PRIVACY AND COOKIES POLICY
Effective Date: 10/15/2018
- Who we are
Berry Appleman and Leiden LLP is a limited liability partnership organized under the laws of the State of California and has offices in Austin, Boston, Dallas, Houston, McLean, Va., New York City, San Francisco and Washington, D.C. (together referred to as “BAL” or “we,” “our,” or “us”).
This Privacy and Cookies Policy describes how BAL collects Personal Data (defined below) through various means, including questionnaires, www.balglobal.com (the “Website”) and its secured access sites, including, but not limited to cobalt.balglobal.com (the “Secured Access Sites”), and BAL’s use of that Personal Data. This Privacy and Cookies Policy applies to Personal Data collected by BAL including, but not limited to all Websites and/or Secured Access Sites that post a link to this Privacy and Cookies Policy.
Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to physical, psychological, genetic, mental, economic, cultural or social identity of that natural person. Sensitive Personal Data means information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health and data concerning a natural person’s sex life or sexual orientation.
This Privacy and Cookies Policy applies to Personal Data BAL collects: (i) under the direction of its clients, both from the client itself and directly from individuals (known as the client employee or beneficiary) (“Client Personal Data”); and (ii) otherwise than under the direction of its clients, for example, from visitors to its Website (“Visitor Personal Data”).
Personal Data may be shared between Berry Appleman and Leiden LLP and subcontractors who perform services and functions on our behalf to assist us with our business activities and to support our interactions with you, for example, processing immigration documentation. Where BAL collects and uses Personal Data about individuals in the European Union (“EU”), it will comply with all applicable data protection laws as they may vary from time to time (including, but not limited to, the UK Data Protection Act 1998 (the “Act”) and the General Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”)) (“Applicable Data Protection Laws”).
In relation to Client Personal Data, BAL is a “Processor” for the purposes of the Applicable Data Protection Laws. This means BAL will only process the Personal Data it collects concerning a client, client employees and client employees’ dependants, in accordance with written instructions from its client, which is the “Controller” for the purposes of the Applicable Data Protection Laws.
In relation to Visitor Personal Data, BAL is the “Controller” for the purposes of Applicable Data Protection Laws.
BAL has appointed a Data Protection Officer who can be contacted at email@example.com
BAL is committed to ensuring that your privacy is protected. The following describes what Personal Data is collected and explains how that Personal Data may be used and shared with third parties and how BAL secures the Personal Data you provide us. It also describes the rights you have in relation to the collection and use of your Personal Data.
- The Personal Data we collect
The types of Personal Data we collect and how we use it depends on why and how you provide it to us.
We may collect and process the following Personal Data about you:
- Personal Data you give us. You may give us Personal Data in two ways:
- First, by submitting online forms on the Website, for example, to register for a seminar sponsored by BAL or to receive news. The Personal Data you enter may include, for example, your name, title, company, address, telephone number, and e-mail address. This is considered Visitor Personal Data.
- Second, if BAL is handling your visa or immigration matter, you may give us Personal Data by submitting online forms on the Secured Access Sites. This may include your personal and family information, educational background, employment history, and Sensitive Personal Data. This is considered Client Personal Data.
- Personal Data we collect about you with regard to each of your visits to the Website (which is considered Visitor Personal Data), including:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. The automatically collected information is stored in log files. We do not link this collected data to other information we collect about you; and
- when you download and use our mobile application, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID"). We also use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
- Personal Data we get from third parties and public sources. If BAL is handling your visa or immigration matter, we may obtain Personal Data about you from your employer, our client, and from public sources. Such public sources may include, but are not limited to, social media sites such as LinkedIn, Facebook and Instagram, Google Scholar and other internet searches. This is considered Client Personal Data. The Client Personal data about you that we may obtain and process will depend on the specific nature of an engagement and the services we are providing including, but not limited to:
- Addresses, telephone numbers, email addresses, and other contact details;
- Age/Date of birth
- Nationality and country of residence;
- Familial/relationship situation;
- Information relating to educationand qualifications;
- Information relating to employment;
- Other information connected to health; and
- Criminal records or similar details.
We do not alter our data collection and use practices in response to Do Not Track signals.
- How we use your Personal Data
The legal basis that we rely upon to process your Personal Data may depend on how it is collected and used. In most cases, the legal basis will fall into one of the following categories:
- Where you have provided consent for us to use your Personal Data;
- Where the processing is necessary for the performance of a contract with you and/or your employer and us;
- Where the processing is necessary for compliance with a legal obligation we have; and
- Where the processing is necessary for our legitimate interests.
In relation to Client Personal Data, the use of Personal Data collected through our service shall be limited to the purpose of providing the service for which our client has engaged us.
We may use your Personal Data for the following purposes:
- Personal Data you give us. We will use this Personal Data:
- To provide immigration services to you and your family;
- To carry out our obligations arising from any contracts entered into between you and/or your employer and us; and
- To provide you with the information and services that you request from us.
- Personal Data we collect about you. We will use this Personal Data:
- To administer the Website and/or Secured Access Sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve the Website and/or Secured Access Sites to ensure that content is presented in the most effective manner for you and for your computer or device;
- To allow you to participate in interactive features of our service, when you choose to do so;
- As part of our efforts to keep the Website and/or Secured Access Sites safe and secure;
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- To make suggestions and recommendations to you and other users of the Website and/or Secured Access Sites about goods or services that may interest you or them.
- Personal Data we get from third parties and public sources. We will use this Personal Data:
- To provide immigration services to you and your family;
- To carry out our obligations arising from any contracts entered into between you and/or your employer and us; and
- To provide you with the information and services that you request from us.
BAL would also like to use your Personal Data to communicate with you directly via e-mail or direct mail, such as to inform you about newsworthy topics and upcoming events that may be of interest to you, or to confer with you regarding your immigration case. For example, BAL would like to use your e-mail address to send you the firm's Legal Update newsletter, to send you an announcement concerning an upcoming seminar, or to send you questions or drafts relating to your immigration case. When collecting your Personal Data BAL will seek your consent to being contacted in this way.
If, after agreeing to be contacted in the manner described above, you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us at firstname.lastname@example.org.
- With whom we will share your Personal Data
We do not sell your Personal Data to third parties. BAL does not share your Personal Data with third parties for those third parties’ direct marketing use. BAL will not share your Personal Data with any third party, except as otherwise set forth in this Privacy and Cookies Policy.
BAL may share your Personal Data:
- To complete your request or as necessary to provide immigration services to you and your family, including disclosure to government agencies in the form of applications and petitions for immigration benefits.
- To third party service providers who perform services and functions on our behalf to assist us with our business activities and to support our interactions with you including, for example, processing immigration documentation or customer service. These third party service providers are authorized to use your Personal Data only as necessary to provide these services to us and on our behalf.
- As permitted or required by law. For example, BAL may provide the Personal Data in response to a subpoena, bankruptcy proceedings, a law enforcement or governmental agency request, or a court order or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or other legitimate purpose.
- In the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets.
- If BAL assets are acquired by a third party, in which case Personal Data held by it about its clients, client employees and employees’ dependents will be one of the transferred assets.
- In the event our client wishes to engage alternative legal advisors, we may transfer your Personal Data to those advisors.
- Where we will store your Personal Data
The Personal Data that you give us, that we collect from you and that we get from third parties may be transferred to, and stored at, a destination within the United States. This Personal Data may be processed by staff operating at such destinations. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely, and in accordance with this Privacy and Cookies Policy, and to prevent unauthorized disclosure of Personal Data.
Please be aware that the United States may not provide the same level of protections as the laws of your country. BAL is certified under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Please see Section 10 below for more information about this.
To guard your
Personal Data, we maintain physical, electronic and procedural safeguards.
BAL may implement security features to prevent the unauthorized release of Personal Data. Please note, however, that BAL cannot guarantee the confidentiality of any communication or material transmitted to/from BAL via the Website or email. Accordingly, BAL is not responsible for the security of Personal Data transmitted via the Internet and any transmission is at your own risk.
When you enter any Sensitive Personal Data (such as your legal status) on the Website and/or Secured Access Sites, we encrypt the transmission of that information using secure socket layer technology (SSL).
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website and/or Secured Access Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
- Links to other websites
The Website and/or Secured Access Sites includes links to other websites whose privacy practices may differ from those of BAL. If you submit Personal Data to any of those websites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit. We are not responsible for the privacy practices of others. Any link to a website owned by a third party does not constitute an endorsement, approval, association, sponsorship or affiliation with the linked site unless specifically stated.
- Children’s Privacy
The Website and/or Secured Access Sites are general audience sites not directed at children under the age of 13. If we obtain actual knowledge that any Personal Data we collect has been provided by a child under the age of 13, we will promptly delete that information.
- Personal Data retention
In relation to Visitor Personal Data, we will retain your Personal Data for as long as it is required to fulfill the purposes for which it was collected, and/or for as long as is necessary for the protection and pursuit of our legal rights and obligations under any laws that are applicable to our operations. After that time, we will destroy your Personal Data without notice to you and request that anyone to whom we have transferred your Personal Data to also destroy it.
In relation to Client Personal Data, we will retain Personal Data we process on behalf of our clients for as long as needed to provide services to our clients, and/or for as long as is necessary for the protection and pursuit of our legal rights and obligations under any laws that are applicable to our operations. After that time, we will destroy your Personal Data without notice to you and request that anyone to whom we have transferred your Personal Data also destroy it.
Please note that our legal rights and obligations dictate that our standard document retention period for US work is 7 years and our standard document retention period for rest of world work is 12 years.
- Your rights
If you are in the EU or UK, you have a number of rights under Applicable Data Protection Laws, which include the right to:
- Access a copy of the Personal Data BAL holds about you;
- Correct any inaccuracies in the Personal Data BAL holds about you;
- In certain circumstances, request that BAL erase the Personal Data we hold about you;
- Restrict how BAL may process your Personal Data;
- Object to your Personal Data being used for direct marketing;
- Request that the Personal Data BAL holds about you be transferred to another entity; and
- Withdraw any consent you have given to BAL to process your Personal Data.
Upon request we will provide you with information about whether we hold any of your personal information. If you would like a copy of the Personal Data BAL holds about you, please send a description of the Personal Data you would like to access and proof of your identity to our Customer Support team by emailing email@example.com or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your requests within a reasonable timeframe.
If you would like to invoke any of your other rights, you can either make the appropriate change on our member information page or you can email our Customer Support at firstname.lastname@example.org or contact us by telephone or postal mail at the contact information listed below.
In relation to Client Personal Data, an individual who seeks access, or who seeks to correct, amend, or delete his / her inaccurate data should direct his query to BAL’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe.
If you would like to invoke any of your rights with respect to Client Personal Data, you should contact your employer, BAL’s client (the Controller).
- Privacy Shield
BAL LLP participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. BAL is committed to subjecting all Personal Data received from EU member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
BAL is responsible for the processing of Personal Data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. BAL complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, BAL is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, BAL may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
- Cookies and Other Tracking Technologies
This section explains how and why cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) may be stored on and accessed from your device.
What are Cookies and Other Tracking Technologies?
A cookie is a small text file that can be stored on and accessed from your device when you visit the Website and/or Secured Access Sites, to the extent you agree. The other tracking technologies work similarly to cookies and place small data files on your devices or monitor your website activity to enable us to collect information about how you use the Website and/or Secured Access Sites. This allows the Website and/or Secured Access Sites to recognize your device from those of other users of the Website and/or Secured Access Sites. The information provided below about cookies also applies to these other tracking technologies. You can find more information at www.allaboutcookies.org and www.youronlinechoices.eu.
To administer the Website and/or Secured Access Sites and for research purposes, BAL has also contracted with third-party service providers to track and analyze usage and volume statistical information from users of the Website and/or Secured Access Sites. These third-party service providers use persistent cookies to help us to improve the user experience, manage the content on our Website and/or Secured Access Sites, and analyze how users navigate and utilize the Website and/or Secured Access Sites.
First and third-party cookies
“First party cookies” are cookies that belong to BAL and that BAL places on your device. “Third-party cookies” are cookies that another party places on your device through our Site. BAL also contracts with third-party service providers to send e-mails to users who have provided us with their contact information. To help measure and improve the effectiveness of our e-mail communications, to determine whether messages have been opened and links clicked on, the third-party service providers place cookies on the devices of these users. All Personal Data collected by this third-party service provider on behalf of BAL is used solely by or on behalf of BAL and is shared externally only on an aggregated basis.
For more information on how these companies collect and use information on our behalf, please refer to their privacy policies.
We use the following types of cookies:
Session Cookies. These cookies are temporary and deleted from your machine when your web browser closes. We use session cookies to help us track internet usage as described above.
The Personal Data collected by the Website and/or Secured Access Sites through cookies that may be placed on your computer will not be kept for longer than is necessary to fulfil the purposes mentioned above. In any event, such Personal Data may not be kept for longer than one year.
Our cookies are used for the following purposes:
|Strictly necessary/ Technical||These cookies are necessary to allow us to operate the Website and/or Secured Access Sites so you may access them as you have requested. These cookies, for example, let us recognize that you have created an account and have logged into that account to access content on the Website and/or Secured Access Sites. They also include cookies that enable us to remember your previous actions within the same browsing session and secure the Website and/or Secured Access Sites.|
|Analytical /Performance||These cookies are used by us or our business partners to analyze how the Website and/or Secured Access Sites are used and how they are performing. For example, these cookies track what pages are most frequently visited, and what locations our visitors come from. If you subscribe to a newsletter or otherwise register with the Website and/or Secured Access Sites, these cookies may be correlated to you. These cookies include, for example, Google Analytics cookies.|
|Functionality||These cookies let us operate the Website and/or Secured Access Sites in accordance with the choices you make. These cookies permit us to "remember" you in-between visits. For instance, we will recognize your user name and remember how you customized the Website and/or Secured Access Sites and services, for example by adjusting text size, fonts, languages and other parts of web pages that are alterable, and provide you with the same customizations during future visits.|
For more information about cookies, please see the Information Commissioner's website home page or the Interactive Advertising Bureau.
If you do not want cookies to be dropped on your device, you can adjust the setting of your Internet browser to reject the setting of all or some cookies and to alert you when a cookie is placed on your device. For further information about how to do so, please refer to your browser ‘help’ / ‘tool’ or ‘edit’ section or see www.allaboutcookies.org. Please note that if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access or use all or parts or functionalities of the Website and/or Secured Access Sites.
If you want to remove previously-stored cookies, you can manually delete the cookies at any time. However, this will not prevent the Website and/or Secured Access Sites from placing further cookies on your device unless and until you adjust your Internet browser setting as described above.
For more information on the development of user-profiles and the use of targeting/advertising cookies, please see www.youronlinechoices.eu if you are located in Europe or www.aboutads.info/choices if in the United States.
- Changes to this Privacy and Cookies Policy
- Contact us
Berry Appleman & Leiden LLP
555 Mission Street
Tel: (415) 398-1800
If any complaint remains unresolved you have the right to lodge a complaint with an appropriate supervisory authority or the U.S. Department of Commerce.