MBHB U.S.-EU Privacy Shield
McDonnell Boehnen Hulbert & Berghoff LLP (“MBHB”) is a law firm with an international client base, including a number of clients in the European Union (“EU”). In the course of our work with such clients, MBHB may be called upon to collect, review and/or produce materials that may be subject to EU Privacy Laws. As such, MBHB has implemented this policy (“Policy”), subject to the Limitations set forth below, in order to ensure that it is complying with the EU Privacy Laws and subject to the U.S.-EU Privacy Shield Framework concerning the transfer of personal data from the EU to the United States. With respect to this Policy, MBHB is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
MBHB commits to comply with the U.S.-EU Privacy Shield Framework Principles, (available at https://www.privacyshield.gov/EU-US-Framework). Details regarding MBHB’s application of the Principles are set forth below.
MBHB’s U.S.-EU self-certification can be found on the Privacy Shield list at: https://www.privacyshield.gov/list
1. Data Collection, Processing, Disclosure and Onward Transfer
MBHB at times collects data that may include personal or sensitive personal information, including human resources information, form its clients for the purposes of complying with requests for information in U.S. or foreign litigation, or for the purposes of preparing information to be submitted during the process of applying for patents in the United States Patent and Trademark Office. MBHB may disclose the collected information to: (1) parties to the litigation, (2) the court systems or other judicial or administrative bodies of the United States or a foreign jurisdiction, (3) private arbitral tribunals or other dispute resolution providers, and/or (4) regulatory bodies of the United States. During the course of these activities, MBHB may also disclose information to vendors who assist with MBHB activities (e.g. photocopy services). MBHB seeks to ensure that its vendors also comply with the Privacy Principles, or, in the alternative, takes measures to further protect the information disclosed. To the extent possible, disclosure of confidential or personal information is always governed by a protective order or confidentiality agreement.
In addition, MBHB may be required to disclose personal information to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements.
MBHB directly, or through its EU clients, shall notify individuals about the purposes for which they collect and use information about them. In particular, when collecting or processing information, MBHB shall provide information about:
MBHB shall provide information via this Policy posted on its website (www.mbhb.com).
MBHB will give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose materially different from the purpose for which it was originally collected or later authorized by the individual. For sensitive personal data, MBHB will inform the individual and obtain their affirmative or explicit (opt in) consent if the information is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected or any purpose subsequently authorized by the individual.
4. Onward Transfer (Transfer to Third Parties)
MBHB may be called upon to submit or produce to U.S or foreign patent offices, courts or to parties in litigation certain information collected from EU clients in response to patent office disclosure obligations, litigation discovery requests, subpoenas or other orders. MBHB will ensure that any disclosure is either necessary or legally required on important public interest grounds, or for the establishment, exercise or defense of legal claims, or that it is conducted pursuant to a written agreement with any such party requiring that such party provide at least the same level of privacy protection as is required by the relevant principles of the U.S.-EU Privacy Shield Framework. To the extent possible, where a receiving party is not also Privacy Shield certified or subject to an adequacy finding MBHB will enter into a contract with the third-party data controller providing that personal data may only be processed for the limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as required by the Principles. For example, in the context of litigation, MBHB will not provide personal data absent a governing protective order.
MBHB understands that failure to fully comply with the Privacy Principles with respect to an onward transfer of personal information to third parties may lead to liability, and as such, has set forth recourse mechanisms and enforcement policies as detailed herein.
MBHB agrees to provide to individuals on request access to personal information about themselves that an organization holds collected from EU clients and that they are permitted to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. Such requests should be directed to MBHB’s Privacy Officer at the email address: Privacy@mbhb.com.
MBHB shall take reasonable and appropriate precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal data.
7. Data Integrity
MBHB shall ensure that collection or processing of any personal information is limited to that information relevant for the purposes for which it is to be used. MBHB will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
To ensure compliance with the Privacy Shield Principles, MBHB will, at no cost to the individual, investigate and work to resolve any privacy concerns raised by the individual via email to MBHB’s Privacy Officer (Privacy@mbhb.com) arising from its collection, review and/or production of any materials that may be subject to EU Privacy Laws. All attorneys and staff are informed of these procedures. Failure to follow these procedures will result in appropriate discipline to ensure compliance.
In compliance with the Privacy Shield Principles, MBHB commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Private Shield policy should first contact MBHB at:
MBHB Privacy Officer
McDonnell Boehnen Hulbert & Berghoff LLP
300 S. Wacker Dr., Suite 3200
Chicago, IL 60606
MBHB has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
In addition, in a manner consistent with the Privacy Shield Principles, MBHB shall make readily available an independent recourse mechanism through the JAMS Privacy Shield Program (https://www.jamsadr.com/eu-us-privacy-shield). Under certain conditions, as detailed in the Privacy Framework, individuals may be able to invoke binding arbitration with respect to disputes.
MBHB’s compliance with this Policy regarding transfer/disclosure of personal data from the EU may be limited where such transfer/disclosure (i) is made pursuant to consent of the individual; (ii) is necessary in order to protect the vital interests of the individual or another person where the individual is physically or legally incapable of giving consent; (iii) involves data that has been made public by the individual; (vi) is necessary or legally required on important public interest grounds; (v) is necessary for the establishment, exercise or defense of legal claims, including compliance with a legal obligation to which the client or MBHB is subject; (vi) is necessary for the conclusion or performance of a contract concluded in the interest of the individual between MBHB or its client and a third party; (vii) is information used in a register that is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest; or (viii) is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed.
MBHB may amend this Policy, i.e., the U.S.-EU Privacy Shield, from time to time. Any amendments will be disclosed by posting the amended Policy on this website and will become effective as of the revision date set forth in the amended Policy.
11. Effective Date