Last Updated: December 31, 2019
1. Epstein Becker Green
2. The Personal Data EBG processes about you
When you use our Site EBG may collect the following information from you (collectively referred to as “Personal Data”):
|Subscription Data||includes registration date, service areas, and industry focus.|
|Contact Data||includes email address.|
|Device Data||includes hardware model, unique device identifiers, operating system version, browser type, and device settings and other information related to how your device is interacting with our Site.|
|IP Data||includes your approximate position based on your IP address.|
|Identity Data||includes first name and last name.|
|Marketing Data||includes your preferences in receiving marketing from us.|
|Usage Data||includes event information when you visit our Site, such as errors, system activity, and date and times of your activity, and the features that you access.|
3. How EBG collects your personal data
3.1 Information you give us
EBG process Personal Data provided by you when subscribing to receive event invitations and/or publications or otherwise corresponding or interacting with Us and our Site.
You have the right to withdraw your consent at any time by selecting the “Unsubscribe me from all future EBG e-communications” option in the “Subscribe” section at the bottom of Our Site, or by contacting us at Privacy@EBGlaw.com.
3.2 Information we automatically collect about you and your device
3.3 Information we receive from third party vendors
We receive Device and Usage Data about you from analytics providers such as Google Analytics.
4. How EBG uses your Personal Data
4.1 To administer the Site and Our relationship with you
We use your User and IP Data to administer the Site and our relationship with you.
Legitimate interest in running the business, provide and ensure the proper function and use of the Site
4.2 To secure the quality and develop the Site
We process your User, Usage and Subscription Data to monitor and analyze how our visitors and Subscribers engage and interact with the Site so that we can secure the quality and develop the Site to better align them with your usage patterns and preferences.
Legitimate interest to analyze how our visitors and Subscribers use the Site and to develop and improve the Site
4.4 Marketing Communication
Our Site does not support Do Not Track requests at this time. Do Not Track (DNT) is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit donottrack.us.
5. How long EBG keeps your Personal Data
6. Disclosures of your Personal Data
EBG will never sell your Personal Data and we conduct extensive assessments before engaging any processor to ensure that they have appropriate technical and organizational measures in place that provide adequate protection of your Personal Data. Anyone who is processing Personal Data on EBG’s behalf is bound by contractual obligations to keep Personal Data confidential and secure, and to use it only for the purposes as instructed by us.
EBG may share your Personal Data:
- with Our service providers that we use to support and provide Our business, such as technical service or operation providers;
- with Our successors, if to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, to the extent and in the way as prescribed by applicable law;
- with others with whom you ask Us to share your Personal Data; or
- if we believe, in good faith, is appropriate or necessary to:
- take precautions against liability;
- protect ourselves or others from fraudulent, abusive, or unlawful uses or activity;
- investigate and defend ourselves against any third-party claims or allegations;
- protect the security or integrity of the Site; or
- protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
Aggregate information is information that describes the habits, usage patterns and/or demographics of users as a group but does not reveal the identity of particular users. We may use aggregate information to understand the needs of individuals using the Site.
6.2 International transfers
Although you may our Site from a location outside of the United States, any personal data collected by us in connection with the Site may be transferred to, processed, and stored within the United States. By using the Site, you consent to the transfer of your personal data, including your contact information and location data, to countries outside of your country of residence, including to the United States.
7. How we protect your Personal Data
All information you provide to us is transferred using TLS encryption (HTTPS) and stored on secure servers. We use generally accepted industry standards, technologies, procedures and methods, such as firewalls, encrypted storage, pseudonymization, regular software updates, security scans, access control, audit logging and review of admin actions as well as external penetration tests to protect the integrity of your Personal Data and to prevent unauthorized access. We also have policies and other organizational measures in place, including recurrent employee training on data protection and strict procedures to deal with any suspected personal data breach.
8. Third party links
healthlawadvisor.com may provide links to websites of other organizations or companies that may offer materials and services as well as links to other sites. Please note that we do not accept any responsibility or liability for personal data that may be collected through these websites or services. We recommend that you read their privacy policies before you submit any personal data to them or use their services.
9. Your rights in relation to your Personal Data
9.1 Your rights
You have the right to:
- request access to and information about your Personal Data that is being processed by us,
- request correction of your personal data if it is inaccurate or incomplete, including to provide additional data if relevant information is missing,
- request erasure of your Personal Data,
- object to our processing of your Personal Data (i) if the processing is based on our legitimate interest, or (ii) for direct marketing purposes,
- request that we restrict the processing of all or some of your Personal Data in certain situations and to ask us not to send you any direct marketing, and
- request a copy of your Personal Data in a structured, commonly used and machine readable format and that we transfer your personal data to another controller.
EBG may deny your request, including but not limited to request to delete your information, if such information is necessary for Us or Our service providers to:
- Comply with a legal obligation;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
9.2 How to exercise your rights
You may contact us in writing at any time to exercise your rights, preferably using the email address that is associated with your user account. We may need to request specific information from you to help us confirm your identity.
We do our best to respond to your request within a few days, and at least within one (1) month. If the request is complicated or if we have received a large number of requests, we may need to prolong our response time with one (1) additional month.
You can exercise your rights at no cost to you. However, we may charge you a reasonable fee if your request is clearly unfounded, repetitive or excessive.
10. Children’s Information
11. California Residents
We permit residents of California to use our Site. Therefore, it is our intent to comply with the California Business and Professions Code § 22575-22579, the California Consumer Privacy Act of 2018 (“CCPA”) and California Civil Code § 1798.83, known as the “Shine the Light” law. If you are a California resident you may request certain information regarding our disclosure of Personal Information to any third parties for their direct marketing purposes. In summary, you must presume that we collect electronic information from all visitors. You may contact us either at Privacy@EBGlaw.com, Privacy Officer, Epstein Becker Green, 1227 25th Street NW, Suite 700, Washington, D.C. 20037, or 877-251-2156 with any questions or to exercise your rights as a California Resident.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
For the purposes of CCPA, personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
- Financial Information covered by the Gramm-Leach-Bliley Act, and implementing regulations.
11.1 Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Please provide the method of delivery in addition to the address with such request. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
12.2 Applicable Law and Jurisdiction
12.3 Notice of Electronic Disclosure of Protected Health Information
In representing some clients, we may receive or create documents or other communications containing protected health information (PHI) related to individuals served by our clients. EBG will only use and disclose this PHI as necessary to perform our services for those clients, and only as permitted or required by law.
Mail: Privacy Officer, Epstein Becker Green, 1227 25th Street NW, Suite 700, Washington, D.C. 20037; or