HFZ Privacy Notice

Hanley, Flight & Zimmerman, LLC (HFZ) is committed to protecting and safeguarding your personal data.

Our privacy notice explains your rights and provides information about how we process and safeguard your data.

Privacy Notice

1.         Introduction

Hanley, Flight & Zimmerman, LLC (HFZ), the respects your privacy and is committed to protecting your personal data.  We are similarly committed to being transparent about how that data is collected and used and to meet our data protection obligations.

This May 25, 2018 privacy notice reflects the changes to data protection law in the European Union (EU) due to the General Data Protection Regulation (GDPR) which came into force on May 25, 2018.  It sets out how the firm complies with GDPR and the legal basis under which we process your data in various instances.

2.         Purpose of this Privacy Notice

The purpose of this privacy notice is to inform you about how HFZ collects and processes your personal data when you interact with members of HFZ; this includes any data you may provide to us regarding inventors you work with or employees who work directly for you and reside in the EU or any personal data you provide when you apply for a role at HFZ, either via the HFZ website, or via other means such as by direct email.

To help you understand the meaning of some of the terms used in this privacy notice, we have provided a Glossary.

Please note that the HFZ website (https://hfzlaw.com) is not intended for children and we do not knowingly collect data relating to children.

3.         Data Protection Governance at Hanley, Flight & Zimmerman, LLC

This privacy notice is issued on behalf of Hanley, Flight & Zimmerman, LLC, so when we mention “HFZ”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant Limited Liability Company entity in Hanley, Flight & Zimmerman, LLC responsible for processing your data. HFZ is responsible for their website https://hfzlaw.com and is the data controller for all data shared through it.

We have appointed a Data Protection Team (reporting to the Managing Partners) to oversee compliance with data protection regulations.  If you have any questions about this privacy notice, including any requests to exercise your legal rights, please use the contact details below.

Data Protection Team
Hanley, Flight & Zimmerman, LLC
150 South Wacker Drive
22nd Floor
Chicago, Illinois 60606
Tel: 312.580.1020
hfzdataprotection@hfzlaw.com

4.         What we collect, how we use it, and supplementary privacy notices

We will only use your personal data when the law allows us to.  So that you are fully aware of how and why we are using your data, it is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you.

5.         Change of purpose

HFZ will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6.         Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, as listed below:

• request access to your personal data;
• request correction of your personal data;
• request erasure of your personal data;
• object to processing of your personal data;
• request restriction of processing your personal data;
• request transfer of your personal data; and
• right to withdraw consent

Further details of your rights can be found in the glossary at the end of this policy. The Information Commissioner’s website in the EU member state where you live also provides more detail on the legal rights of individuals in relation to the processing of their personal data. If you wish to exercise any of the rights set out above, or have any queries or concerns about our use of your data please contact our Data Protection Team using the details at section 3.

6.1.   What we may need from you when you exercise your legal rights

When exercising your legal rights above, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that requests are made by the individual themselves and that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.

6.2.   Fees and refusal to comply with requests

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee and/or refuse to comply with your request.

6.3.   Time limit to respond

We will respond to all legitimate requests within 30 days. If your request is particularly complex or you have made a number of requests and it is likely to take us longer than 30 days to respond, we will notify you of that and keep you updated as to progress.

7.         Your right to make a complaint

In addition to your legal rights set out above, you also have the right to make a complaint at any time to the Lead Supervisory Authority (LSA) or applicable regulator of the Member State of which you are ruled by. We are committed to protecting your personal data and would appreciate the opportunity to address any concerns or complaints you may have before you approach the LSA or applicable regulator so that we can remedy them.  Any concerns or complaints should be raised with the Data Protection Team in the first instance.

8.         Your duty to inform us of changes to your personal data

It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us.

9.         Data security and data breaches

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data by those agents, contractors and other third parties who have a business need to know; they will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data security incident. We will notify you and any applicable regulator of a suspected breach where we are legally required or it is appropriate to do so.

10. Applicant information

As part of our recruitment process, HFZ as data controllers, collect and process personal data relating to job applicants. We are responsible for deciding how we hold and use personal data about you. This policy sets out how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation.

10.1. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect, store and use a range of information about you in connection with your application for work with us. This includes:

• your title, name, address and contact details, including email address and telephone number;
• details of your qualifications, skills, experience and employment history;
• information about your current level of remuneration, including benefit entitlements (where specifically requested as part of the application process);
• information about your entitlement to work in the US; and
• any other personal data held within your resume and/or cover letter and academic transcripts or provided to us during an interview.

10.2. What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

10.3. How your personal data is collected and stored
We may collect your personal data in a variety of ways and from a variety of sources.

We collect personal data about candidates from the following sources:

10.3.1. You, the candidate, including data in application forms, resumes (collected via our online job applications or via the job opportunities listed on the HFZ website); obtained from your passport or other identity documents; or collected through interviews or other forms of assessment.

10.3.2. The recruitment agency through which you applied, namely your resume and cover letter.

10.3.3. Your academic institutions and named referees, from whom we obtain a standard reference.
We will seek this information from third parties only once we have made you a job offer and we will inform you that we are doing so.
We will store your personal data in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

10.4. How we use your personal data and the legal basis for doing so
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• where we need to perform the agreement we are about to enter into or have entered into with you;
• where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests; and/or
• where we need to comply with a legal or regulatory obligation.

10.5. Purposes for which we will use your personal data
We need to process data to take steps at your request prior to entering into an agreement with you.

In some cases, we may need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work in the US before employment starts.

We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We would process such information to carry out our obligations and to exercise specific rights in relation to employment law.

10.6. Who can access your data
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
It may be necessary from time to time for us to disclose your personal data to third parties or agents, including without limitation to the following:

(a) academic institutions and external employment check providers to assist in the administration, processing and management of certain activities pertaining to prospective employees including external reference agencies (such as employee vetting and screening agencies); and

(b) regulatory bodies to whom we are obliged or required to disclose information including, Courts and Court-appointed persons, and relevant government departments and agencies.

We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers and academic institutions to obtain references for you and with third party providers. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

10.7. International transfers
We do not currently transfer your personal data outside the US. Were we to do so, transfer would always be made subject to appropriate technical and legal measures.

10.8. How long we retain and use personal data of job applicants

a) Successful applicants
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment.

b) Unsuccessful applicants
If your application for employment is unsuccessful, we will hold your data on file for 12 months after the end of the relevant recruitment process so that we can consider you for any other opportunities that may arise. In addition, your personal data is retained for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with our data retention policy.

It is likely that we may wish to retain your personal data on file for further periods on the basis that a further opportunity may arise in future and we may wish to consider you for that. If so, we will write to you separately, seeking your explicit consent to retain your personal data for a further fixed period on that basis.

You can ask us to delete your data at any time. Please contact the HR team at recruiting@hfzlaw.com if you have any queries.

10.9. Candidate Responsibilities
You should use all reasonable endeavors to keep us informed of any changes to your personal data. If you become aware of a data breach or a potential data breach in respect of personal data please report the matter immediately to the Data Protection Team (hfzdataprotection@hfzlaw.com)

11.Client Information

HFZ collects, stores and processes personal data relating to client contacts and interests. HFZ is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

11.1. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

• Identity Data includes first name, maiden name, last name, username or similar identifier, title.
• Contact Data includes office address, email address and telephone numbers.
• Transaction Data includes details about payments to and from you and other details of services you have made in working with HFZ.
• Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Usage Data includes information about how you use our website and services.
• Intellectual Property Rights (IPR) includes details of Intellectual Property matters that you are linked to or that affect you.
• Biographical information derived from correspondence between us.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

11.2. How your personal data is collected and stored
We use different methods to collect data from and about you including through:

• Direct interactions: You may give us your identity and contact data by filling in forms or by corresponding with us in person, by post, phone, email or otherwise. This includes personal data you provide when you:

– apply for our services or provide instructions;
– request or are provided with advice; or
– give us some feedback.

• Client portals: You may give us your technical or personal data by logging onto, filling in forms or by corresponding with us via your client online portal. This includes personal data you provide when you:

–– view case details;
– provide instructions; or
– contact us.

• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:

– Intellectual Property Offices from around the global;
– other law firms or Intellectual Property specialists;
– patent searching databases

11.3. How we use your personal data and the legal basis for doing so

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

Please refer to the glossary to find out more about the types of lawful basis that we will rely on to process your personal data.

11.4. Purposes for which we will use your personal data
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

11.5. Cookies
You can set your browser to refuse all or some browser cookies if you access the HFZ website, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

11.6. Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table above.

• Internal Third Parties as set out in the Glossary.
• External Third Parties as set out in the Glossary.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

11.7. International transfers
We will transfer your personal data outside the European Economic Area (EEA) where necessary to ensure protection of your Intellectual Property Rights (IPR) in these areas. Transfer is always to be made subject to appropriate technical and legal measures.

11.8. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11.9. How long we will retain and use personal data of client contacts

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Glossary

Lawful basis

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Third parties

Internal third parties: Other companies in HFZ acting as controllers or processors.

External third parties:

• Service providers acting as processors based who provide IT and system administration services.
• Professional advisers and government bodies including lawyers, foreign associate, Intellectual Property Offices, law firms, bankers, auditors and insurers based who provide consultancy, banking, legal, insurance and accounting services.
• Regulators and other authorities acting as processors or joint controllers based in the United States who require reporting of processing activities in certain circumstances.

Your legal rights

You have the right to:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

| Home | Career | Contact | Privacy Policy |