Privacy Policy

This Privacy Policy applies to personal information collected online by Vorys, Sater, Seymour and Pease LLP, its subsidiaries, or affiliates (collectively, “Vorys” or “we” or “us” or “our”) through its websites, microsites, or mobile sites that expressly adopt, display or link to this Privacy Policy (collectively, the “Website”). “Social Media Pages” are the official social media pages we operate on Facebook, Twitter, LinkedIn, and other social media platforms.  If you have any questions about these definitions or anything else in this Privacy Policy, please complete the form on our Contact Us page.

This Privacy Policy answers the following questions:

  1. What information does Vorys collect about you on our Website?
  2. How do we collect your information?
  3. How do we use the information we collect about you?
  4. How long do we keep your information?
  5. How does Vorys share information with Service Providers and Third Parties and for what purposes?
  6. What are my privacy choices?
  7. How does Vorys address children’s privacy?
  8. How does Vorys secure personal information on our Website?
  9. How does our Website interact with third-party websites and content?
  10. Where is personal information stored and processed?
  11. What other terms govern my use of the Website?
  12. Will this Privacy Policy change?
  13. Your U.S. State Privacy Rights
  14. Your EEA/UK Privacy Rights
  15. Your Canadian Privacy Rights
  16. How may I contact Vorys?

1. What information does Vorys collect about you on our Website?

We may collect different types of information about our Website visitors, including:

2. How do we collect your information?

We may collect the information described above directly from you, from third parties we partner with, or through cookies or other automated means. These sources may include:

3. How do we use the information we collect about you?

We only use your information for purposes which are permitted by law, including:

4. How long do we keep your information?

We will retain your information for as long as is necessary to fulfill the purpose for which your information was collected and in accordance with our internal retention procedures, or as otherwise necessary to satisfy our legal obligations. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your information for research or statistical purposes in which case we may use such anonymized information indefinitely.

5. How does Vorys share information with Service Providers and Third Parties and for what purposes?

Vorys may share personal information with third parties for certain purposes. For example, we may share personal information with:

6. What are my privacy choices?

You can control the information we collect and use in the following ways:

7. How does Vorys address children’s privacy?

Our Website and Social Media Pages are not intended for children under 16. No one under 16 should share any personal information with us. We do not knowingly collect any personal information from children under 16. To request deletion of personal information relating to a child under 16, please complete the form on our Contact Us page.

8. How does Vorys secure personal information on our Website?

We employ physical, technical, and administrative procedures to safeguard the personal information we collect online.  While we use these security measures on our Website, you should be aware that 100% security is not always possible.

9. How does our Website interact with third-party websites and content?

For your convenience, we may enable you to navigate to third-party sites through links on our Website.  We do not endorse these third-party sites, do not have any affiliation with these third-party sites, and we do not control and are not responsible for their Internet and web practices.  Whether the third-party content appears within our Website environment (like a map frame), or you leave our Website for another website to view it, the terms, conditions, and privacy policies of those other websites govern your online experience.  Please review their separate terms of service and privacy policies if you have any questions about their practices.

10. Where is personal information stored and processed?

We are an international law firm that provides cross-jurisdictional legal advice and related services to our clients. The global nature of our business means that your information may be transferred outside the jurisdiction in which you provide it, including, potentially, to countries that do not require organizations to protect your personal information in the way in which you have come to expect in your own country.

Where we receive personal data from the EEA or UK, to the extent that we are not subject to EU or UK data protection laws, United States privacy laws may not provide the same rights in connection with your personal data which you may have in your own country.

Where we transfer your personal information across national boundaries, we will protect your information by ensuring that those transfers are made in compliance with any applicable data protection laws.

11. What other terms govern my use of the Website?

Your use of the Website is also governed by the Terms of Use and Disclaimer.  Please ensure you have read and understood the Terms of Use and Disclaimer in addition to this Privacy Policy.

12. Will this Privacy Policy change?

We may make changes to this Privacy Policy at any time to take into account new or changing circumstances, so please review it periodically.  If we make a material change to our information collection, use, or disclosure practices specified in this Privacy Policy, it will be applied only to information collected on a going forward basis.  Material changes in our Privacy Policy will be communicated as Vorys determines appropriate, including, but not limited to, by posting on our Website or communicating by email.  We will update the effective date at the bottom of the page at the time a change is made.

13. Your U.S. State Privacy Rights

Certain U.S. states afford their residents rights with respect to their Personal Data.  The rights described herein are subject to exemptions under applicable law.  For purposes of this section, the term “Personal Data” includes both “Personal Information” and “Personal Data” as defined by applicable law.

If your Personal Data is subject to a privacy law in your state, you may have certain privacy rights with regard to that information.  You may have the right to:

Under certain state laws, you may also have the right not to receive discriminatory treatment for the exercise of any of these privacy rights.  We will not discriminate against you because you have exercised any of your rights.

Certain state laws may also provide you the right to appeal our decisions regarding your rights requests if we do not respond to your requests or do not take action regarding your requests. Additionally, if you are a resident of the state of California, you may have a right to pursue legal action for improper handling of your Personal Data.

How to Submit a Request

If you wish to exercise the rights listed above, and are a resident of a state that provides such privacy rights, you may submit a request by emailing privacy@vorys.com, by calling us toll-free at 1-833-525-2097, or by using this form. We will provide your Personal Data to you in writing in a readily usable format.  If you choose to submit your request via email, you must include “Privacy Rights Request” in the subject line and clearly provide us with the following information: what type of request you are making, your full name, email address, and valid physical address.  You may only make one request per email. 

We are required to provide you with access to your Personal Data or delete your Personal Data only in response to verifiable consumer requests. We will compare the information you provide to us in your request to any information we may have in our possession in order to verify your request. You may be asked to provide us with information such as your home address, email address, and telephone number. We may also contact you to request additional information in relation to your request. Please promptly respond to any follow-up inquiries so that we may verify your identity. If you request that we provide you with specific pieces of information about you, or that we delete sensitive Personal Data, we may apply heightened verification standards than what we would apply to other types of requests. The information you provide must match the information we have in our possession. This measure is in place to help ensure that Personal Data is not disclosed to any person who does not have the right to receive it. The information collected through this process will be used for verification purposes only.

Authorized Agent

Please note that you may authorize an agent to exercise any of these rights on your behalf by contacting us toll-free at 1-833-525-2097 or by submitting the request via this form. If you use an agent, we will take measures to verify your agent’s authorization similar to the verification described above for fulfilling any access or deletion requests. We may require more information to ensure proper verification of you and your agent’s identity and authorization.

Categories of Personal Data Collected and Disclosed for a Business Purpose

We collect and disclose the categories of Personal Data that are indicated in the chart below.  Note that the specific pieces of Personal Data we collect about you may vary depending on the nature of your interactions with us and may not include all of the examples listed. 

Category of Personal Data Collected

Business Purposes for Collection, Use, and Disclosure 

Identifiers (such as your name, address, email address, birthdate, online identifiers, or other similar identifiers)

·       Respond to your requests 

·       Provide our Website and services to you

·       Marketing and business development

·       Billing and payment processing 

·       Manage web traffic 

·       Guide decisions about Vorys, our Website, tools, and communications  

·       Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities

·       Comply with applicable laws and regulations 

Records Information (such as your name, signature, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, and credit or debit card)

  • Respond to your requests 

·       Provide our Website and services to you 

  • Billing and payment processing 

·       Identity verification

·       Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities 

·       Comply with applicable laws and regulations 

Characteristics of protected classifications (such as your age, gender or race and ethnicity)

·       Respond to your requests 

·       Provide our Website and services to you

·       Client and community engagement

·       Comply with applicable laws and regulations

Commercial information (such as records of the services you have purchased, obtained, or considered)

·       Provide our Website and services to you 

·       Comply with applicable laws and regulations 

·       Inform our marketing practices

·       Solicit feedback for service improvement

·       Conflict checks and ethical compliance

Internet or other electronic network activity information (such as your IP address, device identifiers, device advertising identifiers, mobile network, operating system details, language preferences, referring URLs, length of visits, anonymous traffic data, pages viewed, and information regarding interactions with our services or advertisements)

·       Enhance your experience with our Website by remembering your preferences from a previous use of our Website

·       Guide decisions about our Website, applications, services, tools, and communications 

·       Operations 

·       Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities 

·       Comply with applicable laws and regulations 

Geolocation data

·       Respond to your requests

·       Provide our Website and services to you 

·       Personalize your experience by providing content through our Website

Professional or employment-related information 

·       Consider you for employment

·       Prevent, detect, and investigate fraud, security breaches, and potentially prohibited or illegal activities 

·       Comply with applicable laws and regulations 

Inferences used to create a profile reflecting your preferences, characteristics, and behavior.

·       Inform our marketing practices 

·       Guide decisions about our Website, applications, services, tools, and communications 

·       Analytics 

·       Comply with applicable laws and regulations 

We may also collect Personal Data about you that does not directly fit within one of the categories listed above, which information is described in What information does Vorys collect about you on our Website?

We share Personal Data about you with service providers and third parties for business purposes, such as operational purposes and other purposes related to providing you with the services you seek from us.  For more information about the business purposes for which we disclose Personal Data, see How do we use the information we collect about you?

Sources of Personal Data

We may collect your information from the categories of sources listed under How do we collect your information?

“Do Not Sell” Rights; Sharing for Cross-Context Behavioral Advertising, Profiling, or Targeted Advertising

We may disclose your Personal Data for the following purposes, which are not a sale: (i) for reasons mentioned above; (ii) if you direct us to share Personal Data; (iii) to comply with your requests under applicable law; and (iv) as otherwise required or permitted by applicable law.

We do not sell Personal Data or share Personal Data about you for purposes of cross-context behavioral advertising, profiling, or targeted advertising.

Deletion Rights

You may request that we delete your Personal Data that we have collected directly from you.  Under applicable law, we may decline to delete your Personal Data under certain circumstances, for example, if we need the Personal Data to complete transactions or provide services you have requested or that are reasonably anticipated, for security purposes, for internal business purposes (including maintaining business records), to comply with law, or to exercise or defend legal claims.  Note also that we are not required to delete your Personal Data that we did not collect directly from you.  We require a reasonable or high degree of certainty that the requester is the consumer for which a deletion request is applicable, depending on the sensitivity of the Personal Data.

Additional California Privacy Rights

We do not share Personal Data as defined by California Civil Code Section 1798.83 (“Shine the Light Law”) with third parties for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light Law by contacting us through this form or sending a letter to Vorys, Sater, Seymour and Pease LLP at 52 E Gay St, Columbus, OH 43215, (Attention: Privacy Inquiry).  Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.  Please note that we are only required to respond to one request per individual each year, and we are not required to respond to requests made by means other than through this form or mail address.

Our Practices Concerning Sensitive Data

We will not process your Sensitive Data or Sensitive Personal Information (as those terms are defined under applicable U.S. consumer privacy laws) without your prior consent.

14. Your EEA/UK Privacy Rights

If you are located in the European Economic Area or the United Kingdom, you may have certain rights and protections under applicable laws regarding the processing of your Personal Data (including under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or the UK version of the GDPR (“UK GDPR”) (together “European Privacy Laws”)). European Privacy Laws generally afford applicable data subjects the right to:

We do not make decisions about you based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.

In addition to the security measures mentioned above, we will ensure that your Personal Data is adequately protected, for example, by entering into contracts which contain appropriate data protection provisions.

Our other obligations to you as our client, if applicable, are not addressed by this Privacy Policy. Those obligations are described in our terms of engagement or otherwise arise as a result of applicable law.

How to Submit a Request

If you are located in the EEA or the UK, to the extent we are subject to European Privacy Laws and you wish to exercise any of your rights under such European Privacy Laws where applicable, please submit your request by emailing us at privacy@vorys.com.  You may also contact our Data Protection Officer at de_dpo_vorys@pwc.com.

Please note that the above rights are not absolute and we may be entitled to refuse or limit requests, wholly or partly, where exceptions under the applicable law apply.

If you would like to make a complaint about how we handle your Personal Data, or make a complaint about a breach of data protection laws, please contact us using the contact information described above. Complaints will be investigated and the outcome of the investigation will be communicated to you after the complaint is made in accordance with applicable law.  If European Privacy Laws apply, you also have the right to make a complaint with your local data protection authority.

Legal Basis for Processing

We will process your Personal Data only where we have a lawful basis for doing so. These “lawful bases” for processing are set forth in applicable data protection law and, where European Privacy Laws apply, our processing will be on the basis of one or more of the following (where applicable): (a) the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract; (b) compliance with our legal obligations; (c) for our legitimate interests (for example, carrying out the business of providing legal services and pursuing our general business interests); (d) the establishment, exercise or defense of legal claims; (e) to carry out tasks in the public interest/reasons of substantial public interest; or (f) to comply with laws relating to anti-money laundering or counter-terrorist financing obligations or the prevention, detection, or prosecution of any crime.

In addition, in some circumstances we may process your information if you have provided your consent for us to do so.  Please note that you have the right to withdraw any such consent by contacting us using the contact details below.

For the purposes of European Privacy Laws, and adopting the definitions used further above in this Privacy Policy, namely What information does Vorys collect about you? and How do we use the information we collect about you?, we rely on the following lawful bases in respect of your information:

Data Protection Principles

When processing your Personal Data, Vorys adheres to the following principles:

Marketing Notice

We may process your Personal Data for marketing purposes, for example, to let you know about news or an event which we think you may be interested in.

If you are a data subject in the UK or the EEA, for email marketing to an individual (that is, a non-corporate email address), we need your consent to send you unsolicited email marketing. Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.

Your Personal Data may also be collected in our relationship management system when you register online to receive information, or when we otherwise receive your contact details.

You can opt out of direct marketing at any time by contacting us at info@vorys.com. You can also unsubscribe or opt-out from receiving further marketing communications by following the instructions at the bottom of each communication.

Data Protection Authority

If you have a concern about our processing of Personal Data that we are not able to resolve, you have the right to lodge a complaint with the applicable data protection regulator. Contact details for the relevant data protection regulator can be found using the links below:

Where the GDPR applies: https://edpb.europa.eu/about-edpb/board/members_en

Where the UK GDPR applies: https://ico.org.uk/global/contact-us/

15. Your Canadian Privacy Rights

If you are located in Canada, you may have certain rights and protections under applicable laws regarding the processing of your Personal Information, including under the Personal Information Protection and Electronic Documents Act (“PIPEDA”). For purposes of this Section 15, “Personal Information” has the meaning given under PIPEDA.

In compliance with PIPEDA, we provide Canadian residents the right to request information about:

You may also request that we delete your Personal Information in accordance with applicable laws.

There may be circumstances where we are unable to provide access to your Personal Information. We may deny access for legally permissible reasons, such as situations where the information contains references to other users and is not reasonably severable, or where it cannot be disclosed for legal, security, or commercial proprietary reasons. We will advise you of any reason for denying an access request.

Please read this Policy carefully. To review or update your Personal Information in our possession, withdraw consent for the collection, use, and/or disclosure of your Personal Information, or if you do not understand or agree with our practices as described in this Policy, please contact us at info@vorys.com. Additional contact information is set out in the How may I contact Vorys? Section below.

Please note that when requesting access to Personal Information, we may request confirmation of your identity and other details to protect you and to help us to respond to your request. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

16. How may I contact Vorys?

If you have any questions, comments, or concerns about this Privacy Policy, please contact us by emailing info@vorys.com. When writing us, please make sure to include your name and mailing address or telephone number so that we can contact you.

You may also contact:

Andrew Laux
52 E. Gay Street
Columbus, Ohio 43215
614.464.5449
adlaux@vorys.com  

If you are located in the EEA or UK and have a question regarding this Privacy Policy, you may also contact our Data Protection Officer at de_dpo_vorys@pwc.com.

 

Effective Date (last updated on): September 30, 2024

Jump to Page