Kelle

Europe Privacy Notice-GDPR

INTRODUCTION

At Kelley Kronenberg (referred to as “we,” “us,” “our”), we prioritize privacy and are dedicated to its protection. This policy outlines the circumstances under which we collect personal information about individuals, how we utilize this information, the circumstances under which it may be disclosed to others, and the measures taken to ensure its security. This is in accordance with the General Data Protection Regulation (EU), the Personal Data Protection Law (France), DPA Act (Belgium), Data Protection Act 2018 (UK), and the UK GDPR.

This notice applies to current and former clients, members of our workforce (including partners, employees, workers, agency workers, advisers, and self-employed consultants), vendors, and other third parties with whom we engage. Please note that this policy may change periodically, so we encourage you to review this page occasionally.


IDENTITY AND DATA CONTROLLER

We are an international law firm and, in the course of our business, act as the data controller for the processing activities described herein. This means that we determine the why and how of processing your personal information in compliance with GDPR.


TYPES OF INFORMATION WE HOLD

“Personal data” refers to any information about a living individual from which they can be identified. This includes but is not limited to name, ID number, location data, online identifiers, and factors specific to an individual’s identity. Our processing activities encompass collecting, using, storing, transferring, disclosing, altering, or destroying personal data.

The information we hold may fall into categories such as:

  • Identification/Personal Information
  • Employment/Education Details
  • Technological Information

Some of this information may be classified as special categories of data. We adhere to GDPR regulations concerning the processing of such data, ensuring it is carried out lawfully and with due consideration.

In accordance with the GDPR, we do not process special category personal data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited), unless the processing is necessary for the establishment, exercise or defense of legal claims, relies on explicit consent of the data subject, is necessary for protect the vital interests of the data subject or is justified by the public interest.

Processing of special category personal data and personal data relating to criminal convictions or offences are carried out in compliance with EU or Member State law in which the process takes place.


METHODS OF COLLECTING PERSONAL INFORMATION

We collect information through various means, including:

1. Personal information provided voluntarily by you.

This is information about you that you provide to us voluntarily in the following ways:

  • through your instructions to us; in response to requests made from legal or regulatory purposes;
  • when joining our firm as an employee, as a consultant or during your work with us;
  • via our website (kelleykronenberg.com) or our mobile applications; or
  • corresponding with us by phone, email, or otherwise.

2. Personal information collected electronically during your use of our website or services.

When you use our website or our services, or as an employee of a Europe-based Kelley Kronenberg entity, the categories of information that we may collect about you may include: details of your visits to our site, including, but not limited to, traffic data, location data, weblogs, and other communication data, and any electronic resources you access. Any information collected via our website will include that provided at the time of registering to use our site, subscribing to the services we provide through our site, posting material or requesting further services. We may also ask you for information when you report a problem with our site. If you complete any survey for us for research purposes, we will collect information in such circumstances, as well. The personal information you give us may include your name, address, email address, and phone number, enquiry details and records of any correspondence and responses to any surveys.

We may automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet Protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform or other identification tags. Please see cookies for further information.

We may collect any personal information which you allow to be shared that is part of your public profile or third party social network, type and version, time zone setting, browser plug-in types and versions, operating system, and platform. We also collect contact information from email communications addressed to us.

We may also collect, store, and use your special category personal data for a range of reasons, relying on a variety of different bases for lawful processing under the GDPR, as described below.

3. Personal information received from third parties regarding our partners, employees, consultants, and prospective hires.

We may obtain personal information and/or special category personal information about you from third party sources, such as recruitment agencies, job boards, benefits providers, immigration companies, tax consultants, and background check providers. Where we receive such information, we will only use it in accordance with this Privacy Notice. In some cases, the third party source will be acting as a controller of your personal information and therefore we advise you to read their privacy notice and/or data protection policy.


PURPOSES AND LEGAL BASES FOR USING YOUR PERSONAL INFORMATION

The purposes for which we use your information and the legal bases under data protection laws are detailed below.

A. WHERE YOU HAVE PROVIDED CONSENT:

We may use and process your personal information where you have consented for us to do so.

For clients and prospective clients:

This may include our sending you information about our services if you:

  • are an existing client;
  • sign up to receive communications from us (e.g. our newsletters or invitations to webinars or other events) via our website or other medium where available; or
  • when you refresh your contact preferences when responding to a request from us to do so.

For partners, employees and consultants, or prospective partners, employees and consultants:

This may include:

  • information disclosed to a third party agency/mortgage provider relating to your pay details and/or employment history for the purposes of providing tenancy references/mortgage application;
  • information disclosed to a prospective future employer relating to your employment details for the purposes of providing a reference; and
  • generally, information disclosed to a third party at your request, such as for processing a travel visa, making travel arrangements, tax filings, etc.

You may withdraw your consent for us to use your information in any of these ways at any time. Please see “Withdrawing your consent” for further details.

How we use your special category information

Consistent with your consent, we may:

  • use details regarding allergies to ensure that catering provided at our events accommodates your needs;

Where you have consented to specific processing of your personal or special categories data, you have the unequivocal right to withdraw your consent at any time by indicating your withdrawal in a written format addressed to the HR department (if you are an employee) or using our unsubscribe tool located at the bottom of all Kelley Kronenberg marketing communications (if you are not an employee).

B. WHERE THERE IS A LEGITIMATE INTEREST:

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party.

For clients and prospective clients:
This may include:

  • for marketing activities (other than where we rely on your consent to contact you with information about our products and services or share your details with third parties to do the same, as explained above);
  • for analysis to inform our marketing strategy, and to enhance and personalise your client experience;
    to correspond or communicate with you;
  • to verify the accuracy of data that we hold about you and create a better understanding of you as a client or potential client;
  • for network and information security in order for us to take steps to protect your information against loss, damage, theft, or unauthorised access;
  • for the provision of services to you, including where the personal data relates to persons who are not our clients;
  • for prevention of fraud and other criminal activities;
    to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
  • for invoicing you for our fees and disbursements;
  • for the management of queries, complaints, or claims; and
  • for the establishment and defence of our legal rights.

For partners, employees and consultants, or prospective partners, employees and consultants:
This may include:

  • training records, appraisals, and meeting notes about you in order to assist/assess your career development and training needs and/or to ensure that you are properly managed and supervised;
  • information relating to the performance of your employment duties, such as disciplinary records, as this is relevant to your ability to carry out your job and for us to assess and identify areas in which we may need to help you improve;
  • information relating to the performance of your duties may also be used to conduct an investigation if circumstances warrant it and to take appropriate action (if any) either for conduct or capability reasons;
  • information relating to any grievance process involving you, in order that an investigation may be conducted and appropriate action taken (if any);
    management reports (including statistical and audit information) to ensure workplace efficiencies are maximised;
    health, safety, and environmental information, including records to ensure that we are complying with relevant policies and procedures; this allows us to implement any training where applicable;
  • contact details on our intranet and/or internal systems to facilitate efficient communication within the business;
    voicemails, emails, correspondence, and other communications created, stored, or transmitted by you using our computer or communications equipment for the purposes of the efficient management of the business;
  • absence records and details, including holiday records, appointments, jury service, and leave in order to monitor attendance levels and to comply with our policies;
  • CCTV and swipe card access records for our office and building to ensure business efficiencies, for security reasons, for the protection of our property and for health and safety reasons; and
  • network and information security data in order for us to take steps to protect your information against loss, theft, or unauthorised access.

How we use your special category information

For clients and prospective clients:

This may include:

  • details of allergies and/or disabilities for the purposes of ensuring that we accommodate them where possible; and
  • details of criminal convictions, for such purposes as the provision of services to you.

For partners, employees and consultants, or prospective partners, employees and consultants:

We may use any special category information for occupational health reasons or where we are assessing your working capability, subject to appropriate confidentiality safeguards. This may include:

  • information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence, and to administer benefits;
  • sickness absence records, such as statement of fitness to work, reasons for absence, and self-certification forms;
    records of return to work interviews/meetings; and
  • where it is needed for statistical purposes in the public interest, such as for equal opportunities monitoring and to ensure meaningful equal opportunities monitoring and reporting, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, and your sexual life or orientation.

C. WHERE THERE IS A LEGAL REQUIREMENT:

We will use your personal information to comply with our legal obligations: (i) to assist a regulatory or other public authority or criminal investigation body; (ii) to identify you when you contact us; and/or (iii) to verify the accuracy of data we hold about you.

For clients and prospective clients; where you have consented to specific processing:

  • for the purposes of meeting anti-money laundering/KYC obligations or other regulatory requirements. Such use may involve the disclosure of information about you to government agencies, including in circumstances where we are not permitted to tell you of such disclosure; and
  • for the purposes of meeting tax obligations.

For partners, employees and consultants, or prospective partners, employees and consultants:

  • eligibility to work in the UK checks as required by immigration laws, such as passport and visa documentation;
  • payroll records, social security, child maintenance, marital status, student loans, and national insurance information to comply with social security and tax requirements;
  • information in relation to legal claims made by you or against you, in order to comply with court processes and court orders;
  • information relating to the occurrence, investigation or prevention of fraud, such as through a whistleblowing complaint; and
  • pension benefits to comply with pension legislation.

How we use your special category information

For partners, employees and consultants, or prospective partners, employees and consultants:

To enable us to perform our legal obligations in respect of employment, social security, and social protection law. This may include:

  • information relating to leaves of absence, which may include sickness absence or family-related leaves, to comply with employment and other laws;
  • information gathered as part of a whistleblowing investigation;
  • information relating to you involving allegations of unlawful discrimination, in order that an investigation may be conducted and appropriate action taken (if any) under our disciplinary processes; and
  • health information to assess and/or to comply with our obligations under employment, equal opportunities, and health and safety legislation (for example a requirement to make reasonable adjustments to your working conditions).

To establish, defend or exercise legal claims in an employment tribunal or any other court of law:

  • information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws;
  • information gathered as part of a whistleblowing investigation;
  • information relating to you involving allegations of unlawful discrimination, in order that an investigation may be conducted and appropriate action taken (if any) under our disciplinary processes; and
  • health information to assess and/or to comply with our obligations under employment, equal opportunities and health and safety legislation (for example, a requirement to make reasonable adjustments to your working conditions).

D. WHERE IT IS REQUIRED TO COMPLY WITH OBLIGATIONS UNDER A CONTRACT:

We may use and process your personal information where we have supplied you (or continue to supply you) with any services, where we have arranged for the supply of another firm’s services to you, or where you are in discussions with us about any service. We will use this information in connection with the contract for the supply of services when it is needed to carry out that contract with you or for you to enter into it.

For clients and prospective clients:

  • your contact details;
  • information you provide to us that we share with third parties on your behalf to meet our or your obligations under contracts.

For partners, employees and consultants, or prospective partners, employees and consultants:

  • formal identification documentation relating to you, such as a passport or driving licence, to verify your identity (including your date of birth);
  • your contact details such as your name, address, telephone number, and personal email address which will be used to communicate with you during your employment;
  • bank details which are used to send/receive funds to/from you such as payment of your salary, expenses, sick pay, maternity/paternity/shared parental leave pay, or to make or repay loans;
  • information relating to the enrolment or renewal of your employment benefits including pension, private health care, travel insurance, income protection insurance, and life assurance in order to provide you with these benefits;
  • details of the terms and conditions of your employment; and
  • medical absence information.

E. WHERE IT IS IN YOUR VITAL INTERESTS

For clients and prospective clients:

  • information about allergies (including dietary restrictions) or any medical conditions so as to prevent any unnecessary accidents, and advise medical professionals in the event of an emergency.

For partners, employees and consultants, or prospective partners, employees and consultants:

  • information about allergies (including dietary restrictions) or any medical conditions so as to prevent any unnecessary accidents, and advise medical professionals in the event of an emergency.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.


CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


DATA ANONYMISATION AND USE OF AGGREGATED INFORMATION

Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data for analytical and research purposes.

For more information on how we use cookies and how to switch them off on your device, please visit our section on below.


OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION

Our suppliers and service providers

We may disclose your information to our third party service providers, agents, subcontractors, and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include:

  • IT service providers (such data centre and cloud hosting providers);
  • advertising agencies,
  • document management services;
  • administrative services;
  • finance/tax authorities for tax purposes;
  • immigration authorities for immigration purposes;
  • the Financial Conduct Authority or Solicitors Regulation Authority in the UK, the Ordre des Avocats or Barreau de Paris in France, for regulatory purposes;

When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have an agreement in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

Third parties who provide products and services

We may share your information with other firms which we instruct on your behalf. They may use your personal information in the ways set out in how we use your personal information, in connection with the services that complement and/or support our services, for example, in using local counsel or experts to assist in representing our clients.  When providing your data to those third parties, we will ensure that our terms of engagement with those third parties provide protection for your data commensurate with that protection which we provide.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Other ways we may share your personal information

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we are under a duty to disclose or share it in order to comply with any legal or regulatory obligation, to detect or report a crime, to enforce or apply the terms of our contracts, or to protect the rights, property, or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.

For our partners, employees, and consultants and prospective partners, employees, and consultants we may also share your personal data and special category personal data internally. In particular, it may be shared with: HR employees involved in and for the purposes of a recruitment process, employee relations, and/or administration of your employment; line managers; consultants; advisers or other appropriate persons.


WHERE WE STORE YOUR PERSONAL INFORMATION

All information you provide to us is very likely to be transferred to countries outside of the UK and/or the European Economic Area (EEA). By way of example, this will happen as our servers (and possibly those of our third party service providers whom we may use from time to time) are located in a country outside of the UK and/or EEA. These countries may not have similar data protection laws to the UK and the European Union.

When we transfer your information outside of the UK and/or the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy in compliance with GDPR. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents, if applicable. Further, if you use our services whilst you are outside the UK or the EEA, your information may be transferred outside the UK or the EEA in order to provide you with those services.

As to the physical locations in which we may store your personal information it may be in a variety of locations, including electronically on our secure servers and/or in hard copy form in access-restricted cabinets or locations. We take appropriate technical and organisational security measures to guard against unauthorised access, improper use, alteration, disclosure, and destruction and accidental loss of your personal data.

In addition, we limit access to your personal information to those members of our workforce who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected or actual data security breach and will notify you and the relevant national data protection authority (ICO in the UK, CNIL in France, Data Protection Authority in Belgium) of a suspected breach where we are legally required to do so.

Whenever we propose using new technologies, or where processing is construed as ‘high risk,’ we are obliged to carry out a Data Protection Impact Assessment to review that appropriate security measures are implemented in relation to the processing of your personal data.


HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR

If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under laws including legal, accounting and reporting requirements. We do not retain personal information in an identifiable format for longer than is necessary for the purposes for which the personal data are processed.

We may need your personal information to establish, bring, or defend legal claims. For this purpose, our expectation is that we may retain certain of your personal information for at least seven (7) years in the UK and five (5) years in France (but it may be longer in certain circumstances) after the date it is no longer needed by us for any of the purposes listed under how we use your personal information above.

Therefore:

  • where we act for you in providing legal services, we may retain certain personal information relevant to that matter for a period of at least seven (7) years in the UK and at least five (5) years in France following the conclusion of the matter;
  • where you are an employee, we may retain certain of your personal information for a period of at least seven (7) years in the UK and at least five (5) years in France following the termination of your employment with us.

The only exceptions to this are where:

  • the applicable law and regulation require us to hold your personal information for a longer period, or to delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further erasing your personal information or restricting its processing below); or
  • in limited cases, the applicable law and regulation permit us to keep your personal information indefinitely provided we put certain protections in place.

SECURITY AND LINKS TO OTHER SITES

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us. Once we have received your personal information, we put in place reasonable and appropriate controls to safeguard against accidental or unlawful destruction, loss, alteration, or unauthorised access.

Our website may contain links to other websites run by other organisations. This Privacy Notice does not apply to those other websites‚ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.


COOKIES

Like many other websites, our website uses cookies (including Google Analytics cookies) to obtain an overall view of visitor habits and visitor volumes to our website. “Cookies” are small pieces of information sent to your computer or device and stored on its hard drive to allow our websites to recognise you when you visit.

It is possible to switch off cookies by setting your browser preferences. For more information on how we use cookies and how to switch them off on your device, please visit our Privacy Policy.


OUR MARKETING

We may collect your preferences to receive marketing information directly from us in the following ways:

  • using contact details you have provided via our website, when attending a Kelley Kronenberg event, or to one of our attorneys;
  • from time to time, we may send you an email with instructions to update your contact details and preferences regarding which types of communications you receive from us.

From time to time, we may also ask you to refresh your preferences by asking you to confirm that you consent to continue receiving information from us.

We may contact you with targeted information delivered online through social media by using your personal information, or use your personal information to tailor marketing to improve its relevance to you, unless you object.

You have the right to opt-out of our use of your personal information to provide information to you in any of the ways mentioned below.


YOUR RIGHTS

You have a number of rights in relation to your personal information under data protection law. Should you contact us in relation to the personal data we may hold, as detailed below, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.

  • Accessing your personal information

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. This is known as a Subject Access Request. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

  • Correcting and updating your personal information

The accuracy of your information is important to us. If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us at marketing@kelleykronenberg.com.

  • Withdrawing your consent

Where we rely on your consent as the legal basis for processing your personal information, as set out under how and why we use your personal information, you may withdraw your consent at any time by contacting us. If you would like to withdraw your consent to receive any direct marketing to which you previously opted-in, you can do so using the unsubscribe tool located at the bottom of all Kelley Kronenberg marketing communications. Or, if a partner, an employee, or consultant, contact our HR department. If you withdraw your consent, our use of your personal information before you withdraw is still lawful. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, but we will keep your details on our files for the purpose of ensuring that we exclude you from any contact in due course.

  • Objecting to our use of your personal information and automated decisions made about you

Where we rely on legitimate business interests as the legal basis for processing your personal information for any purpose(s), as outlined under how and why we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.

You may also object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use the unsubscribe tool located at the bottom of all Kelley Kronenberg marketing communications.

  • Erasing your personal information or restricting its processing

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.

You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your personal information while its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

  • Transferring your personal information in a portable data file (“data portability”)

Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under how and why we use your personal information, you may ask us to provide you with a copy of that information in an appropriate format. We will provide this to you electronically in a commonly used form, such as on a USB device.

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

  • Complaining to the national data protection authority

You have the right to complain to the national data protection authority if you are concerned about the way we have processed your personal information. Although you have the right to complain to the data protection authority, we encourage you to contact us (as set out below) first with a view to letting us help in resolving any issues, concerns or questions.

–  In the UK, please visit the Information Commissioner’s Office (ICO) website for further details.

–  In France, please visit the Commission Nationale de l’Informatique et des Libertés (CNIL) website for further details.

–  In Belgium, please visit the Data Privacy Authority (DPA) website for further details.

  • Right to define what happens with personal data in the event of death

In certain countries including France, you have the right to define and tell us what we should do with your personal data after your death.


CHANGES TO THIS POLICY

Our Information Risk Committee is responsible for ensuring that this privacy notice is maintained. Our contact for any issues relevant to this Privacy Notice is each Office Managing Partner.

We may review this policy from time to time and any changes will be available to you by posting an updated version on our website. Any changes will take effect seven (7) days after the date on which we post the modified terms on our website, whichever is the earlier. We recommend that you regularly check for changes and review this policy whenever you visit our website. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.


CONTACT US

If you have additional questions you can call us at (954) 370-9970 or (800) 484-4381, fax us at (954) 382-1988, or reach us at marketing@kelleykronenberg.com. You can write to us at:

Attn: Webmaster/Marketing

Kelley Kronenberg

10360 W. State Road 84

Fort Lauderdale, FL 33324

Please include your email address, name, address, and telephone number when you contact us. This helps us handle your request correctly.