data privacy

PRIVACY POLICY STATEMENT
1. INTRODUCTION
This Privacy Policy describes how Dorsey & Whitney LLP ("Dorsey", "we," "us" or "our") collect, use, and share your personal data when you use the Dorsey website (www.Dorsey.com) and other online services ("Services" or "Digital Services").

The purpose of this Policy is to inform you about our privacy practices and to ensure that you understand the purposes for which we collect and process your personal data. The following is a brief summary of the manner and purposes for which we process your personal data. 

2. APPLICATION
This Policy relates to your personal data, i.e. data about you, an individual, from which you can be identified.

This Policy does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to a living individual (such as anonymised or aggregated data which cannot directly or indirectly be used to identify you or to obtain information about you) ("Anonymised and Aggregated Data"). We may generate or extract Anonymised and Aggregated Data out of any databases containing your personal data and we may make use of any such Anonymised and Aggregated Data for our purposes as we see fit. 

3. CHANGES TO THE PRIVACY POLICY 
Please review the Privacy Policy each time you use the Service. We may update this Policy from time to time, and the updated version of this Policy will be effective upon posting on the Dorsey Services. Please check this page to review the most up-to-date version of this Policy. 

4. RESPONSIBILITY FOR DATA CONTROL AND PROCESSING
Dorsey is the entity which is responsible for the control and processing of personal data that we collect from you when you use the Services.  If you have any questions or concerns about Dorsey’s use of your personal data, please contact our Data Privacy Team at dataprivacy dorsey.com

5. COUNTRY OF PROCESSING
We operate the Services from the United States of America (USA) and our data collection and processing activities take place predominantly in the USA. Accordingly, data collected from users when using our Services is collected in the USA. We store and otherwise process data (including personal data) through third party cloud service providers and other IT service providers which may be located or which may operate in other countries.

6. HOW WE COLLECT AND USE YOUR PERSONAL DATA 

(a) Information That You Provide Directly or Authorize Someone Else to Give Us. Dorsey collects personal information about you, such as your contact details, when voluntarily submitted by you. For example, if you choose to complete and submit one of the forms located on our Web site to register for conferences or register to receive information. We may ask you to provide certain information including, but not limited to your name, postal address, email address, telephone number, company name, password, third-party social networking service username and password, birthday, and other data. We retain messages you send through the Service, and any other data you provide to us. We use this data for our business purposes related to our practice of law, and as further detailed below.

(b) Information that we collect automatically. If you browse through the Dorsey.com website or download information, our servers will automatically collect certain information from you. This information includes the: (a) name of the domain and host from which you access the Internet; (b) browser software you use and your operating system; and (c) Internet address of the website and IP address from which you linked directly to this website. We will use information that we automatically collect to manage and improve our website to make it as useful as possible for visitors like you. We do not seek to match data collected automatically with data that you give us voluntarily as referred to above and we do not seek to track specific users or profile their activities on the website. 

(c) Analytics information. We collect, measure and analyze traffic and usage trends on the Services, and we use third-party analytics tools to help us. This allows us to understand, among other things, how the Services are being used and ways to improve the Services. Such third-party analytics tools use cookies and persistent device identifiers to collect and store information including, but not limited to time of visit, pages visited, time spent on each page, IP address, unique device ID, advertising tags and type of operating system used.

(d) Cookies. When you use the Service, we sometimes send one or more cookies (small text files containing a string of alphanumeric characters) to your computer that uniquely identify your browser and enhance your navigation on the Service. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take), and allow us or our third-party analytics tools we use to track your usage of the Services. There are at least two different types of cookies: persistent and session cookies. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent use of the Service. Persistent cookies can be removed by following your web browser's directions for removal of cookies. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to notify you when a cookie is being sent. However, some features of the Service may not function properly if cookies are disabled.

(e) Log File. Log file information is automatically reported by your browser each time you access a web page. When you access or use the Dorsey.com website, our servers may automatically record certain log file information, including but not limited to your web request, Internet Protocol address, browser type, referring/exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, and pages viewed. 

(f) Clear GIFs/Web Beacons. Clear GIFs (also known as web beacons) allow for the tracking of a user's response to an email or usage of a website in a manner that does not reveal personally identifiable information. We may use clear GIFs or similar technologies to assess responses to emails and usage of the Service. For example, we may use clear GIFs to track when emails are opened and which links are clicked by recipients. You can disable certain abilities of clear GIFs to capture information by blocking cookies. 

(g) Device Identifiers. When you access or use the Service using a mobile device, we may access, collect, monitor and/or remotely store one or more "device identifiers," such as a universally unique identifier. Device identifiers are small data files or similar data structures stored on or associated with your device that uniquely identify your device. A device identifier may consist of data stored in connection with the device hardware, operating system or other software, or data sent to the device by us. A device identifier may convey information to us about how you browse and use the Service. A device identifier may remain persistently on your device to enhance your navigation on the Service. Some features of the Service may not function properly if use or availability of device identifiers is impaired or disabled. 

(h) Location Data. When you access or use the Service using a mobile device, we may access, collect, monitor and/or remotely store "location data," which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your device. Location data may convey to us information about how you browse and use the Service. Some features of the Service, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled. 

(i) Professional Communications. Insofar as permitted under applicable law, we may use the information we collect or receive to communicate directly with you in relation to the Services or related services we offer. Subject to your consent to receiving such communications (where legally required), we may use the information to communicate with you in relation to other services that we offer.  For example, we may use the information to send you emails containing newsletters, updates on developments in the law or other information that may interest you. 

(j) Use of Certain Service-Type information. We may use information from cookies, log files, device identifiers, location data, clear GIFs and other tools to: (i) remember information so that you will not have to re-enter it during your visit or the next time you use the Service; (ii) provide custom, personalized content or information to you or others; (iii) monitor the effectiveness of the Service; (iv) monitor aggregate metrics, such as total number of visitors, traffic and demographic patterns; (v) diagnose or fix technology problems; (vi) provide advertising to your browser or device; and (vii) conduct research or surveys. 

(k) Use of information with Your Consent. We may use your information for any other purpose for which you provide consent.

7. AUTOMATED DECISION-MAKING
We do not envisage that any decisions will be taken about you based solely on automated decision-making that will have a significant impact on you. However, we will update this policy if this position changes. 

8. THE PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA
The purposes for which we collect and store your personal data are the following:

(a) To enable us to operate the Services and to enable you to use them efficiently; 

(b) Insofar as permitted under applicable law, to communicate with you in relation to our services and legal practice;

(c) To personalize, test, monitor, improve and upgrade the Services; 

(d) To assist law enforcement and respond to subpoenas; 

(e) To meet our legal obligations and the regulatory requirements to which we are subject, for loss prevention purposes and to protect and enforce our rights and meet our obligations to third parties; and 

(f) For our internal business purposes, such as compiling and analyzing usage information for general operational, statistical and business purposes. 

9. YOUR RESPONSIBILITIES
It is important that the personal data we hold about you is accurate and current. If you provided us with any details of personal data, please keep us informed if such details change.

10. THE LEGAL BASIS FOR PROCESSING YOUR DATA
The processing of your information is lawful on the basis of the following:

(a) Where relevant, your express consent (if your consent is requested or if you provide personal data to us voluntarily or in response to our request); 

(b) Compliance with legal obligations to which we are subject, including to comply with legal process; or 

(c) Our legitimate interests in (among other things) providing and administering the Services, conducting commercial research, improving and maintaining the Services, personalising and tailoring content made available to you through the Services,  protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change, protecting and defending our rights or property, required institutional risk control, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of the Service. 

11. HOW WE MAY SHARE YOUR INFORMATION
(a) Business Associates and Service Providers. We may share information about you with third-party business associates and service providers that perform services on our behalf in connection with the Digital Services, such as independent contractors who host and maintain our website and email services.  Where your information is shared with such third parties, we ensure that the third party service provider will deal with your information only on our behalf and on our written instructions and solely for the benefit of our business (and not for its own benefit). 

(b) Business Change. If we become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer your information to successor party or parties in connection with such transaction or change in ownership or legal structure. 

(c) Necessary Disclosure. Regardless of the choices you make regarding your information and to the extent permitted or required by applicable law, we may disclose information about you to third parties to: (i) enforce or apply the Terms of Use or any applicable end user license agreement; (ii) comply with laws, subpoenas, warrants, court orders, legal processes or requests of government or law enforcement officials; (iii) protect our rights, reputation, safety or property, or that of our users or others; (iv) protect against legal liability; (v) establish or exercise our rights to defend against legal claims; or (vi) investigate, prevent or take action regarding known or suspected illegal activities; fraud; our rights, reputation, safety or property, or those of our users or others; violation of the Terms of Use, our policies or agreements; or as otherwise required by law. 

(d) Sharing information. We may share certain service-type information, including information obtained through tools such as cookies, log files, device identifiers, location data and clear GIFs (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with our third-party business associates who may use such information for the purposes described in the section titled "How We Collect and Use information." 

(e) Aggregated data. As mentioned above, we may also aggregate or otherwise strip information of all personally identifying characteristics and may share that aggregated, anonymized data with third parties or publish it.  This data does not personally identify you and helps us to measure the success of the Services and its features and to improve your experience.  We reserve the right to make use of any such aggregated data as we see fit. 

12. HOW WE PROTECT YOUR INFORMATION
We take certain physical, technological and administrative measures to protect the information you provide through the Services against loss, theft, and unauthorized access, use, disclosure or modification. However, we cannot ensure or warrant the security of any information you transmit to us or guarantee that information on the Services may not be accessed, disclosed, altered or destroyed. Messages and emails sent to or from the Services may not be secure. You should use caution whenever submitting information online and take special care in deciding what information you send to us via email.
We cannot guarantee that transmissions of your personal data will be fully secure and that third parties will never be able to defeat our security measures or the security measures of our partners.  WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD-PARTY ACCESS OR CAUSES BEYOND OUR CONTROL. 

13. YOUR CHOICES ABOUT YOUR INFORMATION

(a) Controlling Your Settings. You can limit your browser or mobile device from providing certain information by adjusting the settings in the browser, operating system or device. Please consult the documentation for the applicable browser, operating system or device for the controls available to you. You can also stop receiving promotional emails from us by following the unsubscribe instructions in those emails. Note that unsubscribe is not available for certain emails concerning your relationship or dealings with us.  

(b) Do Not Track. At this time, we do not recognize "do not track" signals sent from web browsers.  In some cases, your browser may offer a “Do Not Track” option, which allows you to signal to operators of websites, mobile applications, and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites and mobile applications and services. Disabling tracking mechanisms may disable certain features of the Service. To disable tracking, please consult the documentation for your browser, operating system or mobile device. For some devices, it may not be possible to disable tracking mechanisms. You may also disable tracking by certain third-party services by opting out:

14. HOW LONG WE KEEP YOUR INFORMATION 
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

15. CHILDREN'S PRIVACY
The Service is not directed to children and is intended for use by adults only. We do not knowingly collect information from individuals under 16 years of age. If you are under the age of 16, please do not submit any information through the Service. 

16. THIRD-PARTY SITES AND SERVICES
The Service may reference or provide links to other websites, applications, or resources. If you access any website, application, or resources provided by a third party, our Privacy Policy will not apply. Your interactions with such websites, applications, and resources are subject to the privacy policies of the third parties that operate them. Please review those policies carefully to understand how those parties will treat your information. 

17. EU PRIVACY RIGHTS
Users based in the European Economic Area have the following legal rights in respect of their personal data:

(a) The right to require Dorsey to confirm whether or not their information is being processed, the purpose of any such processing, the recipients of any information that has been disclosed, the period for which their information is to be stored and whether any automated decision-making processes are used in relation to their information;

(b) The right to require Dorsey to rectify inaccurate information without undue delay; 

(c) Where Dorsey has relied on the ‘consent’ basis for processing that information (see paragraph 9(a) above), the right to withdraw their consent at any time. This right to withdraw consent does not affect the lawfulness of processing based on consent before its withdrawal; 

(d) The right to request the erasure of their information. In general, a data subject may be entitled to  require the erasure of their personal data records where: 

  • (i) the information is no longer necessary in relation to the purpose for which it was collected, such as where a user chooses to terminate his or her use of the Service; 
  • (ii) where the processing of the information is based on the user’s consent (and the other circumstances described in the ‘Legal Basis for Processing Your information’ and ‘How We May Share Your information’ sections above no longer apply), if the user withdraws his or her consent; or 
  • (iii) where the personal data is processed by Dorsey solely on the basis of our ‘legitimate interest’ referred to in paragraph 10(d) (and the other legal basis set out in paragraph 10 do not apply), if the user objects to the processing of his or her personal data and there are no overriding legitimate grounds for the processing (such as, for example, where the processing of the data is required to meet statutory obligations or for the defence of legal claims). 

Where Dorsey has disclosed the information of a user in the European Economic Area to a third party and the user requests the erasure or rectification of the data, Dorsey will take all reasonable steps to inform the third party of such request; 

(e) The right to require Dorsey to restrict its processing of a user’s personal data in certain circumstances, such as where the accuracy of that data is disputed or an objection has been raised. In such circumstances, Dorsey will only process that information with the express consent of the user, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest; 

(f) Where data is processed on the basis of data subject consent or for in fulfilment of a contractual obligation, the user’s right to receive his or her personal data from Dorsey in a structured, commonly used and machine-readable format; 

(g) The right to object to the processing of personal data where: 

  • (i) Dorsey relies solely on the ‘legitimate interest’ basis for processing that data, in which case we will be legally required to stop processing the user’s information unless we have compelling legitimate grounds for the processing which override the user’s privacy rights and interests; or 
  • (ii) the information is used for direct marketing purposes, in which case we will immediately stop processing the user’s information for such purposes;

(h) Users have the right to lodge a complaint with the data protection supervisory authority of the EU member state where the user resides. 

18. CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83, if you are a California resident and your business relationship with us is primarily for personal, family or household purposes, you may request certain data regarding our disclosure, if any, of information to third parties for the third parties' direct marketing purposes. To make such a request please fill out the request form here. You may make such a request up to once per calendar year. If applicable, we will provide to you via email a list of the categories of information disclosed to third parties for their direct marketing purposes during the immediately-preceding calendar year, along with the third parties' names and addresses. Please note that not all personal data sharing is covered by Section 1798.83's requirements. 

19. QUESTIONS/CONTACTING US
If you have any questions regarding this Privacy Policy or if you wish to make a request in accordance with paragraphs 17(d) and/or 18 above, you may email the Data Privacy Team at dataprivacy dorsey.com or call +1 (612) 340-2600 or contact us by mail at the address below.  Please note that email from unrecognized addresses may be rejected by our security measures and therefore not be received.  If you do not receive an acknowledgment concerning a data privacy request sent by email within 3 business days, please contact us by phone or letter. 

Dorsey and Whitney, LLP
Attn: Data Privacy Team
50 South Sixth Street
Suite 1500
Minneapolis, MN 55402-1498
United States of America