skip to main content

Lowenstein Sandler LLP | The contents of this website contain attorney advertising. | Results may vary depending on your particular facts and legal circumstances.

Search
Smart Search Icon
Header Search
view all search results
Search Close
Hamburger

GDPR Privacy Policy

 

> Privacy Policy

> GDPR Privacy Policy

> Accessibility

 

 

 

Lowenstein Sandler LLP
GDPR Privacy Notice for Individuals Located in the European Economic Area and the United Kingdom
Last Updated: January 1, 2025

If you are located in the European Union (EU), United Kingdom, Lichtenstein, Norway, or Iceland (“European Individuals”), you may have additional rights with respect to your Personal Data under the General Data Protection Regulation (“EU GDPR”), and/or the EU GDPR as saved into United Kingdom law by the United Kingdom's European Union (Withdrawal) Act 2018 (“UK GDPR”) (collectively with the EU GDPR, the “GDPR”), as set forth in this GDPR Notice (the “GDPR Notice”).

In this GDPR Notice, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to identify a person, and “processing” generally refers to actions that can be performed on data such as its collection, use, storage or disclosure. Lowenstein will usually be the controller of your Personal Data processed in connection with your use of the Sites and our services.

Where applicable, this GDPR Notice is intended to supplement, and not replace, our Privacy Policy. If there are any conflicts between the GDPR Notice and the other parts of the Privacy Policy, and you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, the provision that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this GDPR Notice or whether any of the following rights apply to you, please contact us at privacycontact@lowenstein.com with the subject line “GDPR Request.”

  1. Types of Personal Data we Collect

We currently collect and otherwise process the categories of Personal Data listed in Section I of the Privacy Policy.

  1. How we Obtain the Personal Data

We collect and/or receive the Personal Data in the ways listed in Section I of the Privacy Policy.

  1. Why we Collect the Personal Data

We collect and/or receive the Personal Data for the purposes listed in Section II of the Privacy Policy. We will only process your Personal Data if we have a lawful basis for doing so. Under the GDPR, the lawful bases we rely on for processing this information are:

a) Your Consent

In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. You can remove your consent at any time. You can do this by contacting us via email at privacycontact@lowenstein.com with the subject line “GDPR Request.”

b) We Have a Contractual Obligation

We process certain categories of Personal Data as a matter of “contractual necessity,” meaning that we need to process the data to perform under our Terms of Use with you, which enables us to provide you with the Sites and other services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Sites or services that require such data. These categories of Personal Data are:

  • Contact Information; and
  • Any other information you voluntarily provide to us to request our services or communicate with us.

c) We Have a Legitimate Interest

We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:

  • Contact Information;
  • Any other information you voluntarily provide; and
  • Automatically collected information about your use of our Sites and other interactions with us (including log files, device information, geolocation, tracking data, performance metrics, etc.).

Our legitimate interests are:

  • Information Security: We process contact information and automatically collected information in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs.
  • Operation and Improvement of our Sites and services: We process automatically collected information pursuant to our legitimate interest in operating and improving our Sites and services.
  • Audience Measurement and Marketing: Pursuant to a user’s consent, we use analytics and targeting cookies, and collect identifiers through such cookies, for purposes of audience measurement, analytics, audience reaction to our Sites, creating relevant user experiences, and targeted marketing by us and other third parties.
  • General Business Development and Management: We process contact information and other information you voluntarily provide pursuant to our legitimate interest in creating and managing our relationships with European Individuals, including without limitation:
    • To respond to inquiries from European Individuals;
    • To provide European Individuals with information about our services; and
    • To assist European Individuals with any issues while using the Sites or our services.
  • Direct Marketing: Generally, we send email marketing to European Individuals pursuant to their consent. When you use the Sites, email marketing may be sent to you pursuant to our legitimate interest in sending marketing communications to you in the context of such engagement.
  • Protection of Rights: We may disclose any categories of Personal Data to respond to claims of violation of third party rights or to enforce and protect our rights.

d) We Have a Legal Obligation

We may be required to disclose Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose Personal Data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

  1. How we Share Your Personal Data

Section II of the Privacy Policy explains how we share your Personal Data with third parties.

  1. How we Store and Protect Your Personal Data

We use commercially reasonable administrative, technical, and physical safeguards to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, for which we take into account the nature of the Personal Data, its processing, and the threats posed to it. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us via email at privacycontact@lowenstein.com with the subject line “GDPR Request.”

We retain your Personal Data for as long as needed to fulfill the purposes for which we obtained it, as further described in this Privacy Policy. We will only keep your Personal Data for as long as allowed or required by law.

  1. Your Data Protection Rights

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at privacycontact@lowenstein.com with the subject line “GDPR Request.” You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

  • Right of access: You can request more information about the Personal Data we hold about you, request access to this information, and request a copy of such Personal Data.
  • Right to rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
  • Right to erasure: You can request that we erase some or all of your Personal Data from our systems.
  • Right to restriction of processing: You have the right to ask us to restrict the processing of your Personal Data. You have the right to request that your Personal Data (i) not be disclosed to a third party or (ii) not be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If we want to process sensitive Personal Data, we will obtain affirmative express consent from you if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than that for which it was originally collected or subsequently authorized by you.
  • Right to object to processing: You have the the right to object to the processing of your Personal Data if we are relying on our or a third party’s legitimate interest and something about your particular situation makes you want to object to such
  • Right to data portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Right to withdraw consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our services.
  • Objecting to Legitimate Interest/Direct Marketing: You may object to Personal Data processed pursuant to our legitimate interest. In such case, we will no longer process your Personal Data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your Personal Data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to privacycontact@lowenstein.com with the subject line “GDPR Request.” In such case, your Personal Data will no longer be used for that purpose.

We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes and enforce our agreements. Please note that all of these rights are subject to applicable exemptions and restrictions, and are not absolute rights. If we need to rely on these exemptions or restrictions, we will provide this information to you in our response.

  1. International Data Transfers

Lowenstein complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Lowenstein has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Lowenstein has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Liability for third parties who may receive Personal Data. Lowenstein uses a limited number of third-party service providers who assist us in providing our services and who may access, process, or store Personal Data in the course of providing their services. In compliance with our DPF obligations, we have entered into contracts with these third parties that restrict their access, use and disclosure of Personal Data. If these third parties fail to meet their obligations and process Personal Data in a manner inconsistent with the DPF Principles, Lowenstein will remain liable under the DPF Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

Lowenstein is subject to the investigatory and enforcement powers of the Federal Trade Commission.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Lowenstein commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Lowenstein at privacycontact@lowenstein.com.

Lowenstein has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

  1. How to Complain

If you have any concerns about our use of your Personal Data, you can make a complaint to us at privacycontact@lowenstein.com with the subject line “GDPR Request.”

You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred. A list of the supervisory authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en

If you are a resident of the UK, you can contact the UK data protection regulator at:

The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF

Tel. +44 303 123 1113

https://ico.org.uk/make-a-complaint

  1. Changes to Our Organization

As we grow and develop our organization, as well as in the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, the information that we have collected, including Personal Data, may be transferred to the organization we join, merge with, or in other forms cooperate with, or the surviving or acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such Personal Data as set forth in this GDPR Notice.

  1. Updates to this GDPR Notice

If, in the future, we intend to process your Personal Data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Last Update” at the top of this page will be updated accordingly.

  1. Our Contact Information

Please reach out to privacycontact@lowenstein.com for any questions, complaints, or requests regarding this GDPR Notice, and include in the subject line “GDPR Request, or contact our General Counsel at:

Lowenstein Sandler, LLP
1251 Avenue of the Americas
New York, New York, 10020

 

© 2025 Lowenstein Sandler LLP. All rights reserved.