Privacy

MBHB EU-U.S. And Swiss-U.S. Data Privacy Framework Principles

McDonnell Boehnen Hulbert & Berghoff LLP (“MBHB”) is a law firm with an international client base, including a number of clients in the European Union (“EU”) and Switzerland (“Swiss”). In the course of our work with such clients, MBHB may be called upon to collect, review and/or produce materials that may be subject to EU Privacy Laws and Switzerland Privacy Laws. As such, MBHB has implemented this policy (“Policy”), subject to the Limitations set forth below, in order to ensure that it is complying with the EU Privacy Laws and Swiss-U.S. Privacy Laws and subject to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework concerning the transfer of personal data from the EU and Switzerland to the United States. With respect to this Policy, MBHB is subject to the investigatory and enforcement powers of the U.S. Department of Commerce.

MBHB commits to comply with the EU-U.S. Data Privacy Framework Principles and the Swiss-U.S. Data Privacy Framework Principles, (availablat https://www.dataprivacyframework.gov/s/) MBHB has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles. Details regarding MBHB’s application of these Principles are set forth below.  If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principals, the Data Privacy Framework Principles shall govern.

The Federal Trade Commission has jurisdiction over MBHB’s compliance with the Data Privacy Framework Principles.

MBHB’s U.S.-EU and U.S.-Swiss self-certification can be found on the Data Privacy Framework participan list at: https://www.dataprivacyframework.gov/s/

 

  1. Data Collection, Processing, Disclosure and Onward Transfer     

MBHB at times collects data that may include personal or sensitive personal information, including human resources information, form its clients for the purposes of complying with requests for information in U.S. or foreign litigation, or for the purposes of preparing information to be submitted during the process of applying for patents in the United States Patent and Trademark Office. MBHB may disclose the collected information to: (1) parties to the litigation, (2) the court systems or other judicial or administrative bodies of the United States or a foreign jurisdiction, (3) private arbitral tribunals or other dispute resolution providers, and/or (4) regulatory bodies of the United States. During the course of these activities, MBHB may also disclose information to vendors who assist with MBHB activities (e.g. photocopy services). MBHB seeks to ensure that its vendors also comply with the Privacy Principles, or, in the alternative, takes measures to further protect the information disclosed. To the extent possible, disclosure of confidential or personal information is always governed by a protective order or confidentiality agreement.

In addition, MBHB may be required to disclose personal information to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

  1. Notice

MBHB directly, or through its EU and Swiss clients, shall notify individuals about the purposes for which they collect and use information about them. In particular, when collecting or processing information, MBHB shall provide information about:

  • The types of personal data collected;
  • The purposed for the collection and use of any personal data;
  • The types or identity of third parties to whom MBHB may be required to disclose personal data;
  • The rights of individuals to access their personal data;
  • The choices of individuals for limiting the use and disclosure of any personal data;
  • The dispute resolution mechanisms available to individuals with respect to collection of processing of their personal

data; and

  • Any requirements MBHB has to disclose personal data in response to lawful requests.

MBHB shall provide information via this Policy posted on its website (www.mbhb.com).

 

  1. Choice

MBHB will give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose materially different from the purpose for which it was originally collected or later authorized by the individual. For sensitive personal data, MBHB will inform the individual and obtain their affirmative or explicit (opt in) consent if the information is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected or any purpose subsequently authorized by the individual.

 

  1. Onward Transfer (Transfer to Third Parties)

MBHB may be called upon to submit or produce to U.S or foreign patent offices, courts or to parties in litigation certain information collected from EU and Swiss clients in response to patent office disclosure obligations, litigation discovery requests, subpoenas or other orders. MBHB will ensure that any disclosure is either necessary or legally required on important public interest grounds, or for the establishment, exercise or defense of legal claims, or that it is conducted pursuant to a written agreement with any such party requiring that such party provide at least the same level of privacy protection as is required by the relevant principles of the U.S.-EU Data Privacy Framework and Swiss-U.S. Data Privacy Framework. To the extent possible, where a receiving party is not also certified and the respective Data Privacy Framework Principles or subject to an adequacy finding MBHB will enter into a contract with the third-party data controller providing that personal data may only be processed for the limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as required by the Principles. For example, in the context of litigation, MBHB will not provide personal data absent a governing protective order.

MBHB understands that failure to fully comply with the Data Privacy Framework Principles with respect to an onward transfer of personal information to third parties may lead to liability, and as such, has set forth recourse mechanisms and enforcement policies as detailed herein.

 

  1. Access

MBHB agrees to provide to individuals on request access to personal information about themselves that an organization holds collected from EU and Swiss clients and that they are permitted to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. Such requests should be directed to MBHB’s Privacy Officer at the email address: Privacy@mbhb.com.

 

  1. Security

MBHB shall take reasonable and appropriate precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal data.

 

  1. Data Integrity

MBHB shall ensure that collection or processing of any personal information is limited to that information relevant for the purposes for which it is to be used. MBHB will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.

 

  1. Enforcement

To ensure compliance with the Data Privacy Framework Principles, MBHB will, at no cost to the individual, investigate and work to resolve any privacy concerns raised by the individual via email to MBHB’s Privacy Officer (Privacy@mbhb.com) arising from its collection, review and/or production of any materials that may be subject to EU Privacy Laws and Swiss Privacy Laws. All attorneys and staff are informed of these procedures. Failure to follow these procedures will result in appropriate discipline to ensure compliance.

In compliance with the Data Privacy Framework Principles, MBHB commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact MBHB at:

MBHB Privacy Officer

McDonnell Boehnen Hulbert & Berghoff LLP

300 S. Wacker Dr., Suite 3200

Chicago, IL 60606

312-913-0001

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, MBHB commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

In addition, in a manner consistent with the Data Privacy Framework Principles, MBHB shall make readily available an independent recourse mechanism through the JAMS Data Privacy Framework Program (https://www.jamsadr.com/eu-us-data-privacy-framework. Under certain conditions, as detailed in the Privacy Framework, individuals may be able to invoke binding arbitration with respect to disputes.

 

  1. Limitations

MBHB’s compliance with this Policy regarding transfer/disclosure of personal data from the EU and Switzerland may be limited where such transfer/disclosure (i) is made pursuant to consent of the individual; (ii) is necessary in order to protect the vital interests of the individual or another person where the individual is physically or legally incapable of giving consent; (iii) involves data that has been made public by the individual; (vi) is necessary or legally required on important public interest grounds; (v) is necessary for the establishment, exercise or defense of legal claims, including compliance with a legal obligation to which the client or MBHB is subject; (vi) is necessary for the conclusion or performance of a contract concluded in the interest of the individual between MBHB or its client and a third party; (vii) is information used in a register that is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest; or (viii) is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed.

 

  1. Amendment

MBHB may amend this Policy, i.e., under the U.S.-EU Privacy Data Privacy Framework Principles and Swiss-U.S. Data Privacy Framework Principles, from time to time. Any amendments will be disclosed by posting the amended Policy on this website and will become effective as of the revision date set forth in the amended Policy.

 

  1. Effective Date

The original Effective Date of the MBHB Privacy Policy was September 2016. The current policy as revised is effective as of September 15, 2023.

Search
Menu
Menu