I. Personal Information We Collect & How We Collect It

“Personal Information” in this Policy means information that identifies, relates to, describes, is reasonably capable of being associated with, or that could reasonably be linked, directly or indirectly, with a particular individual, including Device, Internet and Network Activity Information. “Device, Internet and Network Activity Information” refers to information that we and our Service Providers collect through online interactions with individuals who visit our Website.

We collect Personal Information from clients, prospective clients and other individuals who are interested in the Firm and our legal services. Personal Information obtained from or relating to the Firm’s prospective, current or former clients may be subject to separate or additional terms of any notice, engagement letter or other similar letters or agreements with the client, the American Bar Association’s (ABA) Model Rules of Professional Conduct, and applicable laws and professional principles, in addition to this Policy.

We also receive Personal Information about individuals from our clients in the course of providing our legal services. In addition, we receive Personal Information about individuals from our Service Providers, including technical, billing and accounting firms; data analytics and internet providers; and other third-party sources.

We collect or receive the following categories of Personal Information in the course of our business, including through your use of the Website, when you contact or request information from us, when you visit us, attend our events, or when we provide legal services to our clients:

• Identifiers and Contact Information, such as name, email address, company affiliation, business mailing address and phone number(s).
• Sensitive Personal Information, also referred to as special categories of personal data, which includes information that may be protected under applicable law in certain circumstances including, but not limited to, driver’s license number, Social Security Number (SSN), Tax ID number, passport number, state identification number, other government-issued identifiers, financial information, certain types of insurance information, and health-related information.
• Financial Information, such as bank account, invoicing and tax information.
• General Geolocation Data, such as country location.
• Audio, Electronic and Visual Information, such as a photograph or video recording when you visit our office; attend a Firm-hosted webinar or other event; audio recording when you call us; and contents of your emails or other written communications that you send to us.
• Legal Ethics and Regulatory Compliance Information, as required for purposes such as client onboarding procedures, conflict assessments and Know Your Client and other due diligence exercises.
• Service Information, such as Personal Information necessary for the provision or receipt of legal services, including Personal Information related to your employees, customers, service providers and other third parties.
• Other Information that you choose to share with us.

We may supplement the information provided directly to us with information that we receive or obtain from other sources, such as from our staff or personnel, clients, professional advisers, partners and agents of Mullen Coughlin, third parties with whom we interact, and other publicly available sources.

We will only process Sensitive Personal Information to provide and support our legal services, comply with our legal obligations and/or to establish, exercise or defend a legal claim. We do not collect or process Sensitive Personal Information other than for internal business or compliance purposes and/or in the course of providing legal advice to our clients. We do not collect, use or disclose this information to infer characteristics about individuals.

Device, Internet and Network Activity Information we collect may include:

Device Data, such as information about your computer, mobile phone, tablet or other device you use to access the Website. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, general geolocation, device and/or browser type, hardware model, internet service provider and/or mobile carrier, operating system, mobile platform and system configuration information.

Log and Usage Data, including service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Website and which we record in log files. Depending on how you interact with us, this log data may include information about your activity on the Website (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use) and device event information (such as system activity, error reports, sometimes called “crash dumps,” and hardware settings).

Cookies and Other Tracking Technologies, such as first- and third-party products and services to gather traffic statistics using cookies, pixels or web beacons. A cookie is a small piece of information stored on your device that helps websites and servers recognize you. The Firm and our Service Providers may also use other technologies such as pixels, or transparent GIF files, for website management.

Examples of cookies and other technologies we may use on our Website include those listed below. We do not deploy cookies or other tracking technologies on our Website for targeted or cross-context behavioral advertising purposes, nor do we allow third-parties to do so.

• Essential Cookies. These cookies are necessary for the Website to function properly. They help improve visitor experience, make the site easier for you to use and facilitate provision of requested online services and transmission of communications over a network.
• Functional Cookies. These cookies are not essential for the Website to function properly, but allows our Website to remember a visitor’s preferences and personalize a visitor’s Website experience.
• Performance & Analytics Cookies. These cookies are used to gather statistical data on how visitors use the Website, such as which webpages are visited most frequently, so that we can determine how it is performing and make improvements to its functionality and performance.
• Other Technologies. We may collect many different types of information from other technologies to improve the quality of our Website and the services it provides. For example, we may collect information about the device you use to access our Website, your operating system and/or mobile device type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone where your device is located. We may record the IP address of the device you use to connect to the internet.

If you are a United Kingdom (UK) or European Union (EU) resident, you can learn more about the specific cookies and technologies we use by clicking on the Privacy Settings icon on our Website. We do not currently respond to web browser “do not track” signals. For more information, visit www.allaboutdnt.com.

II. How We Use Personal Information

We use Personal Information for our business purposes, including to provide and improve the Website and other services we make available to you, to provide clients with legal services, respond to your inquiries and requests, to prevent fraud and other criminal activity, for marketing purposes and for other purposes about which we may notify you and obtain your consent. For example, we may use your Personal Information for the following purposes and pursuant to the following legal bases, as permitted or required by law:

• Provision of Legal Services. We use information voluntarily provided to us before, during and after the course of our engagement, such as identifiers, contact information and other information that we may use in connection with the engagement, in order to perform our contracts with clients for legal services.
• Administration of Client Relationships. We use identifiers and contact information, financial information and other service-related information to administer our relationship with our clients pursuant to the contracts we have with them, including for the processing of invoices, updating of client records and addressing client inquiries or feedback.
• Sending Relevant Marketing Messages and Inviting You to Events/Seminars. We may use identifiers, contact information and mailing list data to communicate with you by way of email and social media for our legitimate interest in providing you with information about our events, seminars, content, or services that may be of interest to you.
• Improving our Website. With your consent, we may use Device, Network and Internet Activity Information gathered by cookies and other technologies to improve the content and functionality of our Website, and to gather statistics about its use.
• Keeping our Website and IT Systems and Processes Safe. We use identification data, contact information, and Device, Internet and Network Activity Information for our legitimate interest in ensuring the security and confidentiality of our Website, network and your data, as well as to prevent illegal activities, including fraud, which could harm you and us.
• Complying with Legal and Ethical Requirements. We use identification data, contact information, and financial information to comply with legal and regulatory requirements, including for Know Your Client or fraud detection purposes, other industry-specific regulatory requirements and fulfillment of the Firm’s ethical obligations. This processing is necessary for the purpose of complying with legal requirements that apply to the Firm.

III. Disclosures of Personal Information

We do not sell Personal Information or share it with third parties for targeted advertising purposes. We may disclose your Personal Information to the following categories of recipients:

• With our Service Providers and Processors who we utilize to provide or facilitate our legal services to clients and our business. A “Service Provider” or “Processor” is an entity that processes Personal Information on our behalf, and at our direction, in connection with performing certain functions. For example, we may disclose information to our client management database, cloud-hosting and other web-based product providers that help us maintain our Website, applications and systems in order to perform our legal services. These Service Providers are contractually prohibited from selling or sharing, or otherwise utilizing, Personal Information for any purpose other than that which is set forth in our contract with them.
• With our clients as necessary in the course of our representation;
• With professional advisors, partners, consultants expert witnesses and agents of the Firm to provide and administer our services;
• As part of a merger, acquisition or other corporate transaction;
• With law enforcement or a government agency, regulatory authority or court in response to any subpoena, court order or other legal demand, or to establish or protect our legal rights, property or safety; the rights, property or safety of others; or to defend against legal claims; and
• With other parties when we have your consent to do so.

IV. Your Privacy Rights and Choices

You may have certain rights with respect to your Personal Information, depending on the applicable data protection laws in your jurisdiction. These rights may include:

• Your Right to Request Access to Your Information/Right of Data Portability. You may have the right to request access to your Personal Information and, where technically feasible, request a copy of your Personal Information. You may also have the right to obtain information about how we process or disclose your Personal Information.
• Your Right to Correct Inaccurate Information/Right of Rectification. You may have the right to request that we correct any inaccurate or incomplete Personal Information we have about you. Please note that we may not be able to alter certain information depending on legal obligations or exceptions.
• Your Right to Request that We Delete Your Information/Right of Erasure. You may have the right to request that we delete your Personal Information. Please note that we may not be able to delete certain information depending on legal obligations or exceptions. See the Data Security and Retention section below for more information about why we may retain your information.
• Your Right to Limit the Use of Sensitive Personal Information. You may have the right to restrict how we use your Sensitive Personal Information. However, we do not process or disclose Sensitive Personal Information for reasons that are impermissible under applicable law.
• Your Right to Object to Processing. You may have the right to object to processing of your Personal Information where our legal basis for processing is that of our legitimate interest if you feel that your rights and freedoms are disproportionately impacted by the processing or if your information is processed for direct marketing purposes.
• Your Right to Restrict Processing. In some circumstances, you may have the right to obtain restriction of processing of your Personal Information if, for example, you contest the accuracy of the Personal Information in our systems. Please note that this right is subject to exceptions where processing is necessary to establish, exercise or defend legal claims, or where the processing is necessary to protect the rights of another natural or legal person.
• Your Right to Withdraw Consent. You may have the right to withdraw your prior consent to certain processing of your Personal Information.
• Your Right to Opt-Out of Marketing Communications. You may request that we not use your Personal Information to send you certain emails or other marketing communications. You may also unsubscribe from receiving marketing emails from us by clicking on the “Unsubscribe” link found in those emails. Please note that you may not be able to opt-out of all communications as we may need to send you information related to our client services.
• Your Right to Opt-Out of Sale or Sharing/Targeted Advertising. You may request to opt out of the “sale” or “sharing” (as defined by applicable laws) of Personal Information, as well as certain types of cross-context behavioral or targeted advertising based on information collected about you on non-affiliated websites, applications or services. However, we do not sell your Personal Information, nor do we share it with third parties for cross-context behavioral or targeted advertising purposes.
• Your Right to Non-Discrimination. We will not discriminate against you for exercising your privacy rights and choices.
• Your Right to Lodge a Complaint. We will endeavor to resolve any question or issue you address to us regarding your Personal Information. However, you may also have the right to lodge a complaint with your local supervisory authority. Residents of the UK may contact the Information Commissioner’s Office (https://ico.org.uk/). Residents of the European Economic Area (EEA) may find a list of supervisory authorities here.

Exercising Your Rights

If you would like to exercise any of these rights, please email us at . Residents of the EU and UK may also make a request through the Data Subject Request form. In order to protect your Personal Information, we may ask you to provide additional information to verify your identity. You may also have the right to submit a request to exercise your rights through an authorized agent, in which case your agent may be required to present signed written permission to act on your behalf. You may be required to independently verify your identity with us and confirm that you have provided authorization to the agent. You may have the right to submit an appeal if you are not satisfied with the outcome of your request. Please send appeals directly to .

Please note that with respect to Personal Information about you that we may have received from our clients, such as about their employees, customers or other third parties, our clients are responsible for facilitating the exercise of the rights listed above.

V. Notice to California Residents

Below is a description of the categories of Personal Information we may collect or receive about California residents. We primarily receive Personal Information as a service provider to our clients in the course of providing our legal services to them. However, we provide this notice for informational purposes that may be of interest to California residents.

Disclosures for a Business or Commercial Purpose. Mullen Coughlin has disclosed the categories of Personal Information in the above chart to our Service Providers for specific, limited business purposes, including the purposes listed in the How We Use Personal Information section of this Privacy Policy.

Selling or Sharing Personal Information with Third Parties. Mullen Coughlin does not “sell” or “share” any Personal Information as defined by the California Consumer Privacy Act (CCPA), nor do we engage in activities that constitute targeted or cross-context behavioral advertising.

Sensitive Personal Information. Mullen Coughlin does not process or disclose Sensitive Personal Information for purposes other than those that are permissible under applicable law. We do not collect, use or disclose Sensitive Personal Information to infer characteristics about individuals.

Personal Information Retention. Please see the Data Security and Retention section of this Privacy Policy for information about our data retention practices.

California “Shine the Light” Notice. California law requires us to inform California residents who have provided us with Personal Information that they may request information from us about our disclosures of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes.

VI. Cross-Border Data Transfers

Mullen Coughlin is a U.S.-based law firm comprised of offices in multiple jurisdictions. Details regarding our locations can be found at www.mullen.law. Your Personal Information may be collected by or transferred within our offices’ integrated computer networks in the United States and transferred to third parties in other countries that may not be subject to data protection laws similar to those in the jurisdiction in which information is provided to or received by us.

It may be necessary to transfer Personal Information from the EEA or the UK to an outside country to obtain access to our clients’ Personal Information to enable our provision of legal services and for related purposes as set out in this Privacy Policy.

If we transfer Personal Information (i) from within the EEA to countries located outside the EEA that have not received an adequacy decision from the European Commission or (ii) from the UK to countries that are not recognized as offering an adequate level of protection by the Information Commissioner’s Office, including within Mullen Coughlin offices and with our Service Providers, we implement adequate safeguards to appropriately protect such transfer of Personal Information, including on the terms of a valid data transfer agreement incorporating the European Commission’s standard contractual clauses or as permitted under applicable data protection laws.

You may ask for further information about the safeguards we use to protect the transfer of your Personal Information to countries outside of the EEA or the UK by contacting us at .

VII. Data Security and Retention

We take reasonable steps to protect the Personal Information provided to us. However, no method of transmission over the internet or method of electronic storage is 100% secure or error free. As such, we make no representation as to the efficacy or appropriateness of the technical, administrative and procedural measures we use to safeguard data.

Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes for which we collected it; as required to satisfy any legal, accounting or reporting obligations; or as necessary to resolve disputes. The criteria used to determine the applicable retention period for your Personal Information includes the length of time we have an ongoing relationship with you and provide services to you and our clients, and whether there is a legal obligation to which we are subject that requires us to retain your information.

VIII. Children’s Privacy

We do not intend to directly collect Personal Information from anyone we know to be a child under the age of 18, except as permitted by law in the course of providing our client legal services. If we learn that we have unknowingly directly collected or received Personal Information from a child under 18 other than in the course of representing our clients, we will make reasonable efforts to delete such information from our records. If you believe that we might have any information from or about a child under 18, we ask that a parent or guardian contact us at .

IX. Changes to this Privacy Policy

Please review the Effective Date at the top of this page to determine when this Privacy Policy was last revised.

From time to time, we may modify this Privacy Policy. If we make changes to this Privacy Policy, we will post the new Privacy Policy on this page with an update to the Policy’s effective date. We encourage you periodically to check this page for updates.

X. Contact Us

If you have any questions about this Privacy Policy or our Personal Information collection practices, please contact us at .

We endeavor to respond to general privacy inquiries within 30 business days or as otherwise required by law. Requests to opt-out from our marketing will be processed within 14 business days.

Individuals with disabilities who are unable to usefully access our Privacy Policy online may contact us at the above-listed contact information to inquire how they can obtain a copy of our Policy in another, more easily readable format. You may also choose to download a PDF version of this Privacy Policy via the link at the top of this page.