Privacy Policy

This Privacy Policy was last updated on, and is effective as of, May 22, 2018

This Privacy Policy explains how we, Smith, Gambrell & Russell, LLP and Smith, Gambrell & Russell International, LLP use any Personal Data (as defined below) we may collect from clients and other third parties when you interact with Smith, Gambrell & Russell, including through our website and its web pages at www.sgrlaw.com (the “Website”), as well as other matters concerning such Personal Data, including certain rights you have under applicable law. It also explains how to contact us if you have any questions about your Personal Data or other matters addressed in this Privacy Policy. Additional contractual and ethical terms relating to the handling of Personal Data may also apply to persons who are clients of ours.

We review our policies regularly and any changes to this Privacy Policy will be posted on this page and we will update the effective date noted above of this Privacy Policy.

Entities Covered

This Privacy Policy covers Smith, Gambrell & Russell, LLP, a limited liability partnership established in accordance with the laws of the state of Georgia, U.S.A., which has offices in the United States, including at Promenade, Suite 3100, 1230 Peachtree Street N.E., Atlanta, GA 30309 U.S.A., as well as Smith, Gambrell & Russell International, LLP, a limited liability partnership organized under the laws of the state of Delaware, U.S.A., which operates in the United Kingdom and is authorized and regulated by the Solicitors Regulation Authority (with SRA ID 634120). Smith, Gambrell & Russell International, LLP is a subsidiary of Smith, Gambrell & Russell, LLP. The two firms work together as a closely integrated international network but are separately constituted and separately regulated legal entities which provide legal and other client services in accordance with the relevant laws of the jurisdictions in which they respectively operate, and each of such entities is a data controller as to the Personal Data collected by it. In addition, because the Smith, Gambrell & Russell entities covered by this Privacy Policy are providers of legal services, any disclosures or other practices addressed in this Privacy Policy are subject to those ethical rules and guidelines to which such entities (and their legal professionals) are subject as providers of legal services.

Registered Data Controller in the UK

Smith, Gambrell & Russell International, LLP is a registered Data Controller under the terms of the United Kingdom Data Protection Act 1998. Details of Smith, Gambrell & Russell International, LLP’s notification to the regulator for data protection, may be found in the Information Commissioner’s Office Public Register of Data Controllers at https://ico.org.uk under registration number ZA 377800.

Information Collected and How We Use It

When you engage us or sign up for any of Smith, Gambrell & Russell’s services, including our legal services, newsletters, bulletins, seminars and other events and communications, or when you use our Website, we may collect and process your name, address, telephone number and email address and other information about you from which you can be identified (collectively, “Personal Data”).

We will store and use your Personal Data for purposes of administering and maintaining our relationship with you and providing services or information to you as instructed by you or as otherwise allowed by applicable law. We may separately contact you for the purpose of providing you with other information which we believe may be of interest to you. However, we will not initiate such contacts with you solely as a result of your having accessed our Website, unless you have affirmatively given your consent to such contacts during one of your visits to our Website. Also, where applicable under local laws, we will not use Personal Data for marketing purposes unless we have obtained your prior consent.

Legal Bases for Processing Personal Data

When processing your Personal Data, we may rely on one or more of the following legal bases (or other available legal grounds), depending on the circumstances:

  • Legitimate Interests – We may Process your Personal Data where we have a legitimate interest in such processing for managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights or freedoms.
  • Consent – We may process your Personal Data where we have obtained your consent to the processing.
  • Contractual Necessity – We may process your Personal Data where such processing is necessary in connection with any contract we have with you.
  • Legal Requirements – We may process your Personal Data where such processing is required by applicable law.

Google Analytics

Our Website makes use of Google Analytics, a web service of Google Inc. (“Google”). Google Analytics makes use of cookies, which are text files that are being saved on your computer to allow an analysis of your usage of the Website. The data created by this process are being processed to the Google servers in the United States and will be saved at the same place. Where anonymous Internet protocol (“IP”) addresses are used to access the Website, the IP address will be transferred to the US and then have the final digits deleted. Google will use this information only as instructed by us to evaluate your usage of the Website and to file reports about the activity on the Website and to provide further services to us as the operator connected to the Website. Your IP address, as so evaluated, will never be connected to other Google data. You are free to disagree to the usage of your IP address in this manner by disabling cookies — see the section entitled “Our Use of Website Cookies” below. Please note that disabling cookies may impair or prevent the operation of certain functions and features of the Website.

Our Use of Website Cookies

What are cookies and how do we use them?

A “cookie” is an element of data that a website can send to your browser, which may then store it on your system. In general, cookies help identify you through your device’s IP address, without collecting personal information about your identity. Our intention when using cookies is to enable more user SGR/18502451.3 friendly, efficient and safe visits to our Website; we use cookies to authenticate you as an authorised user, to provide you with safe restricted access areas, to remember you so that when you come back to our Website you do not need to enter your information again, and to understand what brought you to our Website and what pages you visited.

What Types of Cookies Do We Use?

We may use three types of cookies on the Website:

  • Session cookies – these are temporary cookies that remain in the cookie file of your browser until you close the browser. Our Website uses a session cookie which is stored in your browser until you close it to ensure connections to our servers are distributed evenly to provide optimal performance.
  • Persistent cookies – these remain in the cookie file of your browser for longer than the time you are visiting the relevant website. We need to use a cookie to remember your refusal of our use of cookies. This cookie does not store any other information and is not used for any other purposes. If you delete your browsing history including cookies you will delete this cookie and will therefore need to click to refuse our use of cookies again.
  • Analytical cookies – our Website uses third-party cookies, such as Google Analytics cookies (third party cookies) for the following purposes:
    • a cookie to record the time of your first visit to the Website, the time of your most recent visit to the Website and the time of your current visit;
    • a cookie to record which page(s) you visit on the Website;
    • a cookie to record how long you stayed on the Website; and
    • a cookie to record how you located the Website (e.g., Google search, keyword, link from other page, etc.). We only share the information obtained through the use of Google Analytics with Google. For more information on Google’s use of your information, please see the section above captioned “Google Analytics” in this Privacy Policy. The cookies we use for these purposes do not track your Internet usage after leaving our website and do not store your personal information. They will not be used in connection with any other information to identify you in any way.

Disabling Cookies

If you wish, you can adjust your browser so that your computer does not accept cookies:

  1. Go to the heading “Manage Cookies” and click onto the option you prefer, either stopping cookies being installed, or notifying you of them; and
  2. From the list provided, click onto the program which your computer uses; if this is not shown on the list, click on the “help” heading on the bar at the top of the page, search for information on “cookies” − an explanation of how to delete cookies will appear, then follow the instructions.

Alternatively, you can adjust your browser to tell you when a website tries to put a cookie on your computer.

How you adjust your browser (to stop it accepting cookies or to notify you of them) will depend on the type of internet browser program your computer uses. You can follow the appropriate instructions for your specific browser type by clicking onto this link: http://aboutcookies.org/how-to-controlcookies/ (please note that this link will open a new window and will lead to an external website and that we are not responsible for the content of external websites).

How to Disable Third Party Cookies

Users based in the European Union can visit http://youronlinechoices.eu/ to opt out of these third party cookies. The foregoing website is not connected to us and we are not responsible for its content. We only keep cookies for the duration of your visit to the Website, except in the case of cookies which remember you for future visits or where you save your login name as referred to above.

Further Information About Cookies

If you wish to find out more about cookies, please click on this link: www.allaboutcookies.org (please note that this link will open a new window and will lead to an external website and that we are not responsible for the content of external websites).

Cookies do not contain confidential information such as your home address, telephone number or credit card details. If you do choose to disable cookies, you may find that certain sections or functions of our Website may be impaired or may not work properly.

Disclosures to Third Parties

Your Personal Data will not be disclosed to third parties except for where it is necessary for fulfillment of our obligations to you or where we are obliged or permitted to do so by law (including, without limitation, through the terms of any retainer or engagement agreement we may have with you), or where we make disclosures that are otherwise consistent with the uses described in this Privacy Policy.

We may also disclose any information (including Personal Data) relating to you to law enforcement authorities or any regulatory or government authority in response to any request including requests in connection with the investigation of any suspected illegal activities.

We reserve the right to transfer any Personal Data we have about you in the event we sell or transfer all or a portion of our business or assets, or merge with another organization. Should such a sale, transfer or merger occur, we will use reasonable efforts seeking to require that the transferee uses Personal Data you have provided to us in a manner that is consistent with this Privacy Policy.

We will not sell, resell or lease your Personal Data to any third parties but we may, if required for the purpose(s) for which your Personal Data was collected and processed, share it with our partners and/or service providers to enable them to provide their services to us or to you, as applicable. The foregoing are in addition to the other uses described elsewhere in this Privacy Policy.

Security of Personal Data

Smith, Gambrell & Russell has policies and technical and organizational measures in place which are intended to safeguard and protect your Personal Data against unauthorized access, accidental loss, improper use, and disclosure. However, you should be aware that when data is transmitted over the SGR/18502451.3 internet it is not completely secure because of the nature of the internet and that systems and measures used to secure data are not flawless. For these reasons, although we will use reasonable efforts to protect your Personal Data, we do not warrant the security of Personal Data transmitted to us or stored by us, and Personal Data that is transmitted to us by you electronically is done at your own risk.

Transfer and Use of Personal Data Outside the European Union

Personal Data provided to Smith, Gambrell & Russell International, LLP by its clients or other persons contacting Smith, Gambrell & Russell International, LLP is protected by certain privacy and data protection laws and regulations of the United Kingdom and the European Union. Personal Data provided to Smith, Gambrell & Russell, LLP by clients of its Munich office or other residents of Germany contacting Smith, Gambrell & Russell, LLP is protected by certain privacy and data protection laws and regulations of Germany and the European Union.

In order to provide clients and other residents of the European Union with requested products and services, Smith, Gambrell & Russell may need to transfer the Personal Data of such persons to service providers or other third parties based in countries outside the European Union or to our overseas affiliates, partners or offices. This does not diminish the rights of those whose Personal Data we have collected. Both Smith, Gambrell & Russell, LLP and Smith, Gambrell & Russell International, LLP take reasonable technical and organizational measures to ensure that any Personal Data of such persons transferred outside the European Union will be treated securely and in accordance with this Privacy Policy.

Retention of Personal Data

Our policy is to retain your Personal Data only for as long as is necessary to fulfill the purposes for which we collected such Personal Data, including for the purposes of satisfying any professional, legal, accounting or reporting requirements to which we are subject. To determine the appropriate retention period for Personal Data, we consider the scope, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the purposes for which we collected and process your Personal Data and whether we can achieve those purposes through other means, and any applicable legal and professional requirements.

Rights of European Union Citizens

If you are a citizen of the European Union, you have a number of rights concerning your Personal Data that we hold and use, including the following:

  • Right of Access – You have the right to be informed about what Personal Data we hold about you and to a copy of this Personal Data.
  • Right to Rectification – You have the right to have any inaccurate Personal Data which we hold about you updated or corrected.
  • Right to Erasure – In certain circumstances you may request that we delete the Personal Data that we hold on you.
  • Right to Complain – You have the right to lodge a complaint regarding the processing of your Personal Data to an applicable governmental or supervisory authority in your country. SGR/18502451.3
  • Right to Withdraw Consent – Where processing of Personal Data is based on your consent, you have the right to withdraw such consent at any time.
  • Right to Object – Where we rely on our legitimate interests to process your Personal Data, you have the right to object to such use and we are required to discontinue such processing unless we can demonstrate an overriding legitimate interest in such processing.
  • Right to Restriction – You have the right to request that we stop using your Personal Data in certain circumstances including if you believe that the Personal Data we hold about you is inaccurate or that our use of your Personal Data is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing until the issue is resolved.

You may exercise any of the above requests in writing and addressed to either Ben Graham-Evans at bgraham-evans@sgrlaw.com or Brett Lockwood at blockwood@sgrlaw.com.

In addition, all recipients of marketing communications from us are free at any time to request that we stop using your Personal Data for marketing purposes, by contacting our Marketing Department at sgrcommunications@sgrlaw.com.

Links to Other Websites

When using our Website there may be links to other websites and these are provided merely for your convenience and do not imply endorsement by us of the content or provider. Such other websites and their operators may use cookies, collect data and use the collected data in ways that are different from the way in which we use the information collected through our Website. When visiting another website from a link on our Website, you should read the other website’s privacy policy to make certain that the manner in which information is collected and used on such other website is acceptable to you.

E.U. Data Protection Officers and Representatives

Ben Graham-Evans in our London and Southampton offices is designated as our Data Protection Officer in the European Union and his email address is bgraham-evans@sgrlaw.com.

Dr. Markus Bahmann in our Munich office is our designated representative for German privacy-related matters not otherwise covered under the European Union’s General Data Protection Regulation and his email address is mbahmann@sgrlaw.com.

Contact Information

If you have any comments or questions about this Privacy Policy or our data protection and privacy practices, please contact Brett Lockwood, Partner, at blockwood@sgrlaw.com, or send a letter, addressed to: Smith, Gambrell & Russell, Attn: Data Protection and Privacy Practices / Brett Lockwood, Suite 3100, 1230 Peachtree Street, NE. Atlanta, Georgia 30309 USA.

Updates to Our Privacy Policy

We may update or change this Privacy Policy from time to time and without prior notice to you. We will SGR/18502451.3 post a prominent notice on the Website to notify you of any significant changes to our Privacy Policy and indicate in the policy when it was most recently updated.

Additional Notices for California Residents Related to Our Website

  • California Do-Not-Track Disclosure. At this time, the Website is not set up to honor web browser do-not-track settings.
  • Information on Marketing Disclosures. California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at Smith, Gambrell & Russell, Attn: Data Protection and Privacy Practices, Suite 3100, 1230 Peachtree Street, NE, Atlanta, Georgia 30309.
  • Content Removal Requests for Users Under 18 Years Old. If you are a user under 18 years of age and reside in California, you may request and obtain removal of, content or information that you have posted on the Website. You may send us any such requests by one of the following methods: (i) by email (writing “Privacy Policy – Removal Request” in the subject line) at sgrcommunications@sgrlaw.com; or (ii) by writing to us at Smith, Gambrell & Russell, Attn: Privacy Policy – Removal Request, Suite 3100, 1230 Peachtree Street, NE, Atlanta, Georgia 30309. We will review the request and respond promptly. You should be aware that a request to remove content or information posted by you on the Website does not ensure or require complete or comprehensive removal of such content or information from our databases.