Privacy

Privacy Policy

Last updated on April 26, 2021

We are committed to protecting your privacy. This notice describes how we collect and use your personal data. It also describes the rights you have and control you can exercise in relation to it.

Data collection and usage

We may collect the following personal data:

Contact information: your name, position, role, company or organization, telephone (including mobile phone number where provided) as well as email and postal address;
Business information: data identifying you in relation to matters on which you instruct us or in which you are involved;
Your logon ID and password: for access to electronic portals, extranets and other client services or platforms;
Information from public sources: e.g. Linkedin and similar professional networks, directories or internet publications;
Information in connection with investigations or proceedings: where this is necessary to conduct the investigation or proceedings;
Attendance records: to record your attendance at our offices for security purposes;
Subscriptions/preferences: when you subscribe to receive legal briefings, updates or newsletters as well as consent preferences to help us identify which materials you are interested in receiving;
Events data: attendance at and provision of feedback forms in relation to our events;
Supplier data: contact details and other information about you or your company or organization where you provide services to us;
Social media: posts, Likes, tweets and other interactions with our social media presence;
Technical information: when you access this website and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari etc.), time zone setting, browser plug-in types and versions, operating system you are using (e.g. Vista, Windows XP, MacOS, etc), device type, hardware model, MAC address, unique identifiers and mobile network information;
Online data: when you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails. WE DO NOT COLLECT PERSONAL DATA ABOUT YOUR ONLINE ACTIVITIES ACROSS THIRD PARTY WEBSITES OR ONLINE SERVICES.
Special categories of personal data: such as dietary, disability or similar requirements for events and meetings. If you do not provide this information, we may not be able to respond to your particular needs or preferences;
Criminal record data: where permitted by national law and appropriate to do so, such as existence of prior criminal offenses (or confirmation of clean criminal record).

The above data will be provided to us by you, your employer, the company or organization who is our client or screening providers who assist us with our legal obligations to conduct under anti-money laundering, sanctions screening and regulatory checks.

Your communications with us

We may also collect information that you choose to provide in communications with us. Please do not send us confidential information until we have confirmed in writing that we represent or act for you or your company or organization. Unsolicited emails from non-clients do not establish a lawyer-client relationship. They may not be privileged and, therefore, may be disclosed to others.

How we use your personal data

We use your personal data for the following purposes:

Service provision: providing advice and services including electronic portals, extranets and other technology tools;
Business relationship: managing and administering our relationship with you, your company or organization including keeping records about business contacts, services and payments so we can customize our offering for you, develop our relationship and target our marketing and promotional campaigns;
Communication: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services;
Events: running briefings, roundtables and other events;
Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
Client legal compliance: client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime and we may not be able take instructions if you do not provide the information we need to do these checks;
Website monitoring: to check the website and our other technology services are being used appropriately and to optimize their functionality;
Site security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
Online security: protecting our information assets and technology platforms from unauthorized access or usage and to monitor for malware and other security threats;
Regulatory: compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements;
Managing suppliers: who deliver services to us;
Legitimate interest: to pursue the legitimate business interests listed in the “Legitimate Interests section of this policy below.

Our reasons for using your personal data

We will process your personal data for a number of reasons:

you have given us consent: for example where you share details for particular purposes;
this is necessary to comply with legal or regulatory obligations: for example anti-money laundering and mandatory client screening checks or disclosure to law enforcement.
this is necessary to deal with legal claims
processing is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual. Our legitimate interests are listed in the next section.

Legitimate interests

We have legitimate business interests in:

providing legal services;
managing our business and relationship with you or your company or organization;
understanding and responding to inquiries and client feedback;
understanding how our clients use our services and websites;
identifying what our clients want and developing our relationship with you, your company or organization;
improving our services and offerings;
receiving information from other firms for shared clients;
enforcing our terms of engagement and website and other terms and conditions;
ensuring our systems and premises are secure;
managing our supply chain;
developing relationships with business partners;
ensuring debts are paid;
operating suppressors to exclude you from direct marketing if you unsubscribe;
sharing data in connection with acquisitions and transfers of our business.

Our reasons for using special category data

Special category data in the EU and certain other jurisdictions refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data. We may also collect data about criminal convictions. We will process this data where:

we have your explicit consent: for the particular processing;
this is necessary to protect your vital interests or those of another person: for example, in medical emergencies;
you have manifestly made the data public: for example, where you have published it on social media;
this is necessary to deal with legal claims: for example, involving court proceedings;
this is necessary for substantial public interest: for example to prevent or detect unlawful acts;
as permitted by applicable law: outside the EU and other jurisdictions where these restrictions apply.

With whom do we share your data?

We may share your information as with others as follows:

Other Firms: including their management, lawyers, staff and contractors in order to provide services;
Suppliers: who support our business including IT and communication suppliers, outsourced business support, marketing and advertising agencies, back up and suppliers. Our suppliers have to meet minimum standards as to information security and they will only be provided data in line with their function;
Shared service centers: operated by us or third parties including for client on-boarding, IT services, marketing, risk management and office support services;
Other law firms: including other local law firms, barristers, expert witnesses and arbitrators/mediators;
Law enforcement bodies and our regulators: or other competent authorities in accordance with legal requirements or good practice;
Appropriate parties in the event of emergencies: in particular to protect health and safety of our clients, staff and organizations;
Your company or organization: in relation to us providing legal services;
Screening service providers: so that we can comply with legal obligations in relation to the prevention or protection of crime, ant-money laundering, sanctions screening and other required checks;
Advertising networks and analytics service providers: to support and display ads on our website, apps and other social media tools;
Third parties: in the context of the acquisition or transfer of any part of our business or in connection with the business reorganization;
Other delegates: where your name will appear on the attendee list for events where you have told us you plan to attend.

Personal data about others

In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.

Security

We will hold your information securely in line with physical, technical and administrative security measures. However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk.

Where will your information be held?

We are a global services provider, your information may be transferred out of your local jurisdiction or region. Data protection laws vary by country and those applicable in the USA and elsewhere are not equivalent to those applicable in, for example, the EU or certain other jurisdictions. We will, take steps to protect your information in line with locally applicable data protection requirements.

How long do we keep your data?

We generally keep your information as needed to provide our legal services and to deal with claims. This will depend on a number of factors such as whether you or your company or organization are an existing client or have interacted with recent client mailings or bulletins or attended recent events. We will retain your information as necessary to comply with legal, accounting or regulatory requirements. Typical retention periods will range from 3 to 15 years.

Your Rights

If you are working under an EU engagement or our practices in certain other jurisdictions where similar rules apply, you have certain rights in relation to your information. The availability of these rights and the ways in which you can use them are set out below in more detail.

Some of these rights will only apply in certain circumstances, please contact us for more information.

Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
Transfer: you may us to help you request the transfer certain of your personal data to another party;
Objection: where we are processing your personal data based on a legitimate interests (or those of a third party) and you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
Consent: where we are processing personal data with consent, you can withdraw your consent.
If you want to exercise any of these rights, please contact please contact us in writing at admin@ocolegal.com.

You also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of Data Protection law has taken place. In the UK you can make a complaint to the Information Commissioner’s Office (Tel: 0303 123 1113 or at www.ico.org.uk).

Right to object

If you are working under an EU engagement or our practices in certain other jurisdictions where similar rules apply, you may have a right to object to us processing your information in certain circumstances. This applies where we are processing your personal information based on a legitimate interest (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.

Direct Marketing

As described above, you can opt-out of receiving direct marketing from us at any time.
We may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services including events that we think may interest you.
You can opt-out of receiving direct marketing from us at any time. You can do this by changing your marketing preferences on your online accounts settings page, clicking on the “unsubscribe” link included at the end of any marketing email we send to you, or by contacting the DPO.

Cookies

We use cookies that identify your browser. They collect and store information when you visit our website about how you use it through which it is possible to record your use of the website, as well as provide you with a better service and experience when browsing and for analytics. The personal data we collect through these technologies will also be used to manage your session.

Links to third party websites

Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal data that you provide through these websites is not subject to this privacy notice and the treatment of your personal data by such websites is not our responsibility.

If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.

Children

We do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old, you may not submit any personal data to us.

Additional Privacy Information for California Residents

This section of our Policy (the “California Notice”) provides additional information for California residents, as required under the California Consumer Privacy Act of 2018 (“CCPA”). This section is effective January 1, 2020. Please note that as of the effective date of this Policy, the CCPA implementing regulations have not been finalized by the California Attorney General. Accordingly, we may update this section, our relevant data practices, or our processes for handling CCPA requests, in response to the final CCPA regulations or other CCPA legal developments.

This California Notice applies to the personal information we collect, both online and offline, about California consumers, including personal information that we collect:

from users of our Sites, including the services available via our Sites
about clients and individuals that use or inquire about our legal and related services that we make available (“Services”)
about individuals that attend events hosted or sponsored by us, reply to our emails or communications, visit our offices, or otherwise communicate or engage with us
about individuals from clients and others related to the Services we provide

As used in this California Notice, “personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household; it does not include publicly available information made lawfully available by state or federal governments or deidentified information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked directly or indirectly to a particular individual

This California Notice does not address or apply to:

our handling of personal information that is exempt under Section 1798.145 of the CCPA,
personal information we collect about employees, contractors or job applicants or other individuals who are not California residents, or
personal information we collect about individuals acting in their capacity as representatives (“B2B contacts”) of our clients, prospective clients, vendors and other businesses that we conduct business with, to the extent we use their personal information only in the context of conducting our business relationship with the respective business.
Categories of personal information that we collect and disclose.

Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. Pursuant to the CCPA, we may collect and disclose for a business purpose, and have done so in the prior 12 months, the following categories of personal information (as defined by the CCPA):

Identifiers: such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Customer records (categories of personal information set forth in Cal. Civ. Code 1798.80(e)): paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.
Characteristics of protected classifications under California or federal law: such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.
Commercial information: including records of property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
Internet or other electronic network activity information: including but not limited to browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Geolocation data: precise location information about a particular individual or device.
Audio, electronic, visual, olfactory, or similar information: such as CCTV footage, photographs, and audio recordings.
Employment information: professional or employment-related information.
Education information: information that is not publicly available personally identifiable information as defined in the Federal Education Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99)
Inferences from personal information collected: inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, behavior or attitudes.

We do not sell, and have not in the prior 12 months sold, personal information about California residents. We do disclose personal information for business purposes as described in the Disclosure of personal information section above.

We may collect the above categories of personal information directly from you, automatically about your use of our Sites, and from third parties such as clients of our legal services, government and public entities, public records, data aggregators and resellers, parties and related parties in litigation matters, and others (see the Information we collect section above for more information).

We use these categories of personal information we collect to provide our legal and other Services, to operate our Sites, to optimize and personalize your experiences with our Sites (e.g., to recognize or store your location, language or other settings), to analyze and improve our Sites and Services, to provide customer support and respond to requests, to comply with legal and ethical obligations and regulatory requirements, in support of our business operations (e.g., accounting, recordkeeping and legal functions), to protect or defend our rights and the rights of others, to prevent misuse of our Sites and Services, and as otherwise required by law. We also use personal information we collect about clients, potential clients, event attendees and others who subscribe to receive our communications for direct marketing purposes and contact them about news, information and events they may be interested in (see the Use of personal information section above for more information about our use of personal information).

California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below: Notice before collection: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.

California residents have the right to request, at no charge, deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies. We will respond to verifiable requests received from California residents as required by law.

California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including:

categories of personal information collected;
categories of sources of personal information;
business and/or commercial purposes for collecting and selling their personal information;
categories of third parties/with whom we have disclosed or shared their personal information;
categories of personal information that we have disclosed or shared with a third party for a business purpose; and
categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.

California residents have the right to opt-out of our sale of their personal information. Further businesses may not knowingly sell personal information about minors under 16 years old without prior express consent.

The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, where the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offers and their material terms, the right to opt-out of such incentives at any time, and may not be included in such incentives without their prior informed opt-in consent. We do not offer any such incentives at this time.

California residents may submit a request to know or a request to delete to us by emailing us at admin@ocolegal.com. We may require additional information from you in order to verify your request. We will respond to verifiable requests received from California residents as required by law.

Changes to this Notice

This notice may be changed from time to time.
If we change anything important about this notice (the information we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.

How to contact us

If you would like more information about the way we manage personal data that we hold about you please contact us at info@doadr.com.