The Privacy Hacker is a blog site hosted by LexBlog with content provided by Hopkins & Carley. Any personal information collected and processed by Hopkins & Carley is handled in accordance with and as set forth in the Hopkins & Carley Privacy Notice, provided below for your convenience and also available here.

For more information about LexBlog’s legal terms and data collection practices, please visit www.lexblog.com.


Hopkins & Carley Privacy Notice

Last Updated:  October 17, 2019

Privacy Notice

This Privacy Notice describes how Hopkins & Carley (“Hopkins & Carley,” “we,” “our” or “us”) processes, uses and shares the Personal Information (defined below) that it receives or collects from visitors to the Hopkins & Carley website (“Website”), blog site and social media accounts (hereinafter all collectively referred to as “Sites”), potential and ongoing clients, and any other individual or entity that may disclose Personal Information to us, as further described below.

For individuals located outside of the United States, please note that your Personal Information will be collected, processed and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the GDPR, as further described here.

Who We Are

Hopkins & Carley is a law firm located in the United States. We are a law corporation organized under the laws of the State of California for the practice of law. We have offices in Northern California (Palo Alto, San Francisco and San Jose). The address of our main office is:

70 S. 1st St.
San Jose, CA  95113
UNITED STATES

Scope of This Privacy Notice

This Privacy Notice applies to Personal Information that we collect online through the Sites, when you contact us, or that may be provided in connection with recruiting. It also applies to Personal Information that we collect or obtain in the course of representing our clients. However, nothing contained in this Privacy Notice alters or changes our obligations to our clients under applicable rules of professional responsibility.

This Privacy Notice does not cover information collected by any other company, a third-party site or third-party application that may link to, or that can be accessed from, any of our Sites.

By visiting our Sites or providing your Personal Information to us (whether via one of our Sites, by email or other written communication, in person or over the phone), you acknowledge and agree to our practices described below. If you have questions or comments about this Privacy Notice or our use of your Personal Information, please contact us at info@hopkinscarley.com.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time. If we do so, we will post our updated Privacy Notice on the Website and the blog Site where applicable, and for a reasonable period of time we will post notice of the change so it is visible when users use the Sites after the change is posted. By your continued use of any of the Sites, you consent to the terms of the revised Privacy Notice.

When and How Do We Collect Personal Information?

“Personal Information“ means any information about an individual from which that person may be identified. Personal Information includes obvious things, like your name, telephone number, email address and street address, as well as less obvious things like your IP address, device ID and location information. Personal Information does not, however, include information from which the identity of an individual has been definitively removed (also known as anonymous or anonymized data).

We collect Personal Information directly from you when you provide it to us, such as when you take any action while visiting our Sites or otherwise communicate with us, verbally or in writing. We also may collect information indirectly through automated technologies, such as cookies, or from third parties and/or public records.

Types of Personal Information We Collect

Personal Information You Provide

We collect Personal Information that you provide voluntarily through our Sites or otherwise (such as during our legal representation or recruiting process, when you request information from us, or register for an event we sponsor). The Personal Information you provide to us may include some or all of the following:

  • Your contact information, e.g., your name, address, phone number, email address, company name and country;
  • Interests and preferences that you provide to us when requesting information or registering for an event we sponsor;
  • Access and dietary requirements that you may provide to us when registering for an event;
  • Personal Information provided to us by or on behalf of our clients or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data, as further described below;
  • Resumé or other employment-related data that you provide to us in connection with recruiting, as further explained below; and
  • Any other Personal Information that you voluntarily choose to provide to us.

If we ask you to provide any Personal Information not described above, the Personal Information that you are asked to provide and the reasons why you are asked to provide it will be made clear to you when asked to provide it.

Personal Information We Collect Automatically

We collect certain information automatically from your device. Our web servers log some technical information automatically. Accordingly, Personal Information that we collect automatically may include information like your Internet Service Provider, IP address, device type, unique device identification number, browser type, broad geographic location (e.g., country or city-level location) and other technical information.

We may also collect information about how your device has interacted with our Sites, including the pages accessed and links clicked. Although this information may be considered Personal Information under applicable laws, we do not append or associate it with any Personal Information you may choose to provide.

Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookie Notice. Please note that on the Website and blog Site, we have disabled cookies and trackers with the exception of those that are essential cookies.

We may also collect Personal Information through third-party sources, such as public records, recruitment agencies and entities or individuals who act as agents for our clients.

Personal Information Collected in the Course of Legal Representation

We collect Personal Information from and about our clients in connection with our legal services. The nature, scope and type of such information depends on the legal matter for which you have sought our services, and may include:  basic personal details such as your name and job title; contact data such as your telephone number and postal or email address; employment data; financial data such as payment information or bank account details; identification and other background verification data such as a copy of your passport; data collected as part of our client due diligence; and any other data that may be relevant to the legal matter(s) for which you engage us. Some of this information may be collected from potential clients who do not subsequently execute a Professional Services Agreement with us.

Personal Information Collected For Recruiting Purposes

We collect information from and about potential candidates in connection with employment opportunities at Hopkins & Carley. This information may include name and contact information, resumé, academic records, employment history and references.

We use the Personal Information that you provide to match your skills, experience and education to available and/or specific roles within Hopkins & Carley. This information is passed to the relevant hiring managers and individuals involved in the recruiting process in order to assess next steps. We may also collect further information from you as you move along in the recruiting process.

In connection with our recruiting activities, we may also collect special categories of Personal Information from candidates when we have a legal obligation to do so, if the information is relevant to the future provision of employment, or with the individual’s explicit consent. For instance, we may need to collect information about a candidate’s immigration status in order to ensure that we may legally hire that candidate, or a candidate’s disabilities in order to provide a suitable working environment for that candidate if the candidate is hired by Hopkins & Carley. We may also need to conduct criminal background checks. We may also ask a candidate to provide diversity information about race/ethnicity and sexual orientation for diversity monitoring purposes, although providing this information will be entirely up to the candidate.

Hopkins & Carley collects Personal Information about candidates from a number of sources, including:

  • Directly from the candidate – for example, information provided when applying for a position directly through the Website;
  • From recruiting service providers – for example, when a recruitment agency contacts us to identify someone as a potential candidate;
  • Through publicly available sources online – for example, through a professional profile posted online (e.g., a professional networking site); and
  • By reference or word-of-mouth.

Why We Use Personal Information; Legal Bases

We may use your Personal Information for a number of different reasons, as further explained below. In addition, for users located in the European Economic Area (EEA), we must have a valid legal basis in order to process your Personal Information. The main legal bases under the European Union’s General Data Protection Regulation (GDPR) that justify our collection and use of your Personal Information are:

  • Performance of a contract – When your Personal Information is necessary to enter into or perform our contract with you.
  • Consent – When you have consented to our use of your Personal Information via a consent form (online or offline).
  • Legitimate interests – When we use your Personal Information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
  • Legal obligation – When we need to use your Personal Information to comply with our legal obligations.
  • Legal claims – When your Personal Information is necessary for us to defend, prosecute or make a claim.

Below are the general purposes for which we may use your Personal Information (note that for each purpose set forth below, we highlight in brackets the principal legal bases upon which we would rely to process your Personal Information):

  • Communicating with you about your use of the Sites and our services, our legal representation or legal matters, and any recruiting activities or inquiries [performance of a contract, legitimate interests, and in some cases, legal claims];
  • Providing legal and other services to you. We process Personal Information in order to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us (please note that our Professional Services Agreements apply where we provide legal services) [performance of a contract, consent, legal obligation, and in some cases, legal claims];
  • Responding to your general inquiries or inquiries regarding webinars, events and newsletters [performance of a contract, legitimate interests];
  • In the case of recruiting, evaluating whether you may be a match [performance of a contract, legitimate interests, consent];
  • Organizing events for which you have registered. We use the Personal Information we collect from you in connection with events that we organize to track registration, confirm attendance, and furnish certain details you have provided to us, such as your company affiliation, to other attendees. If you request at the time of your registration, or at any time afterward, we may use this information to call to your attention similar events that might be of interest to you. If so, we will provide an option to unsubscribe or opt out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us [performance of a contract, legitimate interests, consent];
  • Marketing our services. This allows us to provide you with information about new services or new areas of practice, legal updates or client alerts. We will provide an option to unsubscribe or opt out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us [legitimate interests, consent];
  • Complying with our legal, regulatory, or risk management obligations. We may use Personal Information to fulfill our legal obligations (such as identifying conflicts of interests, performing client due diligence, for anti-money laundering and anti-bribery purposes); for the prevention of fraud and/or other relevant background checks as may be required by applicable law and best practices; to enforce our legal rights; to comply with any legal or regulatory reporting obligations; and/or to protect the rights of third parties [legal obligation, legal claims, legitimate interests];
  • Recovering any payments due to us for our legal or other services, including where necessary enforcing such recovery through the engagement of debt collection agencies or taking other legal action (including in connection with legal and court proceedings) [performance of a contract, legal claims]; and
  • Making changes to our business, for example, in the event that we undergo a re-organization (if we merge, combine or divest a part of our business). If such is the case, we may be required to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transfer, as further described below [legitimate interests].

Disclosure of Information

We disclose your Personal Information to those of our personnel who need to process Personal Information in order to provide our services. In addition, we may disclose your Personal Information to the third parties indicated below (and for the following reasons):

  • Entities and individuals that help us provide the Sites and our services (including legal services);
  • Professional service providers, such as auditors, bankers, lawyers, consultants, accountants and insurers;
  • Governments, regulators, law enforcement and fraud prevention agencies, but only as authorized as explained below; and
  • In the event of a business transfer, as explained below.

Third-Party Service Providers

The following categories of third parties may collect, process or receive your Personal Information in order to assist us in providing our Sites and services:

  • Entities that host various components of our Website;
  • LexBlog, which hosts The Privacy Hacker and/or other blogs;
  • Service providers who assist us with recruiting, blog delivery and other services;
  • Service providers who assist us with the performance of our legal services, such as experts, translators, and eDiscovery providers; and
  • Outsourced services that help us administer certain activities, such as technology and IT services, information and document management, records storage and retention, and photocopying.

We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions. Please note, however, that your registration information for a particular event may be provided to co-presenters or co-sponsors for that event, each of whom will be identified to you at the time of registration. Unless you opt out at the time of registering for the event, those sponsors may use your Personal Information for their own marketing purposes. Their privacy policies may differ from this Privacy Notice. In addition, for our blog Site hosted by LexBlog, you may be required to register or otherwise provide Personal Information, which is subject to the LexBlog privacy policy.

We require all third-party service providers to respect the security of your Personal Information and to treat it in accordance with the law.

Legal Obligations & Security

We will disclose your Personal Information:  (i) when we have a good faith belief it is required by law, such as pursuant to a subpoena, warrant or other judicial or administrative order (as further explained below); (ii) to protect the safety of any person; (iii) to protect the safety or security of our Sites or to prevent spam, abuse, or other malicious activity of actors on our Sites; or (iv) to protect our rights or property or the rights or property of those who use our Sites and/or services.

If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or otherwise via a mutual legal assistance mechanism (e.g., treaty). Under such circumstances, we will attempt to provide you with prior notice that a request for your information has been made, in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address. However, government requests may include a court-granted non-disclosure order, which prohibits us from giving notice to the affected individual. In cases where we receive a non-disclosure order, we notify the user when it has expired or once we are authorized to do so.

Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, or the detection or prevention of a crime, we may provide information, including Personal Information, to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.

Business Transfer

We may transfer your Personal Information to an affiliate, a successor entity upon a merger, consolidation or other corporate reorganization in which Hopkins & Carley participates, or to a purchaser or acquirer of all or substantially all of Hopkins & Carley’s business or assets, including a successor in bankruptcy.

Tracking Disclosure

Hopkins & Carley tracks users’ use of the Sites, but does not track users across third-party websites. We do not respond to Do Not Track (DNT) signals.

Changing Your Personal Information and Choices

If you would like us to stop using your Personal Information, or if you want to change Personal Information you previously have provided to us via the Sites, please contact us at info@hopkinscarley.com and we will comply to the extent required and allowed by applicable laws. Regarding Personal Information that you have provided for an event sponsored by us, you may contact the event coordinator directly via email or telephone. Marketing contacts for each event are listed on the Hopkins & Carley Events page.

We allow you to opt out of future communications at any time by clicking the “Opt Out” or “Unsubscribe” link in the email or replying to any email you receive with a message that reads “Opt Out” in the subject line.

Links to Other Websites

Our Sites may link to websites maintained by outside organizations. For instance, when we repost an article from our Website to our own social media pages, you may be redirected to a third-party website. Please be aware that these third-party websites are governed by their own privacy policies and do not fall within this Privacy Notice. Hopkins & Carley is not responsible for the content or policies maintained by these websites. Please familiarize yourself with the privacy policy or notice of any third-party website you visit, as it will govern any information you submit through that website.

Social Plugins

We may use social plugins on our Sites and may include icons that allow you to interact with third-party social networks such as LinkedIn, Twitter and Facebook. For example, you may “like” us on Facebook or follow us on Twitter. The third-party social plugin may set a cookie when your browser creates a connection to the servers of such social networks and the plugin may transmit your Personal Information to the social networks. Your use of these social plugins is subject to the privacy policies of the third-party social networks.

Children

We recognize the privacy interests of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. We target our Sites and the services we offer to adults and not to children under 18 years of age. To the extent that we are required to collect information regarding a minor in order to provide our legal services, we will only do so with parental consent.

Confidential Information

Because the security of transmission of information over the Internet cannot be guaranteed, please do not disclose any confidential information to us via the Sites, or via email (unless you have an existing attorney-client relationship with us). Please note that providing confidential or any other information to Hopkins & Carley through our Sites does not, by itself, engage us for legal services and does not form an attorney-client relationship.

How Long Do We Keep Your Personal Information?

Your Personal Information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.

In order to determine the most appropriate retention periods for your Personal Information, we consider the amount, nature and sensitivity of your Personal Information, the reasons for which we collect and process your Personal Information, best practices and applicable legal requirements. Retention periods are also based on legal requirements that specifically apply to the legal services industry, and our records retention policies. When we have no ongoing legitimate business need or specific obligation to process your Personal Information, we will either delete or anonymize it (see below) or, if this is not possible (for example, because your Personal Information has been stored in backup archives), we will securely store your Personal Information and isolate it from any further processing. Some exceptions from static retention periods may occur. For instance, we cannot delete Personal Information when there are legal obligations to retain it (e.g., arising from tax or commercial law, or our obligations as legal advisors). This is particularly true of financial data and payment information, as well as any information provided in connection with our legal representation of you. Additionally, we cannot delete Personal Information when it is needed for the establishment, exercise or defense of legal claims (“litigation hold”). In this case, the Personal Information can be retained as long as needed for exercising respective potential legal claims.

In some instances, we may choose to anonymize your Personal Information instead of deleting it, for statistical use, for instance. When we choose to anonymize, we implement measures so there is no way that the Personal Information can be linked back to you or any specific user.

Please contact us if you would like more information.

Protecting Your Personal Information

We have put in place reasonably appropriate technical and organizational measures to protect the Personal Information that we collect and process about you. The measures that we use are designed to provide a level of security appropriate to the risk of processing your Personal Information.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We also require those parties to whom we transfer your Personal Information to comply with the same.

While we take all reasonable steps necessary to provide the most secure Website, you understand and assume the risks associated with your activities on the Internet.

International Transfers

We are located in the United States, and the Personal Information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the GDPR.

By sending us Personal Information, you agree and consent to the processing of your Personal Information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Union), and to the processing of that information by us on servers located in the United States, as described in this Privacy Notice.

We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Notice, including when processed internationally or by our third-party service providers and partners. The safeguards we may take in our discretion include, for instance, entering into binding agreements in connection with any onward transfers of Personal Information. We may implement other mechanisms and take similar appropriate safeguards with our third-party service providers and partners. Further details can be provided upon request.

How to Contact Us About Privacy

If you have any questions about this Privacy Notice, have additional questions, or would like to exercise any of your rights if you are located in the European Economic Area, please contact us at info@hopkinscarley.com. You may also write to:

Hopkins & Carley
Attn:  Cory Cullen
70 S. 1st St.
San Jose, CA  95113
UNITED STATES

Additional Legal Rights For Users in the European Economic Area

If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your Personal Information:

  • The right to be informed – our obligation to inform you that we process your Personal Information (and that is what we are doing in this Privacy Notice);
  • The right of access – your right to request a copy of the Personal Information we hold about you (also known as a ‘data subject access request’);
  • The right to rectification – your right to request that we correct Personal Information about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
  • The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the Personal Information we have about you (unless there is an overriding legal reason we need to keep it);
  • The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your Personal Information;
  • The right to data portability – your right to ask us for a copy of your Personal Information in a common format (for example, a .csv file);
  • The right to object – your right to object to us processing your Personal Information (for example, if you object to us processing your data for direct marketing); and
  • Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.

These rights are subject to certain rules regarding when you can exercise them. If you are located in the European Economic Area and wish to exercise any of the rights set out above, please contact us (see How to Contact Us About Privacy).

You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.

We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.

We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.

In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing any services you may have requested as covered in this Privacy Notice.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. However, we would appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us first.

If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details in How to Contact Us About Privacy.