Effective Date: May 1, 2001.
Last Reviewed: January 1, 2020.
About This Policy
This policy describes how Sheppard, Mullin, Richter & Hampton LLP (“Sheppard Mullin,” “we” or “us”) uses information it collects on its websites where this policy is posted. It also applies to outreach, informational, and marketing emails we send as well as to our interactions with our clients and potential clients. This policy does not apply to our use of employee or job applicant information.
Information We Collect
Categories and Types of Personal Information We Collect
The types of personal information relating to you that we may “process” (such as collect, use and store) depends on your interaction with us. The key categories and types of personal information that we may collect and process are set out below.
- Contact information: Name, alias, email address, fax number, phone number, and postal address;
- Other identifying information: IP address, social security number, driver’s license number, state identification card number, passport number, passwords and other security information for authentication and access, medical information, insurance information;
- Financial information: Bank account information and payroll cards;
- Geolocation data: The general region or area from which you access our site, badge swipes at offices and device tracking;
- Biometric information: Genetic, psychological, behavioral and biological characteristics and data;
- Demographic information: Race, gender, national origin, age, religion or creed, marital status, medical condition, physical or mental disability, citizenship status, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status;
- Professional or employment-related information: Salary range, education, current or past job history or performance evaluations, and education records;
- Internet or other electronic activity: Email, browsing and click history, including information about how you navigate the Internet;
- Commercial information: Records of personal properties, investments, products or services purchased, obtained or considered, or other purchasing or consuming histories;
- Audio and visual information: Security camera recordings in our facilities;
- Inferences: We may use information from the categories described above in order to create a profile about you, to reflect your preferences, characteristics, behavior and attitude.
Categories of Use
We use your personal information for the following purposes:
- Transactional Purposes: We use your contact information, financial information, demographic information, other identifying information, professional or employment-related information, biometric information, commercial information and inferences to:
- Provide our legal services to our clients;
- To contact you and respond to your requests and inquiries; and
- Communicate with you about open and pending matters and cases.
- Analytical Purposes: We use your other identifying information, internet activity and browsing history, geolocation data and commercial information to analyze preferences, trends and statistics.
- Marketing and Promotional Purposes: We use your contact information, commercial information, demographic information, internet or other electronic activity, geolocation data, and inferences to:
- Send you relevant articles, blog posts and legal updates;
- Send you information about events that we think may be relevant to you; and
- Provide you with other information from and about Sheppard Mullin, including personalized marketing communications.
- Maintenance and Improvement of Services and Website: We use your contact information, commercial information, and internet activity and browsing history to:
- Answer your questions and respond to your requests;
- Improve our websites;
- Provide and maintain functionality on our websites; and
- Help us diagnose technical and service problems and administer our websites.
- Security and Fraud Prevention: We use your contact information, other identifying information, commercial information, financial information, geolocation data, internet activity and browsing history, audio and visual information and inferences to protect our websites, our firm and others, and to prevent fraud, theft and misconduct.
- Legal: We use your contact information, other identifying information, financial information, geolocation data, internet activity and browsing history, audio and visual information and inferences to:
- Comply with our legal obligations, including reporting requirements; and
- Defend our firm in and protect our firm, property, and others through legal proceedings.
Sources of Personal Information
We collect information from the following sources:
We collect information directly from you: We collect contact information directly from you.
We collect information from you passively: We collect Internet and other electronic activity passively using tools like browser cookies. This activity is further described our Cookie and Advertising Policy.
We collect information about you from third parties: We may collect other identifying information and contact information from third parties. This might include our clients, social media websites, previous employers, your healthcare provider, institutions, your legal or financial advisors and your bank.
Combining Information: We combine information we obtain from different sources with publicly available information.
When We Share Information with Third Parties
With related entities: We share information with our related entities. These are Sheppard Mullin (UK) LLP, a New York limited liability partnership and Sheppard, Mullin, Richter & Hampton New York, LLC, a New York professional service limited liability company.
With service providers who do things on our behalf: For example, we will share information with a vendor who sends emails out for us, who hosts our blogs, who hosts and manages document review, or who assists with providing technology and user assistance.
We share information if we think we have to in order to comply with the law: This includes cooperating with law enforcement when we think it is appropriate, obtaining legal remedies or limiting our damages, and protecting the rights, safety and/or property. (your property, our employees’ or others).
You Have Certain Choices
Marketing Emails: You can opt-out of marketing emails by following the instructions in the message we send. We may also give you choices about other emails you receive from us.
Cookies and Tracking Tools: You can read our Cookie and Advertising Policy to learn about the controls you have over cookies and other online tracking tools.
Our Do Not Track Policy: Our Do Not Track Policy is available in our Cookie and Advertising Policy.
If you reside in the EU:
We use the information we collect about you to pursue the following purposes, which are necessary for the performance of the contract between us to provide you with the services you requested or which we consider in our legitimate interests:
- To begin an attorney-client relationship with you;
- To send you transaction-related emails;
- To offer you the features for which you provide information, such as articles, blog posts and legal updates;
- To handle any request you may have to our services such as resolving your problem or question, manage any complaints or deal with any feedback you may provide us;
- For statistical analysis of aggregated data to help us segmenting our offering and develop our Services;
- To offer better experience to you when using the services, to create statistics in relation to the use of the services, and our other services and offerings in general; and
- To help us diagnose technical and service problems and administer the websites.
Based on your voluntary consent, we also use your browsing data to better understand your profile, interests, preferences to enhance your user experience and facilitate your experience and offer you relevant information and promotional materials;
In order to comply with our legal obligations, we may also use some of your personal information to detect and prevent illegal uses, abuse, spam, fraud, security incidents and other harmful activity or government or court orders.
You may have certain rights with respect to the personal information you provided to us. To the extent permitted by applicable data protection laws, you may:
- Access or modify your personal information;
- Object, on grounds relating to your particular situation, at any time to the processing of your personal information if the legal ground we are relying on is our legitimate interest or in the public interest;
- Request that your personal information be erased if it is no longer necessary for the purposes for which it was processed, you have withdrawn consent to, or object to, the processing of such personal information and we meet no other legitimate basis for such processing or it has been unlawfully processed;
- Restrict the processing of your personal information if you contest its accuracy or the lawfulness of our processing, we no longer need it but you need it for a legal claim or you have objected to its processing and await verification of our legitimate grounds for processing it;
- Stop receiving our marketing communications. If you opt out of marketing emails, you will continue to receive messages from us about your relationship with us where permitted by law;
- Under certain circumstances, have your personal information transferred to another company; or
- Withdraw any consents that you have previously provided to allow us to process your personal information.
If you wish to exercise any of these rights please contact us at firstname.lastname@example.org. Although we urge you to contact us to find a solution for every concern you may have, if you are an EU resident you always have the right to lodge a complaint with your competent data protection authority. Please note that some requests may require you to verify your identity.
Information Is Stored in the United States
Information we collect is stored in the United States. If you are located outside of the United States be aware that information you submit will be transferred to the United States and you consent to this transfer. If you reside in the EU, we will transfer your personal information to the United States in accordance with EU data protection law requirements by using model contractual clauses that have been approved by the European Commission or other appropriate means. You understand that the United States may not provide the same level of protections as the laws in your country.
We Use Standard Security Measures
We use industry standard measures that are consistent with applicable privacy and security laws to protect personal information. No website is completely secure, however. We encourage you to use websites and share information with caution.
How Long We Keep Your Information
We access, retain, store and use information for the least amount of time necessary pursuant to our relationship with you (e.g. to provide you with or access to our services), in accordance with our data retention policies and applicable law. We do not collect more personal information than is necessary to fulfill our obligations to you or at law or for purposes stated in this policy.
Our Website May Have Third Party Links
Our website may have links to third party content. We do not control that content or the third party’s privacy practices. We encourage you to read their privacy policies to understand how they use your information.
Information Collection from Children
Our website is not directed to children under the age of 13 (if you are located in the United States) and under the age of 16 (if you are located outside the United States). We do not knowingly collect information, including personal information, from children. If we obtain actual knowledge that we have collected personal information from someone under the applicable age listed above, we will promptly delete it. If you believe that we have mistakenly collected information from someone under the applicable age listed above, please contact us at email@example.com.
California Customer Privacy Rights
If you are a California resident, you have certain privacy rights under the California Consumer Privacy Act ( “CCPA Rights”). This section describes those rights and how you can exercise them with Sheppard Mullin. Please note that because Sheppard Mullin is a law firm, we have legal obligations of confidentiality, privilege and record maintenance. Accordingly, we are only able to fulfill requests with respect to marketing lists, our websites and blogs, and billing information.
CCPA Rights Requests
Right to Know
You can request what personal information we have collected, used, disclosed, and sold about you in the preceding 12 months.
You can request the specific pieces of personal information we have collected about you. To submit a request for this information, please send an email to firstname.lastname@example.org. You must use “California Request to Know Information” in the subject line of your email. You can also call us at 213.455.7760 to submit your request by phone.
You can also request the following categories of information:
- The categories of personal information we have collected about you.
- The categories of sources from which the personal information was collected.
- The business or commercial purpose for collecting or selling the personal information.
- The categories of third parties with whom we shared personal information.
To submit a request for this information, please send an email to email@example.com. You must use “California Right to Know Categories” in the subject line of your email. You can also call us at 213.455.7760 to submit your request by phone.
For all requests regarding the right to know as described above, you must provide us with your name, email address and phone number. Failure to provide all of the foregoing information will prevent us from processing your request. Further, in order to verify your identity, we will match that information to the information we have in our systems. In order to designate an authorized agent to act on your behalf, you must send a signed, written authorization to us at firstname.lastname@example.org.
Right to Deletion
You can also request that we delete your personal information. We may not delete all of your personal information if one of the following exceptions applies:
- Transactional: to complete a transaction for which the personal information was collected, provide a service requested by you, or perform a contract we have with you;
- Security: to detect data security incidents;
- Error Correction: to debug or repair any errors;
- Legal: to protect against fraud or illegal activity or to comply with applicable law or a legal obligation, or exercise rights under the law, such as the right to free speech; or
- Internal Use: to use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information (i.e. to improve our services).
We will also maintain a record of your CCPA Rights requests.
Please note that if we delete your personal information, services provided may not maintain the same functionality. For example, your previous opt out requests will not be saved and saved preferences and information will no longer be available.
To submit a request to delete, please send an email to email@example.com. You can also call us at 213.455.7760 to submit your request by phone. You must provide us with your name, email address and phone number. Failure to provide all of the foregoing information will prevent us from processing your request. Further, in order to verify your identity, we will match that information to the information we have in our systems. Additionally, some requests may be subject to a the firm’s identity verification procedure. In order to designate an authorized agent to act on your behalf, you must send a signed, written authorization to us at firstname.lastname@example.org or alternatively, you may send the written authorization by mail to the address below.
If you wish to make multiple requests under this section, we recommend sending the deletion request last, as we will not be able to fulfill your other requests once we have deleted your personal information.
Do Not Sell My Personal Information
Personal Information that We Sell
We do not currently and will not sell (as sell is defined in CCPA) any personal information.
We will not discriminate against you for exercising any of your CCPA Rights and we will not deny you services, charge you a different price, or provide you with a lesser quality of services if you exercise any of your CCPA Rights.
You Can Contact Us
If you have questions about this policy you can email us at email@example.com. You can also contact us if you want to know what information we have or want us to take you off of our lists. To reach us by mail send your requests and questions to: Privacy Officer, Sheppard Mullin, 333 S. Hope St. 43rd Floor, Los Angeles, CA, 90071.
We May Update This Policy
We may update this policy from time to time. The updated policy will be posted on our website. Your continued use of the website after we post a revised policy signifies your acceptance of the revised policy.
If you are an EU resident, we may continue to process your information based on our legitimate interests or in order to fulfill our obligations under a contract and/or may also seek your affirmative consent to the terms of the updated policy, if required. For example, we may ask for your consent before implementing new uses of the personal information that we’ve already collected from you based on such consent, if such new use was not addressed by the consent under which such information was collected or if our legal basis for processing such information changes.