MBHB EU-U.S. And Swiss-U.S. Data Privacy Framework Principles
McDonnell Boehnen Hulbert & Berghoff LLP (“MBHB”) is a law firm with an international client base, including a number of clients in the European Union (“EU”) and Switzerland (“Swiss”). In the course of our work with such clients, MBHB may be called upon to collect, review and/or produce materials that may be subject to EU Privacy Laws and Switzerland Privacy Laws. As such, MBHB has implemented this policy (“Policy”), subject to the Limitations set forth below, in order to ensure that it is complying with the EU Privacy Laws and Swiss-U.S. Privacy Laws and subject to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework concerning the transfer of personal data from the EU and Switzerland to the United States. With respect to this Policy, MBHB is subject to the investigatory and enforcement powers of the U.S. Department of Commerce.
The Federal Trade Commission has jurisdiction over MBHB’s compliance with the Data Privacy Framework Principles.
MBHB’s U.S.-EU and U.S.-Swiss self-certification can be found on the Data Privacy Framework participan list at: https://www.dataprivacyframework.gov/s/
MBHB at times collects data that may include personal or sensitive personal information, including human resources information, form its clients for the purposes of complying with requests for information in U.S. or foreign litigation, or for the purposes of preparing information to be submitted during the process of applying for patents in the United States Patent and Trademark Office. MBHB may disclose the collected information to: (1) parties to the litigation, (2) the court systems or other judicial or administrative bodies of the United States or a foreign jurisdiction, (3) private arbitral tribunals or other dispute resolution providers, and/or (4) regulatory bodies of the United States. During the course of these activities, MBHB may also disclose information to vendors who assist with MBHB activities (e.g. photocopy services). MBHB seeks to ensure that its vendors also comply with the Privacy Principles, or, in the alternative, takes measures to further protect the information disclosed. To the extent possible, disclosure of confidential or personal information is always governed by a protective order or confidentiality agreement.
In addition, MBHB may be required to disclose personal information to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements.
MBHB directly, or through its EU and Swiss clients, shall notify individuals about the purposes for which they collect and use information about them. In particular, when collecting or processing information, MBHB shall provide information about:
MBHB shall provide information via this Policy posted on its website (www.mbhb.com).
MBHB will give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose materially different from the purpose for which it was originally collected or later authorized by the individual. For sensitive personal data, MBHB will inform the individual and obtain their affirmative or explicit (opt in) consent if the information is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected or any purpose subsequently authorized by the individual.
MBHB may be called upon to submit or produce to U.S or foreign patent offices, courts or to parties in litigation certain information collected from EU and Swiss clients in response to patent office disclosure obligations, litigation discovery requests, subpoenas or other orders. MBHB will ensure that any disclosure is either necessary or legally required on important public interest grounds, or for the establishment, exercise or defense of legal claims, or that it is conducted pursuant to a written agreement with any such party requiring that such party provide at least the same level of privacy protection as is required by the relevant principles of the U.S.-EU Data Privacy Framework and Swiss-U.S. Data Privacy Framework. To the extent possible, where a receiving party is not also certified and the respective Data Privacy Framework Principles or subject to an adequacy finding MBHB will enter into a contract with the third-party data controller providing that personal data may only be processed for the limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as required by the Principles. For example, in the context of litigation, MBHB will not provide personal data absent a governing protective order.
MBHB understands that failure to fully comply with the Data Privacy Framework Principles with respect to an onward transfer of personal information to third parties may lead to liability, and as such, has set forth recourse mechanisms and enforcement policies as detailed herein.
MBHB agrees to provide to individuals on request access to personal information about themselves that an organization holds collected from EU and Swiss clients and that they are permitted to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. Such requests should be directed to MBHB’s Privacy Officer at the email address: Privacy@mbhb.com.
MBHB shall take reasonable and appropriate precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal data.
MBHB shall ensure that collection or processing of any personal information is limited to that information relevant for the purposes for which it is to be used. MBHB will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
To ensure compliance with the Data Privacy Framework Principles, MBHB will, at no cost to the individual, investigate and work to resolve any privacy concerns raised by the individual via email to MBHB’s Privacy Officer (Privacy@mbhb.com) arising from its collection, review and/or production of any materials that may be subject to EU Privacy Laws and Swiss Privacy Laws. All attorneys and staff are informed of these procedures. Failure to follow these procedures will result in appropriate discipline to ensure compliance.
In compliance with the Data Privacy Framework Principles, MBHB commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact MBHB at:
MBHB Privacy Officer
McDonnell Boehnen Hulbert & Berghoff LLP
300 S. Wacker Dr., Suite 3200
Chicago, IL 60606
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, MBHB commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
In addition, in a manner consistent with the Data Privacy Framework Principles, MBHB shall make readily available an independent recourse mechanism through the JAMS Data Privacy Framework Program (https://www.jamsadr.com/eu-us-data-privacy-framework. Under certain conditions, as detailed in the Privacy Framework, individuals may be able to invoke binding arbitration with respect to disputes.
MBHB’s compliance with this Policy regarding transfer/disclosure of personal data from the EU and Switzerland may be limited where such transfer/disclosure (i) is made pursuant to consent of the individual; (ii) is necessary in order to protect the vital interests of the individual or another person where the individual is physically or legally incapable of giving consent; (iii) involves data that has been made public by the individual; (vi) is necessary or legally required on important public interest grounds; (v) is necessary for the establishment, exercise or defense of legal claims, including compliance with a legal obligation to which the client or MBHB is subject; (vi) is necessary for the conclusion or performance of a contract concluded in the interest of the individual between MBHB or its client and a third party; (vii) is information used in a register that is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest; or (viii) is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed.
MBHB may amend this Policy, i.e., under the U.S.-EU Privacy Data Privacy Framework Principles and Swiss-U.S. Data Privacy Framework Principles, from time to time. Any amendments will be disclosed by posting the amended Policy on this website and will become effective as of the revision date set forth in the amended Policy.