Privacy Notice

Last Revised: December, 2019

This Privacy Notice informs you of important information about how Ropes & Gray LLP and Ropes & Gray International LLP (together, “Ropes & Gray” “we” or “our”) process the personal data that we collect in online and offline formats through the Services. 

Personal data” means data that reasonably can be used to identify a living person, or that reasonably relates to a living person.

When we use the term “Services” we mean to refer collectively to:

  • The provision of legal and related services to our clients and prospective clients (“Client Services”);
  • The websites and mobile applications owned and controlled by us that link to this Privacy Notice (“Sites”); and
  • Our marketing and business development activities, including events we host, social media properties we create, and emails that we send (“Marketing Activities”).

This Privacy Notice covers the personal data that we collect through the provision of our Services. 

How we collect and use personal data

We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our individual clients and prospective clients, their representatives, visitors to our offices, visitors to our Sites, vendors, journalists, and other individuals.

Clients and prospective clients

We operate in a regulated industry. This means we are required to obtain certain information before we can accept someone as a client. For individual clients, this includes:

  • Name
  • Contact details
  • Financial information
  • Information to verify identity, such as passport

The majority of our clients are corporate entities and data about entities is not personal data. But we do process personal data of company employees, representatives and other personal data clients provide to us, or allow us to collect on their behalf, while providing the Client Services. This includes contact information and any other personal data that is relevant to or necessary for us to deliver the Client Services. 

We also process personal data to assist in building relationships. This includes name, contact information, and job title and may also include education information, work history, and gender. If you attend one of our events, we may also have information about your dietary requirements.

We collect and use this information to provide the Client Services and for other legitimate business interests. For example, we use contact details to send communications, legal updates, and invitations to events. You can update your communication preferences by clicking on the link at the bottom of one of our marketing emails or contacting privacy@ropesgray.com.

We also obtain personal data from third-party sources in connection with Client Services, such as CaplQ, LexisNexis and general internet searches. Such third-party information sometimes contains personal data about family, health or immigration status. We use this information to perform relevant diligence, conduct investigations, and perform conflict checks.

Our legal basis for processing personal data in connection with Client Services is:

  • To comply with legal obligations and professional responsibilities;
  • To perform contracts;
  • To pursue our legitimate interests of:
    • ensuring that we deliver the best possible service to our clients,
    • keeping individuals informed of developments in the law,
    • business development and general marketing,
    • providing you with information on our services and events, and
    • ensuring we build and maintain a good working relationship with you
  • Your consent, where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to our mailing list).

For prospective clients, or an employee or representative of a prospective client, we will process personal data including your name and contact details as well as details of any interactions you may have with us or our attorneys (for example, meetings you have had or pitches you have invited us to).

We may obtain this information directly from you, from your employer or from publically available sources like your employer’s website.

The legal bases we rely on to process your personal data is:

  • To take steps requested by you prior to entering into a contract with you;
  • To pursue our legitimate interests in building our business and developing a relationship with potential new clients.

[Back to the top]

Visitors to our Sites

Certain visitors interact with the Sites in ways that lead us to gather personal data. The amount and type of data that we gather depends on the nature of the interaction. For example, if you sign up to our mailing list we collect your name, contact details, job title and company name. This is more information than we require to add you to our emailing list, but we collect other information about you to ensure that we do not create a duplicate record for you in our database. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain Site-related activities.

In addition, we collect information automatically as disclosed in our Cookie Notice, below. 

The legal bases we rely on to process this information is:

  • To pursue our legitimate interests in developing and growing our business, operating and improving the Sites, and conducting Marketing Activities; and
  • Your consent, where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to our mailing list).

[Back to the top]

Visitors to our offices

For visitors to our offices we will take a record of name and contact information. This information is recorded for legitimate business purposes and for health and safety purposes so that we know who is in the building in event of an emergency. If you attend one of our events and we serve food we may have information about your dietary requirements.

The legal bases we rely on to process your personal data is:

  • To comply with our legal obligations;
  • To pursue our legitimate interests in ensuring the safety and security or our employees and visitors.

[Back to the top]

Vendors and business partners

We process personal data of vendors and business partners, including name and contact details. For vendors, we do this so that we can liaise about the services the vendors are providing to us now and in the future. For business partners, we do this to support, grow, and maintain the relationship. For individual vendors and business partners, we also may hold financial information in order to pay invoices. Sometimes we receive this information from a third party who is recommending the service to us.

The legal basis we rely on to process this personal data is:

  • To pursue our legitimate interests of managing and operating our business, including through use of vendors.

[Back to the top]

Journalists

We process contact details and information about publications journalists write for, as well as a photo and CV in order to connect with you on press releases and other happenings, and to invite you to meet or communicate with our staff for the purposes of contributing to your publications.

We usually obtain this information from a third party media contact buy-in service (we currently use Roxhills) or we may obtain this information directly from you. Sometimes we receive this information from third parties who have dealt with or know of you and are recommending you to us.

The legal basis we rely on to process personal data of journalists is:

  • To pursue our legitimate interest of operating our business, marketing, business development and professional development.

[Back to the top]

Webinar attendees

Webinars offered as a service to users of the Services (“Webinars”) are hosted by a third-party vendor. That vendor requires registrants to provide personal data, including name and email address. Individuals seeking continuing legal education credit also may be asked to provide State Bar number(s). This personal data is not collected by us, but may be shared with us. We use this personal data to track attendance, facilitate future communications with registrants and attendees, and for other purposes set forth in this Privacy Notice.

[Back to the top]

Other individuals

When we provide certain types of Client Services we may be provided with personal data from third parties about a number of individuals other than those described explicitly in this Privacy Notice. The personal data we process will depend on the type of matter for which our client has retained us. For example:

  • If we are engaged by our client to advise them on selling its business, our client may send us information about is customers and employees as part of the due diligence process with the buyer;
  • If we are engaged by our client to advise them on buying a business, we may receive personal data about the target company’s customers and employees in order to conduct a due diligence exercise and determine the risks that exist at the target business;
  • If we are engaged by our client to advise them on a dispute, we will have personal data about the opposing parties, their attorneys, witnesses and any personal data contained in witness statements or evidence.

The primary reason we process this personal data is to provide the Client Services, fulfill our professional duties, comply with law, and operate our business.

We can obtain this information from a number of different sources including our client, our client’s opponent or counterparty, the courts, tribunals and law enforcement authorities.

The legal bases we rely on to process your personal data is:

  • To comply with our legal obligations and meet our professional responsibilities;
  • To pursue our legitimate interests of operating our business, providing Client Services, conducting Marketing Activities.

[Back to the top]

Additional uses of personal data

In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, or are necessary to serve our legitimate interests in the following business operations: 

  • Operating our business, administering the Services and managing your accounts; 
  • Contacting you to respond to your requests or inquiries;
  • Processing and completing your transactions including, as applicable, order confirmation and delivering products or services;
  • Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
  • Providing you with marketing information, and other information that is tailored to your interests;
  • Conducting research, surveys, and similar inquiries to help us understand trends and client needs;
  • Analyzing your interactions with us, and improving our products, services, programs, and other offerings;
  • Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
  • Enforcing our Terms of Use and other agreements.

How we share and disclose personal data

We share personal data with the following categories of recipients. 

Service Providers

We may disclose your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services. 

Affiliates

We may disclose personal data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing our the superior client service and engagement experience that our clients have come to expect from us around the world.

To Perform Client Services

We will also disclose personal data to the following categories of third parties: (1) anyone involved in the matter we are working on including lawyers, barristers, counterparties, experts, mediators, opponents, other attorneys, and witnesses; (2) law enforcement, tax, and regulatory agencies and bodies; (3) insurers; and (4) service providers such as IT and telephony services, catering, document production, and postal and delivery services.

We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums. When you post information publicly.

We do not sell any personal data and have not sold any personal data in the past.

Corporate Transactions or Events 

We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings. 

Other Legal Reasons

In addition, we may use or disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Ropes & Gray, our affiliates, you and others; and (7) to enforce our terms and conditions.

[Back to the top]

Region-Specific Disclosures

Individuals in Andorra, Argentina, Australia, California, Canada, Cayman, Europe Economic Area (including the United Kingdom), Faroe Islands, Guernsey, Hong Kong, Israel, Isle of Man, Japan, Jersey, Mexico, New Zealand, Singapore, South Korea, Switzerland, Uruguay, and certain other jurisdictions may have certain data subject rights. These rights vary, but they may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) restrict or object to the processing of their personal data; and (iii) obtain a copy of their personal data in a portable format. Individuals may also have the right to lodge a complaint about the processing of personal data with a data protection authority.  

If you make a request related to personal data about you, you may be required to supply a valid means of identification as a security precaution. We will process your request within the time provided by applicable law.

European Economic Area

For individuals in the European Economic Area, please click here for additional detailed disclosures. 

State of California, United States

We may disclose personal data to affiliates of Ropes & Gray LLP, which may use this information for all purposes outlined in this Privacy Notice. Under California Civil Code Section 1798.83, separate legal entities are considered “third parties” and certain communications with our affiliates might be viewed as promoting legal services. Therefore, we are providing the following information for California residents who have provided us with their personal data during the creation of or during the course of an established legal services relationship that is primarily for personal, family, or household purposes (“California Residents”).

Individual California Residents may request information about our disclosures of certain categories of personal data to third parties (i.e., our affiliates) for such third parties’ direct marketing purpose, consistent with California Civil Code Section 1798.83. 

Individual California Residents must submit requests to us either by email at privacy@ropesgray.com or by mail at the following address:

Office of the General Counsel
Ropes & Gray LLP
1211 Avenue of the Americas
New York, NY 10036-8704

In response, we will provide a list of the categories of “Personal Information,” as that term is defined by California Civil Code Section 1798.83, disclosed to third parties for direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties.

This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this section.

Exercising California Data Subject Rights

Individuals in California may have a right under the California Consumer Privacy Act (“CCPA”) to request erasure of their personal data or access to personal data that we have collected in the last twelve (12) months.

You may submit requests for access or erasure of your personal information by calling toll-free (within the U.S. only) 1-833-458-8316 or emailing privacy@ropesgray.com

Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.

If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.

If you are making a request for erasure, we will ask that you confirm that you would like us to delete your personal information again before your request is submitted.

You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.

Agents who make requests on behalf of individuals will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.

Under the CCPA, you cannot be discriminated against for exercising your rights to access or request erasure of their personal data.

[Back to the top]

E-mail Marketing

We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.

[Back to the top]

Cookie Notice

How we use Cookies

We use cookies and related technologies (“Cookies”) to provide Services, gather information when users navigate through the Sites to enhance and personalize the experience, to understand usage patterns, and to improve our Sites, products, and Services. 

Cookies on our Sites are generally divided into the following categories:

  • Essential Cookies: These cookies are strictly necessary to provide you with services available through our Services and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them without affecting how our Services function.
  • Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Services but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
  • Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Services are being used or how effective our marketing campaigns are, or to help us customize our Services for you in order to enhance your experience.
  • Targeting Cookies: These record your visit to our Sites, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the Sites and other websites you visit. These Cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. See below for further details on how you can control third-party targeting cookies.

We also allow third parties to use Cookies on our Sites to collect information about your online activities over time and across different websites you visit. This information is used to provide advertising tailored to your interests on websites you visit, also known as interest based advertising, and to analyze the effectiveness of such advertising.

How to control Cookies

You can review your Internet browser settings, typically under the sections "Help" or "Internet Options," to exercise your options for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of the Sites. 

To learn more about the use of Cookies by Google for analytics and to exercise choice regarding those Cookies, please visit the Google Analytics Opt-out Browser Add-on

We support the Self-Regulatory Principles for Online Behavioral Advertising of the Digital Advertising Alliance (“DAA”). To learn more about certain third-party Cookies used for interest-based advertising, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance or your device settings if you have the DAA or other mobile app.

The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests. 

[Back to the top]

Links to Other Sites

Occasionally we provide links to other websites for your convenience and information. These sites operate independently from our Sites and are not under our control. These sites may have their own privacy notices or terms of use, which you should review if you visit any sites linked through our Sites. We are not responsible for the content or use of these unrelated sites. 

[Back to the top]

Updates to this Privacy Notice

Although most changes are likely to be minor, Ropes & Gray may change its Privacy Notice from time to time, and at Ropes & Gray's sole discretion. Ropes & Gray encourages visitors to check this page frequently for any changes to its Privacy Notice.

[Back to the top]

How to contact us

If you have any queries, questions or concerns about this Privacy Notice or our personal data handling practices, please contact us at privacy@ropesgray.com

[Back to the top]