Privacy Policy

Overview

At Nixon Peabody, protecting the confidentiality—and privacy—of information you share with us is a core professional responsibility and a fundamental part of our work.

This Privacy Policy explains how and why we collect, use, share, and store information, including personal and sensitive personal  information, when you visit our website, request or receive professional services from us, apply for a job or work with us, request information from us, participate in Nixon Peabody marketing or educational events, or otherwise provide information to us. 

We do not sell personal information. We collect, use, and share personal information solely to support the provision and marketing of legal and professional services, and other operational and administrative purposes.  

This policy also explains your rights, where applicable, under certain data protection laws, including the California Consumer Privacy Act of 2018 (CCPA); the European Union General Data Protection Regulation (GDPR), the United Kingdom General Data Protection Regulation, which is the GDPR as incorporated into UK domestic law (UK GDPR).

A downloadable copy of this policy is available by clicking here.

Information we collect

• When you visit our website, we collect information from your browser about the pages you visit.
• When you fill out a form via our website, we collect personal information about you (e.g., email address, state in which you live), which you voluntarily provide in order to receive information or other services from the firm.
• When you seek to become a client of the firm, we collect more detailed (and potentially sensitive) personal information—directly from you, and from third-party sources, to make sure it is legally and ethically appropriate for the firm to represent you.
• When you are a client of the firm, we may collect detailed and sensitive personal information about you, including financial or health information, as may be necessary to provide you with the legal or other professional services you request.
• When you apply for a position at the firm, we collect contact information and information about your education, background, professional experience(s) from you, including information that may be sensitive.
• When you are offered a job with the firm, we collect a wide range of personal information, including sensitive information, directly from you and from third-party sources, in order to perform background screening and conflicts checks.
• When you work at the firm, we collect additional personal information. including sensitive personal information, directly from you and third parties, in order to administer benefit programs, pay our personnel, review and pay for expenses, foster professional development, and for other firm administrative and operational purposes.
• When you email personnel at the firm, we collect your email contact information, which may be stored in our customer relationship system, which keeps track of the personnel with whom you are communicating, and the marketing or educational services in which you have expressed interest. This may be combined with publicly available information (e.g., a LinkedIn profile) where permitted by law.
• When you visit our offices, or offsite events hosted by the firm, we may collect personal information and ask you to sign visitor logs for security purposes, and we may ask you for information about health symptoms, vaccination status, and recent travel and related medical information for public health screening purposes.

We do not knowingly collect information from anyone under the age of 18, nor do we market our services to them.

We do not collect sensitive personal information for the purpose of inferring characteristics about a person.

Where we get personal information

• Directly from you, such as when you fill out an online form or communicate directly with our personnel.
• Indirectly from you, when you browse our website.
• From our clients, who may provide information about their employees, associates, family members, and other third parties, as required to provide professional services.
• From Nixon Peabody vendors that support firm operations and administration, such as background screening services, payroll and benefits administrators, or from information in publicly available databases, which provide the information needed to perform due diligence on clients and other third parties, as may be required by law or the rules of professional responsibility governing lawyers.

How we use personal information

Nixon Peabody may use and disclose your personal information in the performance of a contract with firm clients, to further its legitimate business purposes (e.g., for operational and administrative uses, or direct marketing) and/or with your consent. These uses will vary depending on the nature of our relationship with you, but include:

• To provide you with the information that you have requested
• To provide products and services, you have requested
• To communicate with you about products and services
• To invite you to events
• To send you legal news, newsletters, marketing communications, and other materials that may interest you
• To evaluate, recruit, and hire personnel
• To bill for services rendered and facilitate payment processing, as applicable
• To operate, troubleshoot, analyze, and improve our website and digital services
• As reasonably necessary and appropriate, to detect or prevent fraud, to comply with legal obligations, or protect your, our, or others rights
  • As applicable, to confirm your identity for compliance with "Know Your Customer" requirements and other legal or ethical obligations (e.g., screening to avoid conflicts of interest with other clients, responding to data subject access requests)
• To administer employee benefits and payroll
• To facilitate professional development
• To track billing and expenses
• To provide you with technology resources
• To provide alerts and corporate communications (e.g., workplace emergencies, updated benefits information)
• As reasonably necessary to protect public health
• To allow Nixon Peabody to pursue remedies or limit liabilities if a dispute arises
• To fulfill other purposes permitted or required by law
• For other uses disclosed to you, or with your consent

When we share personal information

We share information with third parties, e.g. contractors and service providers, when necessary to provide and market our services, to manage the law firm, when we have your consent, or when required by law.  Nixon Peabody may share personal information with its affiliates and subsidiaries for the purposes set out in this policy.  

When we disclose your personal information to vendors involved in the administration and operation of the firm, and where required or appropriate and feasible, we obtain written assurances from such vendors that their privacy and security practices are in accord with applicable legal requirements. 

We may also disclose your personal information to third parties where we sell or merge any or all of our business and/or our assets to a third party, or where we are legally required to disclose your information.

The firm uses service providers to support our marketing program. With all website visitors, even those who do not complete any forms or otherwise seek our services, certain information is automatically collected through the use of a third-party service, Google Analytics, and similar technologies. This information helps us administer, protect, and improve our services; analyze usage; and improve users’ experience.

Through Google Analytics, the website collects online identifiers, including cookie identifiers, IP addresses, and device identifiers. Google Analytics collects information and reports website usage statistics. To opt out of being tracked by Google Analytics, visit the Google Analytics Opt-Out Browser Add-on.

The website also uses cookies, which are small files placed on the hard drive of your computer, to improve the operation and functionality of the website. The cookies we use may include:

• Process cookies that enable the website to function properly and assist in navigating pages and accessing services. Without these cookies, the website may not function properly.
• Session state cookies that collect information about how users interact with a website. This may include the page users visit most often and whether users get error messages from certain pages. These cookies help improve users' browsing experience, but blocking or deleting these cookies will not render the website unusable.

Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our website. By using our website, you consent to our use of cookies and the placement of cookies on your device for the purposes described.

Links to other third parties

Our website and communications from the firm may link to third-party sites that we do not control. These sites may include integrated content or links to content and services provided by third parties (e.g., for client payment processing, recruiting purposes, viewing videos, social media, webinars, and video conferencing). This privacy policy does not address the privacy, security, or other practices of these third-party service providers. We encourage you to review the privacy and security practices of third-party sites and vendors before providing personal information.

Data Collection Details

The chart below provides more detailed information about the information we collect, the reason we collect it (i.e. the business purpose), and with whom it may be shared (e.g., the categories of vendors to whom the information may be disclosed). The chart further notes whether that information has been collected or disclosed in the past 12 months. 

Please note that when providing legal and other professional services, each type of personal information listed in the first column may be collected and shared with co-counsel, opposing counsel, regulators, and other third parties, as reasonably required to provide the service(s) requested.

As you review this chart, remember:

• The firm does not sell the personal information it collects
• The firm does not use or disclose personal information for cross-context behavioral advertising
• The firm does not collect sensitive information for purposes of inferring characteristics about a person

Common identifiers

This includes real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers

Reason for collecting and/or sharing

Nixon Peabody collects common personal identifies for a wide range of business purposes, including, but not limited to:

• Provision of legal and other professional services;
• Marketing (if you have not opted out)
• Due diligence and/or background screening on clients, business partners, prospective or current personnel, and other third parties
• Payment processing, account management, billing, payroll, benefits administration and tax purposes
• Information Technology security and resource management
• Physical (office and venue) security
• Legal recruiting
• Firm administration and operations
• Public health
• Defense and prosecution of legal claims

Categories of third parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; banks and related financial services companies; marketing support vendors; background screening and due diligence service providers; employee benefits providers; legal recruiting vendors; firm administration vendors.

Collected or disclosed in past 12 months

Collected and disclosed

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

This includes name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

Reason for Collecting and/or Sharing

The firm collects personal information regulated under California law for the same purposes it collects common identifiers, as described above.

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; banks and related financial services companies; marketing support vendors; background screening and due diligence service providers; employee benefits providers; legal recruiting vendors; firm administration vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Protected classification characteristics under California or federal law.

This includes age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Reason for Collecting and/or Sharing

Nixon Peabody collects certain legally protected information for the provision of legal and other professional services. The firm also collects such information from applicants and personnel for:

• Background screening
• Administration of employee benefits and payroll
• Operation of technology resources
• Management of firm operations
• Public health screening and protection
• Physical (office building) security
• Immigration-related services

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; banks and related financial services companies; background screening and due diligence service providers; employee benefits providers; legal recruiting vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Commercial information

Commercial information. This includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Reason for Collecting and/or Sharing

Nixon Peabody may collect this information from publicly available sources (e.g., court records) or through third-party vendors to perform due diligence screening of prospective clients, personnel or other third parties.

This information may be provided by you in connection with the provision of legal services or employee benefits.

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; banks and related financial services companies; background screening and due diligence service providers; employee benefits providers; legal recruiting vendors.

Collected or Disclosed in past 12 months

Collected

Biometric information

Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, er physical patterns, and sleep, health, or exercise data.

Reason for Collecting and/or Sharing

Personnel may choose to use a fingerprint or faceprint ID to secure a firm-provided or firm-supported laptop or other mobile device. However, this information is not stored on firm servers or accessible to other firm personnel.

Categories of Third Parties

N/A.

Collected or Disclosed in past 12 months

Not collected or disclosed.

Internet or other similar network activity

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Reason for Collecting and/or Sharing

Nixon Peabody collects Internet and other similar network activity for information security, website management, and marketing.
The firm has the ability to track and audit how personnel and other users access and use of firm-provided technology resources for IT security and compliance purposes per the firm’s Responsible Use of IT Resources policy.

Categories of Third Parties

Web-hosting, IT technology and security, and marketing support vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Geolocation data

Physical location or movements.

Reason for Collecting and/or Sharing

Web analytic and intrusion detection tools provide information about the location of the computer or device accessing the firm’s website and other technology resources and may be used for website management and information security.

The firm may also collect information about recent travel for public health screening purposes.

This information also may be collected when firm personnel submit information collected from ride-sharing or similar sites for expense reports, and when enabled on firm-connected mobile devices and laptops.

Categories of Third Parties

Information technology and security vendors may have access to information about device location; government officials and other third parties may have access to information about recent travel to the extent required by law and/or protect public health.

Expense reporting and payment processing vendors, as applicable.

Collected or Disclosed in past 12 months

Collected and disclosed.

Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

Reason for Collecting and/or Sharing

Certain firm events may be recorded or photographed.

For public health and safety purposes, the firm may conduct scans to assess the body temperature of people entering firm offices.

Categories of Third Parties

Communications and marketing support vendors (for audio, visual, electronic information); commercial landlords, government officials, and other third parties may have access to sensory data to the extent required by law and/or protect public health.

Collected or Disclosed in past 12 months

Audio, video and electronic information collected and disclosed; collection and disclosure of health screening information to the extent required by law and/or to protect public health.

Professional or employment-related information.

Current or past job history or performance evaluations.

Reason for Collecting and/or Sharing

The firm may collect professional or employment-related information to provide legal and other professional services, for marketing, or for legal recruiting.

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional support vendors (as may be required to provide the specific legal services requested); marketing support vendors.

Personnel and applicant data may be shared with background screening services; information technology and security providers; document management and storage vendors; employee benefits and firm administration vendors; other third parties with consent or as required by law or the rules of professional responsibility.

Collected or Disclosed in past 12 months

Collected and disclosed

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Reason for Collecting and/or Sharing

The firm may collect regulated, non-public education information to provide legal and other professional services or for legal recruiting.

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional support vendors (as may be required to provide the specific legal services requested).

Personnel or applicant data may be shared with background screening services; information technology and security providers; document management and storage vendors; other third parties with consent or as required by law or the rules of professional responsibility.

Collected or Disclosed in past 12 months

Collected and disclosed

Inferences drawn from other personal information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, etc.

Reason for Collecting and/or Sharing

The firm collects information, generally on an anonymous basis, about employee satisfaction and other employment-related matters. Certain professional development activities (e.g., online training activities) may create profile data.

Categories of Third Parties

Human resources, education, and firm administration vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Government Identifiers

Social security, driver’s license, state identification card, or passport number.

Reason for Collecting and/or Sharing

Nixon Peabody collects government identifiers for

• Provision of legal and other professional services;
• Due diligence and/or background screening on clients, business partners, prospective or current personnel, and other third parties
• Payment processing, account management, billing, payroll, benefits administration, and tax purposes
• Physical (office and venue) security
• Legal recruiting
• Firm administration and operations
• Public health
• Defense and prosecution of legal claims.

Categories of Third Parties

 Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; banks and related financial services companies; background screening and due diligence service providers; employee benefits providers; legal recruiting vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Complete account access credentials

(user names, account numbers, or card numbers combined with required access/security code or password) for financial accounts.

Reason for Collecting and/or Sharing

Provision of legal and other professional services, e.g. trust administration.

Categories of Third Parties

Legal and other professional services support vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Precise geolocation

Reason for Collecting and/or Sharing

Web analytic and intrusion detection tools provide information about the location of the computer or device accessing the firm’s website and other technology resources and may be used for website management and information security.

Categories of Third Parties

Information technology and security vendors may have access to information about device location.

Collected or Disclosed in past 12 months

Collected and disclosed

Racial or ethnic origin

Reason for Collecting and/or Sharing

Provision of legal or other professional services (to the extent applicable to services sought); legal recruiting and firm administration.
For personnel, demographic information about you, including sensitive personal information, may be disclosed to clients and other third parties with your consent for administration of Diversity, Equity and Inclusion initiatives and requirements.

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; employee benefits providers; firm administration vendors; clients, prospective clients and vendors (certain personnel demographic data).

Collected or Disclosed in past 12 months

Collected and disclosed

Religious or philosophical beliefs

Reason for Collecting and/or Sharing

Provision of legal or other professional services (to the extent applicable to services sought); firm administration, e.g., request for religious exemption from vaccine requirements..

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; firm administration vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Union Membership

Reason for Collecting and/or Sharing

Provision of legal or other professional services (to the extent applicable to services sought).

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Genetic data

Reason for Collecting and/or Sharing

Provision of legal or other professional services (to the extent applicable to services sought).

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Mail, email, or text messages contents not directed to us.

Reason for Collecting and/or Sharing

Provision of legal or other professional services (to the extent applicable to services sought);  Nixon Peabody personnel mail,  email and text messages are subject to firm policies related to employee privacy.

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors.

Collected or Disclosed in past 12 months

Collected and disclosed

Unique identifying biometric information

Reason for Collecting and/or Sharing

Personnel may choose to use a fingerprint or faceprint ID to secure a firm-provided or firm-supported laptop or other mobile device. However, this information is not stored on firm servers or accessible to other firm personnel.

Categories of Third Parties

Not shared.

Collected or Disclosed in past 12 months

Not applicable.

Health, sex life, or sexual orientation information

Reason for Collecting and/or Sharing

Health information, e.g. vaccine status, is collected as required to meet public health requirements.

Personnel may provide information about their sexual orientation for firm administrative purposes.

For personnel, demographic information about you, including sensitive personal information, may be disclosed to clients and other third parties with your consent for administration of Diversity, Equity and Inclusion initiatives and requirements.

Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional services support vendors; employee benefits and firm administration vendors; clients, prospective clients and vendors (certain personnel demographic data).

Collected or Disclosed in past 12 months

Collected and disclosed.

Our Retention of Your Data

Nixon Peabody’s document management, retention and destruction policies vary based on legal requirements, practice area, jurisdiction and the type and format of the data. Appropriate retention periods for personal information are determined by considering, among other things, the nature of the information, the purposes for which it is retained, relevant technical constraints and legal and contractual requirements.

Choices about your data

You can ask us to stop sending you marketing communications. All marketing communications you receive from us contain an opt-out mechanism that will allow you to register or update your marketing preferences. If you no longer wish to receive marketing communications, you may also send an email to subscriptioninquiries@nixonpeabody.com.

Website visitors can take steps to limit the amount of personal information collected about you. As noted above, website visitors can use various tools to limit the amount of information shared with the firm and the third-party vendors it uses to support its website.

Data Privacy Rights: California, UK and EU residents

Legal Rights for California Consumers

To the extent provided for by law and subject to applicable exceptions, including but not limited to attorney-client privilege, California residents have the following privacy rights in relation to the personal information we collect:

• The right to know what personal information we have collected and how we have used and disclosed that personal information (as described above);
• The right to request deletion of your personal information;
• The right to opt out of the sale of your personal information (as noted above, the firm does not sell your personal information);
• The right to limit use or disclosure of your sensitive personal information (where such use or disclosure is to infer characteristics about a person. As noted above, the firm does not use sensitive information in this way);  
• The right to correct inaccurate personal information collected about you;
• The right to be free from discrimination relating to the exercise of any of your privacy rights.

California residents who have provided personal information to Nixon Peabody, can request:

• To know the categories of personal information we have collected about you, the reason(s) we have collected it, the sources of the data, and the categories of third parties with whom we share the information
• To know the specific pieces of information we have collected about you (in addition to the information described above)
• The correction or deletion of personal information it holds about you.  Please note that requests to correct or delete data are subject to various limitations and the firm may retain certain data as permitted by law or required by the rules of professional responsibility

If you have only provided personal information as a result of browsing our website (i.e., you did not complete any forms or send the firm any emails or other communications), the firm is unable to provide information about the specific personal information it holds about you. Please refer to the table above for information about the firm’s general data handling practices.

Note: We will not provide information if doing so would violate a duty of confidentiality owed to our clients or any applicable laws and regulations. If you believe a client of the firm has provided Nixon Peabody with personal information about you, please refer your request for disclosures to the client or other relevant third party. In the alternative, you may authorize the firm to relay your request to one of the firm’s clients.

Data requests can be made in the following ways:

• by completing the Data Request Form, available here
• by calling the Data Request line at 1-877-807-1213

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or the requestor’s authority to make the request. An authorized agent may request information on your behalf if they provide evidence of their legal authority to submit such requests.

Questions about the data request process should be directed to compliance@nixonpeabody.com or 1-877-807-1213.

Verifying your identity is required before we respond to your request. To verify your identity, we will collect basic personal information about you to match with our records. Next, you will receive an email confirmation that your request was received, as well as information about additional steps that may be required to confirm your identity and verify appropriate contact information. You may make data requests no more than twice in a 12-month period.

We will try to respond to verifiable requests within 45 days. If we require more time, we will inform you of the reason and extension period in a written response. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

California “Shine the Light” Disclosures

Pursuant to California Civil Code Section 1798.83(c)(2), California law requires us to inform California residents who have provided us with personal information that they may request information from us about our disclosures to third parties for their direct marketing purposes. To request this information, please contact us at compliance@nixonpeabody.com.

Legal rights for United Kingdom European residents

Under the GDPR and UK GDPR, transfers of personal information from the UK and European Economic Area (EEA) may be made to jurisdictions that provide adequate protections to the rights of data subjects. The United States has not been deemed to provide such protection; therefore, we more generally rely on the following lawful bases for cross-border transfers from the EEA: standard contractual clauses, and the derogations available for contracts and consent.

In addition, residents of the UK and EU, whose personal information, has been provided to the firm, may have additional rights under the GDPR, including, among other things, the right to see a copy of your personal information, the right to correct inaccurate information, the right to object to or restrict use of your information, and the right to have your personal information erased. If you would like to discuss or exercise these rights or have additional questions about our compliance with the GDPR, please contact compliance@nixonpeabody.com or call the Nixon Peabody Data Request line at 1 877 807 1213.

Nixon Peabody International LLP, which is based in London, can be reached at 17 Hanover Square, London W1S1BN, United Kingdom or +44 (0) 20 7096 6600.

Data security

Nixon Peabody secures data through a mix of technical and administrative safeguards that are audited annually by third-party information security experts. The firm’s Rochester, New York, data center has been certified as compliant with ISO 270001, a globally recognized standard for information security. Nixon Peabody also has policies and procedures designed to promote commercially reasonable security practices in accordance with U.S. and international requirements. Nonetheless, the transmission of information via the Internet is not completely secure, and we cannot guarantee the security of data sent to us electronically over cellular and wireless networks that we do not control.

Changes to this privacy policy

The effective date of this policy is January 1, 2020, and it was last reviewed and updated on December 30, 2022. It will be reviewed periodically and updated in accordance with evolving privacy practices and requirements. We encourage you to periodically review this page. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting a notice of the changes in a conspicuous manner on www.nixonpeabody.com.

Contact information

If you have any questions or comments about this policy, the ways in which Nixon Peabody collects and uses your information, your choices and rights regarding such use, please do not hesitate to contact us at:

Phone: 1-877-807-1213
E-mail: compliance@nixonpeabody.com

Postal Address:
Nixon Peabody LLP
Exchange Place
53 State Street
Boston, MA 02109
Attn: Sarah Ragland, Compliance Officer