Frost Brown Todd LLC GDPR Privacy Notice

Last updated July 31, 2018

Frost Brown Todd LLC is a U.S. based law firm that serves U.S. clients as well as clients located in the European Union and other countries. This GDPR Privacy Notice explains how we collect, store, use and delete personal data of data subjects that have been granted rights under the General Information Protection Regulation and other associated national laws of such countries located in the European Economic Area (“GDPR”). This personal data may be from individuals whom we are serving as clients or persons employed by businesses who are our clients, business associates or service providers.
We may update this Privacy Notice from time to time.
For information on our practices concerning non-EU personal data, please see our Website Privacy Policy.

Our Contact Details

Our Privacy Officer is Jane H. Shea, email privacyoffice@fbtlaw.com.
If you wish to contact us about this Privacy Notice, our postal address is 3300 Great American Tower, 301 E. 4th Street, Cincinnati, Ohio 45202, USA, Attention: Privacy Officer.
Telephone: 513-651-6800. Please request to speak to our Privacy Officer.
Website address: www.frostbrowntodd.com

Who We Are

Frost Brown Todd is a full-service law firm that provides legal and other client services (“Services”). We collect your personal data when you use our Website or when individuals or businesses engage with us or use our Services. We also collect personal data about individuals as a result of providing the Services to third parties. This Privacy Notice applies whenever such personal data is subject to the GDPR.

What Information Do We Collect?

We collect data you give us when your request our Services, such as:

In the case of some services, such as advice and counsel on estate planning and taxation, or assistance with patent prosecution, we will ask you to provide us with:

If we are providing you with immigration services, we also collect your sensitive data, such as health data, race, and national origin. We collect data about your preferences when you complete survey responses or otherwise communicate with us about your attendance at our functions or information such as legal updates that we provide to you. We collect technical data about you, including the type of device (and its unique device identifier) that you use to access our website, your IP address, browser type, time zone setting, and operating systems.

Other Sources of Your Data

We sometimes obtain your personal data from third parties, such as your employer in relation to our provision of Immigration Services, third parties we work closely with, including family members, referral sources, or parties to a transaction in which you or your employer or family member is a party or is otherwise involved. Technical data is provided to us by service providers of technology, payment and delivery services, website analytics providers, and consumer reporting companies.

Why We Collect Your Information

We collect your data because:

What is the Legal Basis and Purpose for Holding Your personal data?

Purpose of Processing Legal Basis for Processing

As part of new client onboarding procedures, we process your personal data to verify your identity, to perform conflict of interest searches.

To prevent misconduct, abuse and misuse particularly as regards illegal activities and suspected fraud

To perform a contract for our Services to which you are a party (an engagement).

 

For compliance with legal obligations to which we are subject, such as professional ethics obligations, US and EU governmental regulations, and to enforce or defend our legal rights


To carry out your requests for our Services, to comply with our legal obligations, to enforce our agreements with you, to perform the Services, to respond to RFPs, and to identify business opportunities Legitimate interests:
to develop and grow our business and Services and promote FBT, to respond to an RFP or a specific request in anticipation of a contract for our Services (an engagement)
To investigate or settle inquiries or disputes, to obtain payment in accordance with our agreement with you

To perform a contract to which you are a party.

For compliance with legal obligations to which we are subject, such as professional ethics obligations, US and EU governmental regulations, and to enforce or defend our legal rights

To enable us to perform the Services, to process business transaction data such as in connection with a merger or acquisition To perform a contract to which you are a party.
To perform certain services such as Immigration Legal Services With your consent
To send you legal updates and news, or to otherwise contact you about those of our Services we think may interest you, by email Legitimate interest – to develop and grow our business and Services and promote FBT
To better understand how you and others use our Services, so that we can improve our Site and Services, and for other research and analytical purposes.  Legitimate interest – to ensure that we provide the best services and to develop and grow our business and Services and promote FBT

When we rely upon our legitimate interests for processing your data, we will balance those interests against your privacy rights and will not use your personal data where the impact on you would override your rights, unless we are otherwise permitted by law to process your personal data, e.g., where you consent.

How long do we keep your personal data?

We will keep your personal data on an ongoing basis in accordance with the table below, or as otherwise required by applicable laws and regulations.

Additionally, we will retain your personal data according to the following schedule:

Type of Data Retention Period
Contact Information So long as we have a legitimate interest to inform you of our services
Client Files Depending on the state where we provided the Services we keep your files for a minimum of 10 years following termination of our contractual relationship or closure of the matter, and longer periods for environmental and intellectual property matters. We need to keep records for this period for regulatory compliance and to ensure our records are adequate for the purposes of obtaining insurance to protect our clients and other parties.
Employment Applications and Resumes, Human Resources files 6 years after employment relationship has terminated, or 30 days from the date of conclusion of the application for non-successful non-attorney candidates and 4 years for attorney candidates.
Website Data 26 months
On-client Health Records, Race, National Origin, and other sensitive data Until our contractual relationship has terminated.

We are required to retain certain client confidential and personal data in accordance with the law, such as data needed for income tax and audit purposes. How long certain kinds of personal data should be kept is also governed by specific business-sector requirements and agreed practices. We generally retain files and data regarding client engagements and matters for which we have been retained for at least 10 years from the date of our last interaction with the relevant client or the date the matter was closed in our systems, in compliance with our obligations under applicable laws, professional ethical obligations, or for longer where required to protect our legal rights and interests or those of others.]

Your Data Privacy Rights

You have important rights that you may exercise to protect your personal data. You may access those rights at any time by contacting us at privacyoffice@fbtlaw.com

You have the following rights concerning your personal data that we hold and process that you can exercise at any time:

Please note: we will not be able to delete data that is required to maintain our business purpose or that is required to facilitate your contract with us. All the above requests will be forwarded on to other parties holding and processing your data where appropriate.

We may require that you verify your identity by a process we will communicate to you at that time.

Under what circumstances will FBT contact me?

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the data you provide will be subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure. 

Consent

For certain types of sensitive data, we have asked for your consent to use the data for certain described purposes at the time you provided it. You may withdraw your consent at any time.

When you give us your consent, you are giving us permission to process your personal data specifically for the purpose identified in the consent request. Where we ask you for additional personal data, we will obtain your consent to our proposed use of that data where required, and always tell you why and how the data will be used.

You may withdraw consent at any time by sending an email or letter to our Privacy Offices.

Sharing with Third Parties

We may pass your personal data on to trusted third-party service providers contracted by FBT to perform certain services for us, or to collaborate directly with you.  

Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the purposes and to complete the tasks identified within the FBT/Contractor contract. When they no longer need your data to fulfil this service, they are required to dispose of the details in line with FBT’s procedures.

International transfer of personal data

FBT may transfer your personal data within FBT and/or to other third parties, such as our third-party service providers. Your personal data may be transferred to, stored, and processed in a country other than the one in which it was collected. This may include the United States. When we do so, we transfer the data in compliance with applicable data protection laws. In particular, we have implemented safeguards in the form of an Information Sharing Agreement that uses the standard contractual clauses adopted by the European Commission. The safeguards ensure compliance with the data protection requirements of the GDPR as well as your rights appropriate to the processing of your personal data. You can obtain a copy of the standard contractual clauses by contacting our Privacy Officer.

Safeguarding personal data

We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse and alteration of the data under our control. In addition, we limit access to your personal data where appropriate to those persons within FBT and third parties who have a business need to access your data. They will only process your data in accordance with our instructions and are subject to a duty of confidentiality. In certain cases, we have given you access to your personal data by means of a login and password. You are responsible for keeping this password safe and secure.

Unfortunately, we cannot and do not guarantee or warrant the security of any data you disclose or transmit to us online and we are not responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable data.

Questions and Problems

If you wish to raise a complaint on how we handle your personal data, you can contact our Privacy Officer as follows:If you wish to raise a complaint on how we handle your personal data, you can contact our Privacy Officer as follows:
By Email: privacyoffice@fbtlaw.com
By Postal Mail: Privacy OfficerFrost Brown Todd LLC3300 Great American Tower301 E. 4th StreetCincinnati, Ohio 45202
If you are not satisfied with our response you can complain to the data supervisory authority for the country in which you reside.

Top