Last Updated: January 1, 2020
This Privacy Notice describes how Hopkins & Carley (“Hopkins & Carley,” “we,” “our” or “us”) processes, uses and shares the Personal Information (defined below) that it receives or collects from visitors to the Hopkins & Carley website (“Website”), blog site and social media accounts (hereinafter all collectively referred to as “Sites”), potential and ongoing clients, and any other individual or entity that may disclose Personal Information to us, as further described below.
For individuals located outside of the United States, please note that your Personal Information will be collected, processed and stored in the United States, which may have data protection laws that are different from (and may be less protective than) the laws of your country or region, such as the GDPR, as further described here.
If you are a California resident, please click here for more information about your rights under the California Consumer Privacy Act.
Who We Are
Hopkins & Carley is a law firm located in the United States. We are a law corporation organized under the laws of the State of California for the practice of law. We have offices in Northern California (Palo Alto, San Francisco, and San Jose). The address of our main office is:70 S. 1st St. San Jose, CA 95113 UNITED STATES
Scope of this Privacy Notice
This Privacy Notice applies to Personal Information that we collect online through the Sites when you contact us, or that may be provided in connection with recruiting. It also applies to Personal Information that we collect or obtain in the course of representing our clients. However, nothing contained in this Privacy Notice alters or changes our obligations to our clients under applicable rules of professional responsibility.
This Privacy Notice does not cover information collected by any other company, a third-party site or third-party application that may link to, or that can be accessed from, any of our Sites.
By visiting our Sites or providing your Personal Information to us (whether via one of our Sites, by email or other written communication, in person or over the phone), you acknowledge and agree to our practices described below. If you have questions or comments about this Privacy Notice or our use of your Personal Information, please contact us at email@example.com.
Changes to This Privacy Notice
We may update this Privacy Notice from time to time. If we do so, we will post our updated Privacy Notice on the Website and the blog Site where applicable, and for a reasonable period of time, we will post notice of the change so it is visible when users use the Sites after the change is posted. By your continued use of any of the Sites, you consent to the terms of the revised Privacy Notice.
When and How Do We Collect Personal Information?
“Personal Information“ means any information about an individual from which that person may be identified. Personal Information includes obvious things, like your name, telephone number, email address, and street address, as well as less obvious things like your IP address, device ID and location information. Personal Information does not, however, include information from which the identity of an individual has been definitively removed (also known as anonymous or anonymized data).
We collect Personal Information directly from you when you provide it to us, such as when you take any action while visiting our Sites or otherwise communicate with us, verbally or in writing. We also may collect information indirectly through automated technologies, such as cookies, or from third parties and/or public records.
Types of Personal Information We Collect
Personal Information You Provide
We collect Personal Information that you provide voluntarily through our Sites or otherwise (such as during our legal representation or recruiting process, when you request information from us or register for an event we sponsor). The Personal Information you provide to us may include some or all of the following:
- Your contact information, e.g., your name, address, phone number, email address, company name and country
- Interests and preferences that you provide to us when requesting information or registering for an event we sponsor
- Access and dietary requirements that you may provide to us when registering for an event
- Personal Information provided to us by or on behalf of our clients or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data, as further described below
- Resumé or other employment-related data that you provide to us in connection with recruiting, as further explained below
- Any other Personal Information that you voluntarily choose to provide to us
If we ask you to provide any Personal Information not described above, the Personal Information that you are asked to provide and the reasons why you are asked to provide it will be made clear to you when asked to provide it.
Personal Information We Collect Automatically
We collect certain information automatically from your device. Our web servers log some technical information automatically. Accordingly, Personal Information that we collect automatically may include information like your Internet Service Provider, IP address, device type, unique device identification number, browser type, broad geographic location (e.g., country or city-level location) and other technical information.
We may also collect information about how your device has interacted with our Sites, including the pages accessed and links clicked. Although this information may be considered Personal Information under applicable laws, we do not append or associate it with any Personal Information you may choose to provide.
Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookie Notice. Please note that on the Website and blog Site, we have disabled cookies and trackers with the exception of those that are essential cookies.
We may also collect Personal Information through third-party sources, such as public records, recruitment agencies and entities or individuals who act as agents for our clients.
We collect Personal Information from and about our clients in connection with our legal services. The nature, scope and type of such information depends on the legal matter for which you have sought our services and may include: basic personal details such as your name and job title; contact data such as your telephone number and postal or email address; employment data; financial data such as payment information or bank account details; identification and other background verification data such as a copy of your passport; data collected as part of our client due diligence; and any other data that may be relevant to the legal matter(s) for which you engage us. Some of this information may be collected from potential clients who do not subsequently execute a Professional Services Agreement with us.
We collect information from and about potential candidates in connection with employment opportunities at Hopkins & Carley. This information may include name and contact information, resumé, academic records, employment history, and references.
We use the Personal Information that you provide to match your skills, experience, and education to available and/or specific roles within Hopkins & Carley. This information is passed to the relevant hiring managers and individuals involved in the recruiting process in order to assess next steps. We may also collect further information from you as you move along in the recruiting process.
In connection with our recruiting activities, we may also collect special categories of Personal Information from candidates when we have a legal obligation to do so if the information is relevant to the future provision of employment, or with the individual's explicit consent. For instance, we may need to collect information about a candidate’s immigration status in order to ensure that we may legally hire that candidate, or a candidate’s disabilities in order to provide a suitable working environment for that candidate if the candidate is hired by Hopkins & Carley. We may also need to conduct criminal background checks. We may also ask a candidate to provide diversity information about race/ethnicity and sexual orientation for diversity monitoring purposes, although providing this information will be entirely up to the candidate.
Hopkins & Carley collects Personal Information about candidates from a number of sources, including:
- Directly from the candidate – for example, information provided when applying for a position directly through the Website;
- From recruiting service providers – for example, when a recruitment agency contacts us to identify someone as a potential candidate;
- Through publicly available sources online – for example, through a professional profile posted online (e.g., a professional networking site); and
- By reference or word-of-mouth.
Please note that for candidates who are also California residents, we will separately provide you with a notice for job applicants and personnel.
We may use your Personal Information for a number of different reasons, as further explained below. In addition, for users located in the European Economic Area (EEA), we must have a valid legal basis in order to process your Personal Information. The main legal bases under the European Union’s General Data Protection Regulation (GDPR) that justify our collection and use of your Personal Information are:
- Performance of a contract – When your Personal Information is necessary to enter into or perform our contract with you.
- Consent – When you have consented to our use of your Personal Information via a consent form (online or offline).
- Legitimate interests – When we use your Personal Information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
- Legal obligation – When we need to use your Personal Information to comply with our legal obligations.
- Legal claims – When your Personal Information is necessary for us to defend, prosecute or make a claim.
Below are the general purposes and corresponding legal bases for which we may use your Personal Information:
Communicating with you about your use of the Sites and our services, our legal representation or legal matters, events, and any recruiting activities or inquiries.
➔ performance of a contract, legitimate interests, and in some cases, legal claims
Providing legal and other services to you. We process Personal Information in order to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us (please note that our Professional Services Agreements apply where we provide legal services).
➔performance of a contract, consent, legal obligation, and in some cases, legal claims
- Responding to your general inquiries or inquiries regarding webinars, events, and newsletters.
➔performance of a contract, legitimate interests
- In the case of recruiting, evaluating whether you may be a match.
➔performance of a contract, legitimate interests, consent
- Organizing events for which you have registered. We use the Personal Information we collect from you in connection with events that we organize to track registration, confirm attendance, and furnish certain details you have provided to us, such as your company affiliation, to other attendees. If you request at the time of your registration, or at any time afterward, we may use this information to call to your attention similar events that might be of interest to you. If so, we will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt-out by contacting us.
➔performance of a contract, legitimate interests, consent
- Marketing our services. This allows us to provide you with information about new services or new areas of practice, legal updates or client alerts. We will provide an option to opt-in to receiving such communications, as well as an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you (or you may opt-out by contacting us.
➔legitimate interests, consent
- Complying with our legal and regulatory obligations. We may use Personal Information to fulfill our legal obligations (such as for anti-money laundering purposes); for the prevention of fraud and/or other relevant background checks as may be required; to enforce our legal rights; to comply with any legal or regulatory reporting obligations; and/or to protect the rights of third parties.
➔legal obligation, legal claims, legitimate interests
- Complying with our risk management obligations (such as identifying conflicts of interests, performing client due diligence).
- Conducting statistical analyses.
- Where necessary, recovering any payments due to us for our legal or other services, including enforcing such recovery through debt collection agencies or taking other legal action (including in connection with legal and court proceedings).
➔performance of a contract, legal claims
- Making changes to our business, for example, if we undergo a re-organization (i.e., we merge, combine or divest a part of our business), in which case we may be required to transfer some or all of your Personal Information to third parties as part the process, as further described below.
➔ legitimate interests
Disclosure of Information
We disclose your Personal Information to those of our personnel who need to process Personal Information in order to provide our services. In addition, we may disclose your Personal Information to the third parties indicated below (and for the following reasons):
- Companies that do things to help us provide the Sites, such as hosting service providers, conference organizers, communication tools, and analytics tools;
- Professional service providers, such as auditors, lawyers, consultants, accountants, and insurers;
- Governments, regulators, law enforcement and fraud prevention agencies, but only as authorized as explained below; and
- In the event of a business transfer as explained below.
Third-Party Service Providers
The following categories of third parties may collect, process or receive your Personal Information in order to assist us in providing our Sites and services:
- Entities that host various components of our Website
- LexBlog, which hosts The Privacy Hacker and/or other blogs
- Service providers who assist us with recruiting, blog delivery and other services
- Service providers who assist us with the performance of our legal services, such as experts, translators, and eDiscovery providers
- Outsourced services that help us administer certain activities, such as technology and IT services, information, and document management, records storage and retention, and photocopying
We require all third-party service providers to respect the security of your Personal Information and to treat it in accordance with the law.
Legal Obligations & Security
We will disclose your Personal Information: (i) when we have a good faith belief it is required by law, such as pursuant to a subpoena, warrant or other judicial or administrative order (as further explained below); (ii) to protect the safety of any person; (iii) to protect the safety or security of our Sites or to prevent spam, abuse, or other malicious activity of actors on our Sites; or (iv) to protect our rights or property or the rights or property of those who use our Sites and/or services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or otherwise via a mutual legal assistance mechanism (e.g., treaty). Under such circumstances, we will attempt to provide you with prior notice that a request for your information has been made, in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email if you have given us an email address. However, government requests may include a court-granted non-disclosure order, which prohibits us from giving notice to the affected individual. In cases where we receive a non-disclosure order, we notify the user when it has expired or once we are authorized to do so.
Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, or the detection or prevention of a crime, we may provide information, including Personal Information, to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
We may transfer your Personal Information to an affiliate, a successor entity upon a merger, consolidation or other corporate reorganization in which Hopkins & Carley participates, or to a purchaser or acquirer of all or substantially all of Hopkins & Carley’s business or assets, including a successor in bankruptcy.
Hopkins & Carley tracks users’ use of the Sites but does not track users across third-party websites. We do not respond to Do Not Track (DNT) signals.
Changing Your Information and Choices
If you would like us to stop using your Personal Information, or if you want to change Personal Information you previously have provided to us via the Sites, please contact us at firstname.lastname@example.org and we will comply to the extent required and allowed by applicable laws. Regarding Personal Information that you have provided for an event sponsored by us, you may contact the event coordinator directly via email or telephone. Marketing contacts for each event are listed on the Hopkins & Carley Events page.
We allow you to opt-out of future communications at any time by clicking the “Opt-Out” or “Unsubscribe” link in the email or replying to any email you receive with a message that reads “Opt-Out” in the subject line.
Links to Other Websites
We may use social plugins on our Sites and may include icons that allow you to interact with third-party social networks such as LinkedIn, Twitter and Facebook. For example, you may “like” us on Facebook or follow us on Twitter. The third-party social plugin may set a cookie when your browser creates a connection to the servers of such social networks and the plugin may transmit your Personal Information to the social networks. Your use of these social plugins is subject to the privacy policies of the third-party social networks.
We recognize the privacy interests of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. We target our Sites and the services we offer to adults and not to children under 18 years of age. To the extent that we are required to collect information regarding a minor in order to provide our legal services, we will only do so with parental consent.
Because the security of transmission of information over the Internet cannot be guaranteed, please do not disclose any confidential information to us via the Sites, or via email (unless you have an existing attorney-client relationship with us). Please note that providing confidential or any other information to Hopkins & Carley through our Sites does not, by itself, engage us for legal services and does not form an attorney-client relationship.
How Long Do We Keep Your Personal Information?
Your Personal Information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.
In order to determine the most appropriate retention periods for your Personal Information, we consider the amount, nature and sensitivity of your Personal Information, the reasons for which we collect and process your Personal Information, best practices, and applicable legal requirements. Retention periods are also based on legal requirements that specifically apply to the legal services industry and our records retention policies. When we have no ongoing legitimate business need or specific obligation to process your Personal Information, we will either delete or anonymize it (see below) or, if this is not possible (for example, because your Personal Information has been stored in backup archives), we will securely store your Personal Information and isolate it from any further processing. Some exceptions from static retention periods may occur. For instance, we cannot delete Personal Information when there are legal obligations to retain it (e.g., arising from tax or commercial law, or our obligations as legal advisors). This is particularly true of financial data and payment information, as well as any information provided in connection with our legal representation of you. Additionally, we cannot delete Personal Information when it is needed for the establishment, exercise or defense of legal claims (“litigation hold”). In this case, the Personal Information can be retained as long as needed for exercising respective potential legal claims.
In some instances, we may choose to anonymize your Personal Information instead of deleting it, for statistical use, for instance. When we choose to anonymize, we implement measures so there is no way that the Personal Information can be linked back to you or any specific user.
Please contact us if you would like more information.
Protecting Your Personal information
We have put in place reasonably appropriate technical and organizational measures to protect the Personal Information that we collect and process about you. The measures that we use are designed to provide a level of security appropriate to the risk of processing your Personal Information.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We also require those parties to whom we transfer your Personal Information to comply with the same.
While we take all reasonable steps necessary to provide the most secure Website, you understand and assume the risks associated with your activities on the Internet.
We are located in the United States, and the Personal Information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the GDPR.
By sending us Personal Information, you agree and consent to the processing of your Personal Information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Union), and to the processing of that information by us on servers located in the United States, as described in this Privacy Notice.
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Notice, including when processed internationally or by our third-party service providers and partners. The safeguards we may take in our discretion include, for instance, entering into binding agreements in connection with any onward transfers of Personal Information. We may implement other mechanisms and take similar appropriate safeguards with our third-party service providers and partners. Further details can be provided upon request.
If you have any questions about this Privacy Notice, have additional questions, or would like to exercise any of your rights if you are located in the European Economic Area, please contact us at email@example.com. You may also write to:Hopkins & Carley Attn: Cory Cullen 70 S. 1st St. San Jose, CA 95113 UNITED STATES
If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal information:
- The right to be informed – our obligation to inform you that we process your Personal Information (and that is what we are doing in this Privacy Notice);
- The right of access – your right to request a copy of the Personal Information we hold about you (also known as a ‘data subject access request’);
- The right to rectification – your right to request that we correct Personal Information about you if it is incomplete or inaccurate;
- The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the Personal Information we have about you (unless there is an overriding legal reason we need to keep it);
- The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your Personal Information;
- The right to data portability – your right to ask us for a copy of your Personal Information in a common format (for example, a .csv file);
- The right to object – your right to object to us processing your Personal Information (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules regarding when you can exercise them. If you are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us (see How to Contact Us About Privacy).
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing any services you may have requested as covered in this Privacy Notice.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. However, we would appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us first.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details in How to Contact Us About Privacy.
This Privacy Notice for California Residents (“CCPA Notice”) supplements the information contained in the Privacy Notice and applies solely to all visitors, users, and others who reside in the State of California (“Consumers”). We have created this CCPA Notice in order to comply with the California Consumer Privacy Act of 2018 (“CCPA”). It does not apply to personal information we collect from our employees and job applicants in their capacity as employees and job applicants. It also does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services.
Summary of Information We Collect
California law requires us to disclose information regarding the categories of personal information that we have collected within the last twelve (12) months about California consumers, the categories of sources from which the information was collected, the business or commercial purposes (as those terms are defined by CCPA) for which the information was collected, and the categories of parties with whom we share personal information for a business purpose.
Most of the categories of information described below are collected in connection with our representation of you in a legal matter.
We do not sell your Personal Information.
We or our service providers may collect the below categories of information for the purposes described here. Examples of these types of uses made in the last twelve (12) months are identified below.
|Categories of Personal Information We Collect||Categories of Sources||Examples of Uses||Categories of Third Parties We May Share Information|
A. Identifiers, such as real name, unique personal identifier, online identifier, Internet Protocol address, email address, account name.
B. Personal Information categories listed in the California Customer Records Statute, such as name, signature, address, telephone number.
|C. Protected classification characteristics under California or federal law, such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, sexual orientation, veteran or military status.||
D. Commercial information, such as records transactions.
|E. Biometric information, such as genetic, physiological, behavioral, and biological characteristics, or fingerprints, faceprints, and voiceprints.||
|F. Internet or other similar network activity, such as browsing history or information on a consumer’s interaction with a website or application.||
G. Geolocation data, such as physical location.
H. Sensory data, such as audio or visual information.
I. Non-public education information (per the Family Educational Rights and Privacy Act), such as education records directly related to a student, such as grades, transcripts, or student disciplinary records.
J. Inferences drawn from other Personal Information, such as a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We may also use the below categories of personal information for compliance with applicable laws and regulations, or may combine the information we collect (“aggregate”) or remove pieces of Personal Information (“de-identify”) to limit or prevent identification of any particular user or device.
Your Rights and Choices
If you are a California resident, you may have certain rights. California law may permit you to request that we:
- Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
- Provide access to and/or a copy of certain information we hold about you.
- Delete certain information we have about you.
You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your Personal Information. You will be required to verify your identity before we fulfill any request. To designate an authorized agent to make a request on your behalf, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
Certain information may be exempt from such requests under applicable law. For instance, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) for certain reasons as permitted and set forth in the CCPA. These reasons include (just to name a few):
- Completing the transaction for which the personal information was collected;
- Providing a Product that you ordered;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities;
- Debugging products to identify and repair errors that impair existing intended functionality;
- Complying with a legal obligation; and
- Making other internal and lawful uses of that information that are compatible with the context in which you provided it.
We need to collect and retain certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.
If you would like to exercise any of these rights, please submit a request by contacting us by email at firstname.lastname@example.org.
We endeavor to respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, the response we provide will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable Consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Questions About CCPA
If you have any questions regarding this CCPA Notice, please contact us at email@example.com.