transfer your Personal Information in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your Personal Information in accordance with applicable law and the ‘Updates to This Privacy Notice’ section. |
By using the Services, you may elect to disclose Personal Information on message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our Social Media), or through which you are able to send messages through the Services. Please note that any information you post or disclose in this context will become public and may be available to other users and the general public.
COOKIES AND SIMILAR TECHNOLOGIES
Please read our Cookies Policy to learn how we use information that we and our service providers collect automatically, including through cookies, pixel tags, and similar tracking technologies and to understand your choices with respect to such collection and use.
SECURITY
We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
EMAIL MARKETING CHOICES
You have choices regarding marketing-related communications. Where required by applicable law, we will ask for your prior opt-in consent. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the unsubscribe instructions in any such message or by contacting us by email at compliance@mofo.com.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.
RIGHTS REQUESTS
If you would like to request to access/review, correct, update, suppress/delete, object to, restrict or opt out of the processing of Personal Information, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), please use our online form which you can find here, or feel free to contact us in accordance with the Contacting Us section below. We will respond to your request consistent with applicable law. If you are a California resident, please refer to the “California Supplement” section at the end of this Policy for more information about the requests you may make under California law.
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion). Further, certain Personal Information may be exempt from requests pursuant to applicable data protection laws or other laws and regulations.
You may also lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. A list of EEA data protection authorities is available at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Information regarding the UK data protection authority is available at: https://ico.org.uk/.
RETENTION PERIOD
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained as outlined in this Privacy Notice unless a longer retention period is required or permitted by applicable law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have a relationship with us or keep using the Services);
- The length of time we have an ongoing relationship with you as our client and provide you with Client Services;
- Whether there is a legal obligation to which we are subject (for example, certain laws, including bar rules or rules on providing legal services, require us to keep records of matter files or communications for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
Where we are subject to a legal obligation or retention is recommend in light of our legal position, we will retain certain Personal Information even after we no longer provide the Services to you, for example:
- To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Information subject to such order or warrant after you delete your Services account.
- To comply with legal requirements: We may retain your Personal Information, such as Relationship History, and/or Transaction Information after you delete your Services account, as required by tax law and to comply with bookkeeping requirements. We also may retain your Personal Information to comply with specific local retention requirements imposed on law firms, such as the German Federal Lawyers Act (requiring that client files are maintained for six years following completion of an assignment).
- To pursue or defend a legal action: We may retain relevant Personal Information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Information, or if we reasonably believe there is a prospect of litigation.
THIRD PARTY SERVICES
This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties. This includes any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media.
USE OF SERVICES BY MINORS
The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 16.
CROSS-BORDER TRANSFER
Your Personal Information may be stored and processed in any country or region where we have facilities or in which we engage service providers. By using the Services, you understand that your Personal Information will be transferred to countries outside of your country or region of residence, including the United States, which may have data protection rules that are different from those of your country or region. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries or regions may be entitled to access your Personal Information.
As required by applicable law, we implement safeguards to protect your Personal Information when we transfer it outside your country or region of residence. For example:
- For transfers from within the UK and/or EEA to outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:
Adequacy Decisions: Some countries outside of the European Economic Area (the “EEA”), are recognized as providing an adequate level of data protection (the full list of these “specified countries” for the EEA is available here and for the UK is available here).
For transfers from the EEA, Switzerland, and/or the UK to countries not considered adequate, we have put in place adequate measures, such as standard contractual clauses adopted by the relevant authority, to protect your Personal Information. You may obtain a copy of these measures by emailing us at compliance@mofo.com.
- For transfers from Japan to countries not considered adequate by the Japanese government (as applicable), we have also put in place adequate measures, such as data transfer agreements containing provisions required under Japanese law, to protect your Personal Information.
SENSITIVE INFORMATION
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.
UPDATES TO THIS PRIVACY POLICY
The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services.
CONTACTING US
Morrison & Foerster LLP, located at 425 Market Street. 32nd Floor, San Francisco, CA USA 94105, is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Notice. If you have any questions about this Privacy Notice, please contact us.
You can reach us at Compliance@MoFo.com or at:
Morrison Foerster
Human Resources – Data Compliance
425 Market Street, 32nd Floor
San Francisco, CA 94105
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
You may also contact our Data Protection Officer (DPO) responsible for Germany at compliance@mofo.com.
OUR AFFILIATES
For purposes of this Privacy Notice, these entities are considered “affiliates” of Morrison & Foerster LLP:
- Morrison & Foerster (UK) LLP
- MoFo Secretaries, Limited
- Morrison & Foerster, a Hong Kong general partnership
- MoFo China Corporate Services Limited
- MoFo China Notices Limited
- Morrison & Foerster Gaikokuho Jimu Bengoshi Jimusho
- Morrison & Foerster Asia Services, LLP
- Morrison Foerster Horitsu Jimusho
- Morrison & Foerster (Singapore) LLP, a Singapore limited liability partnership
- Morrison & Foerster (International) LLP
CALIFORNIA SUPPLEMENT
Pursuant to the California Consumer Privacy Act (CCPA), we are providing the following additional details regarding the categories of Personal Information about California residents that we collect, use, and disclose. This section supplements the information provided above in this Privacy Statement.
We collect and disclose to affiliates and service providers for our operational business purposes (including in the preceding 12 months) the following categories of Personal Information about California residents:
- Identifiers such as name, postal address, online/device identifier, IP address, email address and social media account.
- Personal information as defined in the California customer records law, such as name, signature, contact information, and social media account handle and other information you may share or make public on social networks.
- Characteristics of protected classifications under applicable law, which we may collect in order to provide you with our Client Services, such as age.
- Commercial information, such as Client Services transaction history, financial details, and payment information.
- Internet or other electronic network activity information, such as browsing history and interactions with our Websites, applications, systems, and emails.
- Geolocation data, such as device location and IP location.
- Audio, electronic, visual, and similar information, such as call recordings and CCTV footage created for safety and security purposes, and audio and video recordings of events, conferences, and meetings.
- Professional or employment-related information, such as employer name and role/title.
- Sensitive Personal Information. Personal Information that reveals an individual’s Social Security, driver’s license, state identification card, government-issued ID or passport number.
We retain each category of Personal Information, including Sensitive Personal Information, as described above under “Retention Period”.
We do not “sell” Personal Information, including Sensitive Personal Information, and we do not “share” Personal Information, including Sensitive Personal Information, for purposes of cross-context behavioral advertising, as defined under the CCPA. We have not engaged in such activities in the preceding 12 months. Without limiting the foregoing, we do not sell or “share” Personal Information, including Sensitive Personal Information, of minors under 16 years of age.
We collect, use, and disclose Personal Information for the purposes described above under “Personal Information Processing Purposes”.
We collect, use and disclose Sensitive Personal Information for purposes of performing services for our business, providing goods or performing services as requested or reasonably expected by you, ensuring safety, security and integrity, countering wrong or unlawful actions, short term transient use, servicing accounts, providing customer service, verifying customer information, processing payments, activities relating to quality and safety control or product improvement, and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use Sensitive Personal Information for additional purposes.
We collect Personal Information from a number of sources as described above under “Personal Information Collected”.
Individual Rights and Requests
You may request that we:
- Disclose to you the following information:
The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
The business or commercial purpose for collecting Personal Information about you; and
The categories of Personal Information about you that we disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).
- Correct inaccuracies in your Personal Information.
- Delete Personal Information we collected from you.
- Provide the specific pieces of your Personal Information, including a copy in a portable format.
To make a request, please use our online form available here, or contact us in accordance with the Contacting Us section above or by calling toll-free at 1-866-734-0477.
We will verify and respond to your request consistent with applicable law, considering the type and sensitivity of the Personal Information subject to the request. For your protection, we may need to request information such as your name, email address, mailing address, and relationship with us in order to verify your identity and protect against fraudulent requests. If you make a deletion request, we may ask you to verify your request before we delete your Personal Information.
You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted above. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described above or confirm that you provided the agent permission to submit the request.
De-Identified Information
Where we maintain or use de-identified information, we will continue to maintain and use that information only in a de-identified form and will not attempt to re-identify the information.
Sharing your Personal Information with Third Parties for Direct Marketing Purposes.
If you prefer that we discontinue sharing your Personal Information on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing by emailing us at compliance@mofo.com. If you would prefer that we discontinue sharing your Personal Information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by emailing us at compliance@mofo.com.
EEA/UK SUPPLEMENT
Processing of Personal Information
We and our service providers use Personal Information for legitimate business purposes, including:
In addition, we process Personal Information:
- To comply with applicable law and regulations. This may include the following:
- Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters or equivalent UK law.
- Criminal matters: to comply with requests and orders from EU and EU Member State or UK law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.
- Consumer matters: to comply with requests from competent authorities under EU or EU Member State or UK consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States or equivalent UK law.
- Corporate and taxation matters: to comply with our obligations under applicable EU Member State or UK corporate and tax legislation, such as where a national tax law of an EU Member State or the UK requires collection of specific transactional personal information for tax purposes.
- Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State or UK data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our Company. These can include authorities outside of your country or region of residence.
- Compliance and internal investigations: to comply with whistleblowing requirements under Directive (EU) 2019/1937 and its implementing laws in EU Member States.
- Health and safety regulations: to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.
- To cooperate with public and government authorities and law enforcement, and for other legal reasons:
- When we respond to a request or provide information to public and government authorities (these can include authorities outside your country or region of residence);
- When we respond to law enforcement requests and orders or provide information to law enforcement;
- For dispute resolution purposes;
- To enforce our terms and conditions; and
- to protect our rights, privacy, safety, property, and/or that of our affiliates, you, or others.
- In connection with a sale or business transaction based on our legitimate interests.