Privacy Policy

Website Disclaimer

Please find below our first ever Privacy Policy! We’ve tried to make it as clear and concise as possible, since reading legal-ese isn’t fun (that’s why you hired us!). Ultimately, how we work together on a daily basis is unlikely to change. Having said this, it is important to us that – in a global, digital age - we are transparent with how we use your data. Thus, we wrote this Privacy Policy to set forth our practices regarding collecting, storing, processing, and disclosing any personal information that you may provide us.

  • Who We Are and What We Do

    Deborah A. Nilson and Associates, PLLC (the “Firm” or “DAN”) is a U.S.-based legal practice providing client services worldwide. Our Firm’s Data Protection Officer is Nathalie Gast. If you have any questions about the Firm’s use of your personal data, please contact her by any of the following means of communication:

    • Postal Address: 10 East 40th Street, Suite 3310 New York, NY 10016
    • Phone Number: 212-687-1155
    • E-Mail Address: dpo@nilsonlaw.com

    As a law firm, we serve you – the client. In order to best serve you, we need certain information. Our website – www.nilsonlaw.com (the “Site”) – is used to present the Firm’s philosophy, services, and the background of both the Firm and our lawyers. Further, the Site provides a means for us to collect your contact information so that we may communicate directly with you and fulfill any engagements we undertake.

    At no point does your use of our Site create an attorney-client relationship between you and the Firm.

    Data Location

    We are a global legal practice. Your information may be transferred out of your local jurisdiction or region. Data protection laws vary by country and those applicable in the USA and elsewhere are not equivalent to those applicable in – for example – the European Union or other jurisdictions. DAN will take steps to protect your information in line with locally applicable data protection requirements.

    Data Collection, Usage, and Justification

    Data Collection: Please note that all data is yours and exclusively yours. Where we rely upon your consent to process your personal data, you may – at any point – revoke your consent.

    To access the information contained on our Site, you do not have to submit any personal information. However, if you choose to provide such information to us by way of the “Contact Us” page on the Site (the “Contact Form”), you will have the choice of allowing us to follow up with you on specific matters, to provide you with information that you may be interested in, or to respond to your questions. If you grant us permission to send you information about our services, we and the companies operating on our behalf may use your data to send you this information.

    If you give us permission, we will collect the following data through the Contact Form (the “Contact Data”):

    • Contact Information: Your name (first and last), telephone (including mobile phone number where provided), and e-mail (including personal e-mail address where provided); and
    • Business Information: Company or organization name (if provided) and website (if provided).

    Should you choose to engage our lawyers to represent you for any legal matter (the “Representation”), we will store the following information (the “Contract Data”):

    • Contact Information: Your name (first and last), telephone (if included, including mobile, business, or personal phone numbers), postal address, e-mail address (including personal e-mail address where provided), and language preferences;
    • Business Information: Company or organization name, website, postal address, billing contact details (including person to whom invoice will be sent and their e-mail address)

    DAN may also collect information you choose to provide in communications with us. Please do not send us confidential information until we have confirmed in writing that we represent or act for you or your company or organization. Unsolicited e-mails from non-clients do not establish a lawyer-client relationship. They may not be privileged and, therefore, may be disclosed to others.

    Further, if the Representation requires payment, we will request your credit card information and/or banking and wiring information. We do not store your credit card details. In fact, your credit card information never passes through our website or systems – we manually input these details into our payment vendor’s system. Once these details are in our payment vendor’s system, we no longer have access to your payment details. Thus, we do not store these details anywhere within our own systems, nor do we have access to your payment details after payment is captured.

    Data Usage: Any and all data you provide to us – whether it be through the Contact Form, by e-mail to a DAN attorney during any Representation of you or your company, payments made to the Firm, or any electronic communications sent to the Firm – is used in an effort to effectively communicate directly with you, to run our business, to process your requests, and to provide you with the services you desire, including representing our clients. Your personal data will be stored in our server. Additionally, we may share your information with third parties to complete your purchase of services and to aid in the running of the Firm. The extent to which we use and share your information depends upon the nature and purpose of the data itself.

    Some of the Firm’s uses of your data include:

    • Service Provision: Providing legal advice and services;
    • Business Relationship: Managing and administering our relationship with you, your company or organization, including keeping records about business contacts, services and payments so we can customize our services for you, developing our relationship via marketing and promotional campaigns;
    • Communication: Sending e-mails, newsletters and other messages to keep you informed of legal developments, market insights and our services;
    • Events: Running legal briefings, roundtables, and other events;
    • Regulatory: Compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements;
    • Managing Suppliers: Providing the relevant information our third-party suppliers need to deliver services to us; and
    • Legitimate Interests: To pursue the legitimate business interests listed in the “Data Justification” section of this policy, below.

    Data Justification: We will process your personal data for a number of reasons:

    • Consent: You have given us consent. For example, where you share details for particular purposes or by submitting your personal information via the Site;
    • Necessary for Legal or Regulatory Obligations: The Data Processing is required to comply with legal or regulatory obligations. For example, you are being audited by the Department of Labor;
    • Necessary for Legal Claims: Should you engage the Firm, processing is required to represent you as a client;
    • Legitimate Business Interests: Provided that our Legitimate Business Interests do not override or infringe upon any interests or rights that you have as a data subject, we may use your data to pursue our Firm’s legitimate business interests. We have legitimate business interests in:
      • Providing legal services;
      • Managing and/or developing our business;
      • Understanding and responding to inquiries and client feedback;
      • Understanding how our clients use our services and the Site;
      • Identifying what our clients want and developing and/or managing our relationship with you, your company or organization;
      • Improving our services and offerings;
      • Enforcing our terms of engagement and website and other terms and conditions;
      • Developing relationships with business partners;
      • Ensuring debts are paid; and
      • Operating suppressors to exclude you from direct marketing if you unsubscribe;

    Content Copy, Reproduction and Usage. Any reproduction, entire or partial, of the text and/or images published on the Site by DAN is subject to prior authorization from the following e-mail address: info@nilsonlaw.com.

    Third Parties

    Third Parties. When engaging the Firm, we may need to provide your information to different third-party companies that help us with various aspects of the operation of our business, including the design and maintenance of our systems, the development, promotion, marketing, sale, and distribution of our services, the maintenance of our computer security, and other business-related support-functions. We will not authorize these third-parties to use your information for any purpose not related to our business and such third parties shall be under strict requirements to protect the privacy of your information consistent with this Privacy Policy.

    We share your information with the following third-parties:

    • Suppliers: who support our business, including IT and communication suppliers, outsourced business support, and marketing services. Our suppliers must meet minimum standards as to information security and will only be provided data in line with their function;
    • Law Enforcement Bodies and Our Regulators: Or other competent authorities in accordance with legal requirements and/or good practice;
    • Your Company or Organization: In relation to us providing legal services; and
    • Screening Service Providers: So that we can comply with legal obligations.

    Third-Party Sites. Our Site may – from time to time – contain links to other websites. DAN is not responsible for the privacy practices or the content of these sites, and the treatment of your personal data by such websites is not our responsibility. You will need to check the policy statement of other websites to understand their policies. Clients and visitors who access a linked site may be disclosing their private information. It is your responsibility to keep such information private and confidential. The inclusion of any link on DAN’s Site does not indicate or imply any endorsement by DAN of the hyperlinked sites. In addition, the privacy policies and procedures outlined here do not apply to those sites. You understand that you are linking to these other sites at your own risk. You should contact those sites directly for information on their privacy policies and data collection and usage procedures.

  • Your Rights and Access to Your Data

    If you wish to contact us about your personal data – for any reason – please contact us at: dpo@nilsonlaw.com.

    The European Union’s General Data Protection Regulation (the “GDPR”) and other countries’ privacy laws may provide you, the data-subject, with certain rights. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office. However, for your convenience, please find below some of these rights. Please note that some of these rights will only apply in certain circumstances.

    • Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data, including asking which categories of your personal data we store and/or use.  This enables you to receive a copy of the personal data we hold about you and certain other information about the data;
    • Purpose: you are entitled to understand the purpose of our processing of your personal data;
    • Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you be corrected or rectified;
    • Origin: if you didn’t provide your personal data to us directly, you may ask us about the origin of your personal data. Said differently: you may ask us where DAN obtained your personal data;
    • Duration: you may ask us how long your personal data will be stored in our database;
    • Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are certain exceptions where we may refuse a request for erasure; for example, where the personal data is required for compliance with law or in connection with claims;
    • Restriction: you are entitled to ask us to suspend the processing of certain of your personal data; for example, if you want us to establish its accuracy or the reason for processing it;
    • Transfer: when technically feasible and not prohibited by law, you may ask us to help you transfer certain of your personal data to another party. If access cannot be provided within a reasonable time- frame, DAN will provide you with a date when the information will be provided. If – for some reason – access is denied, DAN will provide an explanation as to why access has been denied; further, you may ask us who else outside of DAN might have received your personal data;
    • Objection: where we are processing your personal data based on a legitimate interest (or those of a third-party), you may challenge this legitimate interest.  However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
    • Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered; and
    • Consent: where we are processing personal data with your consent, you can withdraw your consent.

    Third-Party Sites. Our Site may – from time to time – contain links to other websites. DAN is not responsible for the privacy practices or the content of these sites, and the treatment of your personal data by such websites is not our responsibility. You will need to check the policy statement of other websites to understand their policies. Clients and visitors who access a linked site may be disclosing their private information. It is your responsibility to keep such information private and confidential. The inclusion of any link on DAN’s Site does not indicate or imply any endorsement by DAN of the hyperlinked sites. In addition, the privacy policies and procedures outlined here do not apply to those sites. You understand that you are linking to these other sites at your own risk. You should contact those sites directly for information on their privacy policies and data collection and usage procedures.

    If you want to exercise any of these rights, please contact Nathalie Gast, the Data Protection Officer in writing at the relevant e-mail address, listed at the beginning of this section. Additionally, note that in many countries you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about why DAN processes your personal data. Any complaint you would like to lodge may be submitted to either the European Union Member-State in which you reside or where an alleged infringement of Data Protection law has taken place.

    DAN may send you periodical emails concerning your account for administrative purposes, or to inform you of any changes to the services offered by the Firm.

    Direct Marketing: As described above, you can opt-out of receiving direct marketing from us at any time.

    However, if you fill-out the Contact Form and submit personal data through the Site, we may use the information you give us for direct marketing purposes to provide e-mails, newsletters, and other messages to keep you informed of legal developments, market insights, and of our services.

    You can opt-out of receiving direct marketing from us at any time. You can do this by clicking the “unsubscribe” link included at the end of any marketing e-mail we send you, or by contacting the DPO.

    Data Security

    Notice About Internet Security. We will hold your information securely in line with physical, technical, and administrative security measures. We take precautions to safeguard your information, including the use of electronic security technology. However, please be aware that there is always some risk involved when submitting data over the internet. We cannot guarantee that the information you submit is fully protected against “hackers” or illegal tampering. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your transmitted information and any transmission is at your own risk. Please be assured, however, that once DAN receives your information, your data receives the same protections that DAN extends to its own.

    Data Warehousing Timeframe

    We generally keep your information as needed to provide our legal services and to deal with claims. This will depend on a number of factors, such as whether you or your company or organization are an existing client or have interacted with recent client mailings. We will retain your information as necessary to comply with legal, accounting, or regulatory requirements.

    Personal Data About Others

    In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders, beneficial owners, or employees). You must ensure that you have given those individuals appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.

    Children

    We do not knowingly collect information from children or other persons who are under 16 years of age. If you are under 16 years old, you may not submit any personal data to us.

    Privacy Policy Changes

    Changes in Our Privacy Policy. We will only use personally identifying information in the manner described in the Privacy Policy in effect when the information was collected from you. However, we may change this Privacy Policy from time to time. If we make any important changes to this notice (the information we collect, how we use it, or why) we will notify you by revising the “Last Update” date at the bottom of this Privacy Notice and, in some cases, we may provide you with additional notice (such as adding a statement to our home page or sending you an e-mail notification). If there are material changes to this Privacy Policy, we will notify you more directly by e-mail or means of a notice on the home page prior to the change becoming effective.

    How to Contact Us

    If you would like more information about the way we manage the personal data that we hold about you, please contact us by using the contact information set out at the top of this notice.

    Last Update

    This Privacy Policy was last updated on September 18, 2018.

Contact Us

10 East 40th Street
Suite 3310
New York, NY 10016

Phone: (212) 687-1155

Facsimile: (212) 687-1118