Privacy Statement

Gibney, Anthony & Flaherty, LLP
Statement of Privacy

1. Introduction

At Gibney, Anthony & Flaherty LLP (“Gibney”) the privacy and security of our website visitors, prospective clients, clients, suppliers and other third parties that we communicate with in the course of our business are of paramount importance. Gibney is committed to dealing with your personal data responsibly and in accordance with the requirements of applicable data protection laws, including the European Union’s (“EU”) General Data Protection Regulation (“GDPR”).

This Statement of Privacy applies to the Gibney website (the “Gibney Website”) and all correspondence to or from gibney.com email addresses (“Gibney Email”) as well as to all other information that is collected when you contact or request information from us, engage us to provide legal services or as a result of your relationship with any member of our personnel or our clients. It sets forth the basis upon which we will collect, store and process any Personal Data that we collect from Data Subjects.

By continuing to use the Gibney Website or correspond with Gibney Email, you are giving us permission to process your Personal Data specifically for the purposes identified herein.

You may withdraw your consent at any time to processing your Personal Data in accordance with this Statement of Privacy by sending notice to dataprivacy@gibney.com.

Nothing in this Statement of Privacy should be construed to create an attorney-client relationship with visitors to the Gibney Website or with third parties whom we correspond via Gibney Email until a formal engagement is undertaken. Information supplied to us in the course of an attorney-client relationship may be protected by confidentiality, attorney client privilege, the attorney work product doctrine and other similar protections. This Statement of Privacy does not detract from the protections for such information.

2. Glossary of Terms.

Data Controller“: the person or organization who decides the purposes for which and the way in which any Personal Data is processed. Gibney is the Data Controller for all Personal Data used in our business for our own commercial purposes.

Data Processor“: a person or organization which processes Personal Data for the Data Controller.

Data Processing“: any operation or set of operations performed upon Personal Data, or sets of it, be it by automated systems or not, including, but not limited to, collection, recording, organizing, structuring, storing, retrieving, consulting, using, disclosing by transmission, disseminating, erasure or destruction.

Data Subject“: an individual about whom we hold Personal Data.

EU“: European Union.

GDPR“: General Data Protection Regulation (EU) 2016/679.

Personal Data”: information that can be used to directly or indirectly identify an individual.

3. The Information We Collect.

Gibney collects the following Personal Data:

  • Basic identifying information, such as your e-mail address, name, home or work address, telephone number, the company you work for and your job title or position.
  • Records and copies of your correspondence (including your e-mail address), if you correspond with Gibney Email.
  • Anonymous demographic information through the website, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favorites.
  • Information about your computer hardware and software that is automatically collected. This information can include: your IP address, browser type, domain names, access times and referring web site addresses.
  • Other personal information provided to us by or on behalf of our clients or generated by us in the course of providing legal services to them.

4. Grounds on Which We Process Personal Data/How we use your Information.

We process Personal Data on one or more of the following grounds:

  • We have your consent;
  • It is necessary for the performance of a contract with a Data Subject or to take steps preparatory to such a contract;
  • It is necessary for compliance with a legal obligation;
  • It is necessary to protect the vital interests of a Data Subject or another person where the data subject is incapable of giving consent;
  • It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; or
  • It is necessary for the purposes of legitimate interests.

Gibney collects and uses your Personal Data as follows, and the legal basis for doing so is either: (i) though your consent, (ii) as necessary to perform a contract and/or (iii) as necessary for the following legitimate purposes:

  • To provide legal services to our clients
  • To operate the Gibney Website.
  • To maintain quality of the Gibney Website, and to provide general statistics regarding use of the Gibney Website.
  • To keep track of the web pages our clients visit, in order to determine what Gibney services are the most popular.
  • To correspond with you through Gibney Email.
  • To provide you with information, products, or services that you request from us.
  • To process an event registration for you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • To notify you about changes to the Gibney Website or any services we offer or provide though it.
  • To enable third-party service providers, agents, subcontractors and other related entities to complete tasks and provide services to you on our behalf. However, when we use third party service providers, we will: (i) notify you in advance; (ii) disclose only the Personal Data that is necessary to deliver the services; and (iii) ensure that they will keep your Personal Data secure and not to use it for their own direct marketing purposes.
  • In any other way we may describe when you provide the Personal Data.
  • For any other purpose with your explicit consent.

Gibney does not sell, rent or lease its customer lists to third parties.

Gibney will disclose your Personal Data to a third party, without notice, only if “necessary for compliance with a legal obligation”.

You may object to the Data Processing set forth above by emailing dataprivacy@gibney.com.

5. Use of Cookies.

The Gibney website use “cookies”. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalize Gibney pages, or register with Gibney site or services, a cookie helps Gibney to recall your specific information on subsequent visits. When you return to the same Gibney website, the information you previously provided can be retrieved, so you can easily use any Gibney features that you customized. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Gibney Website.

6. Security of your Personal Information

Gibney has adopted reasonable physical, technical, security and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Personal Data in Gibney’s possession.

Gibney processes Personal Data solely in data centers located in the United States.

Gibney has internal policies governing its data security including:

  • Clear Screen, Clean Desk and Shredding Policy
  • Confidential and Personal Information Policy

7. Children Under the Age of 13.

We do not knowingly collect any Personal Data from anyone under the age of 13.

8. Links To Other Websites.

The Gibney Website may be linked to other websites that Gibney does not control. This Statement of Privacy does not apply to such web sites and we are not responsible for the privacy policies or practices of those other websites.

9. How long we will hold your Personal Data for?

We will hold your Personal Data in accord with our Statement of Privacy.

We hold Personal Data of different types, or relating to different categories of people, for different periods, taking into account its business purpose. The periods for which we hold Personal Data are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used. We take into account legal and regulatory provisions which require information to be held for a minimum period. We also consider the limitation periods for taking legal action and good practice in the legal industry.

10. Subject Access Request.

A subject access request is your right under GDPR to request a copy of the Personal Data that we hold about you. If you would like a copy of all or some of your Personal Data, please email: dataprivacy@gibney.com. We will respond to your request within one month of receipt of the request.

You may ask us to correct to remove information that you think is inaccurate by emailing dataprivacy@gibney.com.

Should you wish for us to completely delete all information that we hold about you, please email dataprivacy@gibney.com.

11. Gibney’s Data Protection Officer.

Gibney has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address:

Gibney, Anthony & Flaherty, LLP
665 Fifth Avenue
New York, NY 10022
Attn: Data Protection Officer
dataprivacy@gibney.com

12. Marketing.

You have a right at any time to stop us from contacting you for marketing purposes. To opt out please email: dataprivacy@gibney.com.

13. Complaints.

If you feel that your Personal Data has been processed in a way that does not meet the GDPR, you have a specific right to lodge a complaint with the relevant supervising authority.

14. Changes to this Statement.

Gibney will occasionally update this Statement of Privacy. Gibney encourages you to periodically review this Statement of Privacy to be informed of how Gibney is protecting your Personal Data.