Privacy Policy and Legal Notice

Privacy Policy

Last Updated August 7, 2025

 

Introduction

This Privacy Policy (“Privacy Policy”) explains how Herrick Feinstein LLP (“Herrick,” the “Firm,” “we,” or “us”) collects, stores, uses, and discloses personal information about you when you interact with us through our website, www.herrick.com (the “Site”), as set out in the Scope section.

Please read this Policy carefully before you use our Site, or communicate with us through the Site. By accessing the Site or communicating with us through the Site, you accept the terms of this Policy.

Important: Please note that this Privacy Policy is limited only to information collected through the Site. It DOES NOT apply to our offline practices or policies, or electronic communications outside this Site (such as direct email).

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. For material changes, we will provide additional notice (such as by adding a statement to the Site or sending you a notification). We encourage you to review this Privacy Policy regularly.

 

1. Scope

This Privacy Policy applies exclusively to data collected through the Site and does not cover information shared in face-to-face meetings, phone calls, emails, or other communications outside the Site.

 

2. Collection of Information

What is Personal Information?

“Personal Information” means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information. Personal Information stops being personal information when it has been aggregated, de-identified, or otherwise anonymized sufficiently that the individual is no longer identified or identifiable using reasonable efforts, resources, and technology.

Categories of Personal Information that We Collect

Depending on how you interact with us, we may collect:

• names
• physical addresses
• email addresses
• telephone numbers
• business contact information (company name, business affiliation, title)
• personal information you voluntarily share with us when you ask a question, request follow-up, or otherwise interact with us
• device identifiers used to access the Site
• device locations such as geolocation data via IP address, GPS, or browser settings used to access the Site.

Information You Provide Voluntarily

If you choose to communicate with us through:

• online forms
• email
• information requests
• event registrations
• other contact methods,

we will collect whatever information, including personal information, that you choose to provide. We combine this information with other information collected from and about you as described in this Privacy Policy.

Information that We Collect Automatically

Logs

Our Site automatically creates logs regarding user sessions that contain information about the features that you use, actions you take, and information that you access. When your session ends, Herrick only retains the information in a statistical and aggregated format (non-personal information) that we use for

• research purposes
• assessing Site effectiveness
• improving user experience.

Cookies

Cookies are small pieces of information transferred to your computer’s hard drive through your web browser to enable our systems to recognize your preferences and settings. We use cookies to:

• recognize that a device has visited our Site previously
• recommend relevant Herrick content as you navigate the Site.

Important: We do NOT use cookies for advertising purposes, or to identify individuals, or store personal information (unless you have voluntarily provided your contact details through our subscription forms).

Analytics

Our Site uses Google Analytics, to help us analyze how visitors use our Site. The information generated by cookies about our Site use is generally transmitted to and stored on Google servers in the United States.  

Google will:

• evaluate your use of the Site
• compile reports on Site activity
• provide other analytic services relating to our Site and internet use
• NOT associate your IP address with other Google data.

We collect and retain information from Google Analytics in a statistical and aggregated format (non-personal information) for research purposes, assessing Site effectiveness, and improving user experience.

 

3. How We Use Your Information

We may use the personal information we collect from and about you for the following business purposes:

Core Business Operations

• operating the Site, including for Site logging, Site administration, Site improvement, internal operations, troubleshooting, data analysis, testing, and research
• providing and improving our services
• responding to your requests for information
• managing our business and commercial relationships with our clients, suppliers and vendors, including for professional networking purposes, events, due diligence and conflict checks
• communicating with you about changes to our services or our Site.

Marketing Communications

• sending client alerts, newsletters and other communications to our clients and business contacts
• providing communications relevant to you, based on the practice areas and industries you select when subscribing
• registering you for, and confirming your attendance at, events
• furnishing biographical details to other attendees
• providing you with opportunities to participate in on-demand learning
• assessing the effectiveness of our events, promotional campaigns, and publications
• using event recordings in promotional materials, news releases, websites, and other published formats for the Firm and the event.

Recruitment

• evaluating job applications
• inviting you for job interviews and arranging for travel
• following upon job applications.

Security and Legal Compliance

• enforcing this Policy and our other policies and procedures to protect our rights
• protecting our Site and operations against fraud, unauthorized access attempts, identity theft, or other unlawful activities
• maintaining the physical security of our offices and premises
• confirming your identity and carrying out security checks to prevent fraud
• complying with legal and regulatory obligations
• establishing, exercising, or defending our legal rights
• responding to any complaints you may have.

Legal Bases for Processing

We may use or otherwise process your personal information on the grounds of one or more of the following lawful bases:

• your consent (in which case we will tell you at the time our purposes for using your personal information)
• in the course of providing legal advice, representation, or services to you
• for the performance of a contract with you or to take steps at your request prior to entering into such a contract
• to comply with our legal obligations
• because of our or your legitimate interests in:
  • providing you legal advice, representation, or services
  • ensuring the quality of the services we provide to you
  • communicating with you.

You have the right to ask us not to process your personal information for marketing purposes at any time. You can exercise your right by:

• replying directly to the marketing message
• unsubscribing from marketing messages by clicking the appropriate link in any email you receive
• contacting [email protected].

 

4. Disclosure of Personal Information

We may disclose personal information about you as described below:

• with third party contractors engaged by Herrick in the course of business (e.g., accountants, insurance companies, banks, auditors)
• with Herrick’s network of external legal counsel and other professional experts, advisors, and/or consultants
• with vendors and service providers who perform services on our behalf, including marketing and research agencies, with whom Herrick has a direct contractual relationship
• with event partners or co-sponsors (e.g., professional associations, event organizers)
• with third party agents or contractors subject to confidentiality requirements (e.g., IT and communications service providers, cloud service providers).

Legal and Regulatory Disclosures

• with government agencies, regulators or courts, as required by applicable law, regulation, or court order
• in the context of legal proceedings
• as necessary to provide legal services to our clients, including opposing counsel
• with regulatory authorities to the extent required by law
• with third parties such as our professional advisors, as required to establish, exercise, or defend our legal rights.

Other Disclosures

• If you post other information to our Site, such as comments, that information may be displayed and viewable by other users
• If you gave us your permission, or if we believe doing so is required or appropriate to:
  • comply with laws, law enforcement requests, and legal process
  • respond to your requests
  • protect your, our or others’ rights, property, or safety.

We do not sell information to third parties.

 

5. Data Security

How We Protect Your Personal Information

We have put in place various technical and organizational measures (e.g., encryption, firewalls, etc.) intended to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction consistent with applicable data protection laws. We also have policies in place to ensure personal information is kept secure on our networks.

Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have concerns about the security of your information with Herrick, please contact us immediately at [email protected].

 

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in the How We Use your Information section, and as required for legal, regulatory, and business purposes. The retention period depends on:

• the amount, nature, and sensitivity of the personal information
• the potential risk of harm from unauthorized use or disclosure
• the purposes for which we process your personal information and whether those purposes can be achieved through other means
• legal obligations and regulatory requirements that may set minimum retention periods.

In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you), in which case we may use this information without further notice to you.

 

7. Your Choices and Rights

Your Rights

Depending on applicable laws and regulations, you may be entitled to:

• request details about our processing of your personal information and access the personal information we hold about you
• withdraw your consent to our processing of your personal information (where we process based on your consent)
• receive certain personal information in a structured, commonly used, and machine-readable format and/or request data transfer to a third party where technically feasible
• request correction, deletion, or restriction of processing of your personal information
• object to our processing of your personal information
• lodge a complaint with the relevant data protection authority.

We may request additional information to verify your identity before fulfilling these requests. You may also designate an authorized agent to exercise these rights on your behalf, with proper documentation.

We will not discriminate against you for exercising these rights.

Opting Out of Marketing Communications

You may opt out of receiving promotional communications from us by:

• following the unsubscribe instructions in those communications
• emailing us at [email protected]

If you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations.

 

8. Cookie Preferences

What are Cookies?

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies:

• A persistent cookie is stored by a web browser and remains valid until its set expiry date (unless deleted earlier)
• A session cookie expires at the end of the user session, when the web browser is closed.

Important: The cookies we use on this Site do not collect information that personally identifies you, and we do not link cookie identifiers with personal information stored in our system.

Cookies We Use

Google Analytics: We use Google Analytics to understand how visitors use this Site. These cookies:

• track activity on this Site in aggregate
• help us optimize user experience
• do not collect personal information about you.

To opt out of Google Analytics tracking across all websites, visit https://tools.google.com/dlpage/gaoptout. Google’s privacy and compliance policies are available at: https://privacy.google.com.

Session ID: A temporary session cookie used to track whether traffic is logged in or out of this Site. These cookies do not collect personal information and are deleted when you close your browser.

How to Control Cookies

You can control cookies through your browser settings:

• adjust your internet browser not to accept cookies
• delete cookies that are already stored on your device.

For more information about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org.

 

9. Additional Information

Changes to Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this Policy indicates when it was last revised. If we make material changes, we may notify you via a notice posted on our Site or other appropriate means.

We encourage you to periodically review this Privacy Policy to stay informed about our information practices.

Important Disclosures

• We do not “sell” or “share” personal information as defined under applicable privacy laws
• Our Site is not intended for individuals under 16 years of age, and we do not knowingly collect personal information from children, or sell or share such personal information
• We collect information that is considered “sensitive” under State Privacy Laws in connection with Job Applicants and Client Services but do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.

 

10. Contact Information

It is important that the personal information that we hold about you is accurate and current. Please keep us informed if your personal information changes.

If you ever have any questions, comments, or concerns about this Privacy Policy or our privacy policies, please contact us at:

Herrick Feinstein, LLP
2 Park Avenue
New York, NY 10016
United States
[email protected]

 

11. International Data Transfers

Herrick may transfer personal information to countries outside the United States.

These countries may have different data protection laws than the U.S.

When we transfer personal information across borders, we take appropriate measures to ensure your information is protected in accordance with applicable data protection laws. These measures may include:

• Implementing standard contractual clauses approved by relevant regulatory authorities
• Ensuring recipients of your information agree to privacy and security terms that meet the standards required by applicable law
• Conducting transfer impact assessments where required by law
• Implementing additional safeguards as necessary for sensitive information

For transfers to countries without adequate data protection laws as determined by applicable regulations, we implement appropriate safeguards to protect your information.

If you have questions about our international data transfer practices or wish to obtain a copy of the safeguards we use to protect information transferred internationally, please contact us at [email protected].

 

12. Compliance with Regional Privacy Laws

Depending on your location, you may have specific rights under regional privacy laws. Below is information regarding major privacy regulations that may apply:

California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights:

• right to know what personal information is collected and how it is used
• right to delete personal information collected
• right to correct inaccurate personal information
• right to limit use and disclosure of sensitive personal information
• right to opt-out of the sharing of personal information
• right not to be discriminated against for exercising these rights.

Other U.S. States

If you are a resident of Colorado, Connecticut, Virginia, Utah, or other states with comprehensive privacy laws, you may have similar rights to those provided under the CCPA/CPRA.

European Economic Area/UK (GDPR/UK GDPR)

If you are a European Economic Area or United Kingdom resident, you may have the following rights to the extent provided by law:

• request access to and receive information about your personal information
• update and correct inaccuracies in your personal information
• restrict or object to the processing of your personal information
• have your personal information deleted
• exercise your right to data portability to your personal information
• withdraw any consent previously provided regarding the processing of your personal information, at any time and free of charge.

We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.

To exercise your rights under any of these laws, please see the “Data Subject Request Procedures” section below.

 

13. Data Subject Request Procedures

How to Submit a Request

You can submit a request to exercise your privacy rights by:

• emailing [email protected]
• writing to us at the address provided in the Contact Information section.

Verification Process

To protect your information, we need to verify your identity before fulfilling your request. We will:

• Ask you to provide sufficient information to verify your identity
• Require additional information if your request involves sensitive personal information
• Use information previously provided to us to verify your identity when possible.

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. Authorized agents must:

• provide proof of authorization (signed permission, power of attorney, etc.)
• verify their own identity
• provide proof of your identity as described above

Response Timeline

We will acknowledge receipt of your request within 10 business days and provide a substantive response within:

• 45 days for standard requests
• an additional 45 days (90 days total) if necessary, with notice explaining the reason for the extension.

Format of Response

We will deliver our response in a readily usable format, typically by electronic mail or through your user account if applicable.

No Charge

We will process your request free of charge unless your request is excessive, repetitive, or manifestly unfounded. If we determine that a charge is appropriate, we will notify you of the estimated fee before proceeding.

 

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will take prompt action to:

• investigate the nature and scope of the breach
• implement measures to contain and mitigate potential harm
• notify affected individuals in accordance with applicable laws.

Notification Timeline

When required by applicable law, we will notify affected individuals without undue delay and, where feasible, within the timeframes specified by relevant regulations:

Notification Content

Our breach notifications will typically include:

• a description of the nature of the breach
• the categories and approximate number of records concerned
• likely consequences of the breach
• measures taken or proposed to address the breach
• contact information for questions or additional information
• steps you can take to protect yourself.

We maintain a data breach response plan that is regularly reviewed and updated to ensure we can respond effectively to potential data breaches.

 

This Website is owned and operated by Herrick, Feinstein LLP.