Privacy Notice for California Residents

Last Updated: June 10, 2020

Fredrikson & Byron, P.A. (“Fredrikson”) understands the importance of your privacy and we take our responsibility to protect it seriously. This Privacy Notice for California Residents (“Notice”) supplements the information contained in Fredrikson & Byron’s Privacy Policy and applies solely to “consumers” as defined by the California Consumer Privacy Act of 2018, as amended (“CCPA”). This Notice explains our collection, processing, and disclosure of personal information relating to California consumers. Any terms defined in the CCPA have the same meaning when used in this Notice.

This Notice does not apply to personal information collected from California-based job applicants, which is subject to the California Job Applicant Privacy Notice.

As a law firm, much of the “personal information” we collect and process is not subject to the CCPA.  For example, personal information received through business-to-business communications with consumers acting as representatives of another business is exempt from certain requirements under the CCPA.  Personal information that is subject to evidentiary privileges (such as the attorney-client privilege) or other data protection laws (such as HIPAA) may likewise be exempt from some or all of the requirements under the CCPA. Accordingly, please read this Notice carefully before sharing information with us so you understand our practices regarding your information.

Information We Collect and Disclose

As defined by the CCPA, “personal information” includes any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include:

  • Publicly available information from government records;
  • Deidentified or aggregated consumer information; and
  • Information excluded from the CCPA’s scope, including:
    • Medical or protected health information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the California Confidentiality of Medical Information Act (CMIA);
    • Information collected as part of a clinical trial; and
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

In the past twelve (12) months, Fredrikson has collected the following categories of personal information from consumers and disclosed such information to the following categories of third parties for business purposes.

Categories of PI Collected Examples Categories of Third Parties to Whom  Disclosed
Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
  • IT and cloud/hosting service providers, such as our email provider, business application providers, hosting providers, managed services providers and IT consultants;
  • Event hosting and registration service providers;
  • Financial institutions and payment processors;
  • Governments, courts, regulators or others where we received legally binding requests
  • Delivery or courier providers
  • Mandatory disclosures to comply with a subpoena or other legally-binding request(s)
  • Courts, regulatory agencies, or parties in legal matters for which we are providing services
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, or employment information.

Some personal information included in this category may overlap with other categories.

  • IT and cloud/hosting service providers, such as our email provider, business application providers, hosting providers, managed services providers and IT consultants;
  • Event hosting and registration service providers;
  • Financial institutions and payment processors
  • Delivery or courier providers
  • Government, courts, regulatory agencies, or parties in legal matters for which we are providing services
  • Mandatory disclosures to comply with a subpoena or other legally-binding request(s)
  • Insurance companies
Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Courts, regulatory agencies, or parties in legal matters for which we are providing services.
  • Mandatory disclosures to comply with a subpoena or other legally-binding request(s).

 

Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
  • IT and cloud/hosting service providers.
  • Online analytics and advertising service providers.
Sensory data. Audio, electronic,  or similar information.
  • IT and cloud/hosting service providers, such as our email provider, business application providers, hosting providers, and telephone communication providers.

 

Fredrikson collects these categories of personal information from the following categories of sources.

  • Direct collection: We collect information directly from you when you choose to provide it to us by filling out forms on our website, signing up to receive emails or other information from us, communicating with us, visiting our offices, attending an event, webinar or presentation,  paying for services from us, or otherwise directly providing the information to us (such as by submitting a query on our website).
  • Indirect and technology-based collection: We also collect certain information from you indirectly when you visit, use or navigate our website. Fredrikson collects certain identifiers (such as IP addresses) and internet and similar network activity (such as website usage data) by using cookies, pixels, and passive tracking and analytics technologies, as described in our Privacy Policy. Please read our Privacy Policy to for additional detail on how we collect information from you indirectly.
  • Third-party collection: From time-to-time, we may receive invitee lists for events that we are co-hosting with other law firms or companies.

Use of Personal Information

We use the personal information we collect for the following business or commercial purposes (as well as any other purposes as set forth in our Privacy Policy):

  • Provide legal services to our clients, including advising clients on legal matters, representing clients in legal proceedings, dealing with regulatory authorities, filing intellectual property applications, preparing for potential or actual litigation, filing tax or other estate documents, and conducting due diligence in the context of IPOs, mergers and acquisitions and other transactions;
  • Optimize your experience on our website and ensure that our content is presented to you in the most effective manner;
  • Communicate with you and respond to your inquiries about our services and legal issues that may be relevant to you, including providing you with information that you request from us about our activities or events, notifying you about changes to our website or any services we offer, and investigating any concerns you have about our services;
  • Research, develop, and improve our services, including by conducting client satisfaction surveys;
  • Manage our business relationships with our clients, vendors and suppliers, including carrying out our obligations and enforcing our rights arising from any agreements, processing invoices and collecting payments;
  • Protect and maintain the safety, security and integrity of our firm, our rights or property (including our website, databases, and other technology assets), to protect someone’s health, safety, or welfare, and to comply with a law or regulation, court order, or other legal process; and
  • Perform other functions as otherwise described to you at the time of collection.

Sales of Personal Information

In the past twelve (12) months, Fredrikson has not sold personal information of any category.  Likewise, Fredrikson does not have actual knowledge of any sales of personal information regarding minors under 16 years of age.

Your Rights Under the CPPA

The CCPA provides California residents with the rights discussed below.  For convenience, and as required by the CCPA, we explain how you can exercise those rights, to the extent they are applicable.

  1. Right to Request Access Information. You have the right to request that we disclose certain information about our collection and use of your personal information during the past 12 months.  Specifically, you may request that we disclose:
    • The categories of personal information we collected about you;
    • The categories of sources for the personal information we collected about you;
    • The business and commercial purposes for collecting your personal information;
    • The categories of third parties with whom we shared your personal information;
    • The specific pieces of personal information we collected about you; and
    • If we disclosed your personal information for a business purpose, the categories of personal information received by each category of third party.
  1. Right to Data Portability. You have the right to request that we provide copies of the specific pieces of personal information we collected about you.  If a verifiable consumer request is made, and subject to any exceptions or limitations under the CCPA, we will take steps to deliver the personal information to you either by mail or electronically.  If we provide the information to you electronically, it will be in a portable and readily useable format, to the extent technically feasible.  Consistent with the CCPA and our interest in the security of your personal information, we will not provide copies of your social security number, driver’s license number, other government-issued identification number, financial account number, health or medical identification number, account password, or security questions or answers in response to a CCPA request.
  2. Right to Request Deletion. You have the right to request that we delete personal information we collected from you, subject to any exceptions or limitations under the CCPA.

Exercising Your Rights

To exercise the rights described above, you—or someone authorized to act on your behalf—must submit a verifiable consumer request to us by sending an e-mail to: CAPrivacy@fredlaw.com with the subject line: “CCPA Request” or calling us at 1-800-865-4804.  Your request must include your name, e-mail address, mailing address, phone number, the nature of your inquiry and the context in which we may have received your information.  If you are an agent submitting a request on behalf of a consumer, we may request that you submit a signed permission from the consumer authorizing you to make the request.  In order to protect the privacy and data security of consumers, the verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of such consumer; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

As indicated above, please be aware that the CCPA provides certain limitations and exceptions to the foregoing rights, which may result in us denying or limiting our response to your request.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We may also request that you provide additional information if needed to verify your identity or authority to make the request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you or the consumer on whose behalf you are making the request.

Response Timing and Format

The CCPA requires us to respond to a verifiable consumer request within forty-five (45) days of its receipt; however, we may extend that period by an additional 45 days. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response via e-mail. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select the format of our response; the format will be readily useable and should allow you to transmit the information from one entity to another. We will not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the request.

Our Commitment Not to Discriminate

Consistent with the CCPA, we will not discriminate against you for exercising any of your CCPA rights by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Notice

The CCPA’s implementing regulations are not final and changes to the current versions of those regulations, as well as clarifications to the law itself, may necessitate revisions to this Notice.  Accordingly, we reserve the right to amend this Notice at our discretion and at any time. If there are changes to this Notice, we will post them here and update the “Last Updated” date at the top of this document. Continued use of this website after any changes is deemed to be acceptance of those changes.   Please check this page periodically for updates.

Contact Information

If you have any questions or comments about this Notice, please contact us at:

Phone: 1-800-865-4804
Email: CAPrivacy@fredlaw.com
Postal Address:
Fredrikson & Byron, P.A.
Attn: CCPA Inquiries
200 South Sixth Street
Suite 4000
Minneapolis, MN 55402