Privacy Policy


Effective Date: July 29, 2024


Overview and Scope

We at Dinsmore & Shohl LLP (the “Firm,” “we,” “our,” or “us”) recognize the importance of protecting the privacy of personally identifiable information (“Personal Information” or “PII”) collected about you through our website and otherwise in connection with the provision of our legal services (collectively, our “Services”). We are committed to ensuring that your privacy is protected. To that end, this Privacy Policy (the “Policy”) describes the ways in which we collect, use and share the PII you provide to us, or that we otherwise collect or receive in the course of operating our business and our websites. It also sets out how we store and protect such information, and describes certain rights you may have with respect to the PII that we hold about you. Unless otherwise expressly agreed to in writing, your PII will be processed according to the terms of this Policy. By using our Services, you accept the terms of this Policy.

This Policy is drafted to comply with the California Consumer Privacy Act (as amended by the California Privacy Rights Act) (together, the “CCPA”)). In addition, this Policy is applicable to data subjects within the European Economic Area (“EEA”) and the United Kingdom (“UK”). Therefore, this Policy is drafted to comply with the E.U. General Data Protection Regulation (EU) 2016/679 and the U.K. GDPR (collectively, the “GDPR”). You are under no statutory or contractual obligation, or other obligation to provide PII to us. For the purposes of compliance with the GDPR, we are responsible as the “controller” of PII we collect from data subjects. For the purposes of this Policy, “data subject” means an identified or identifiable natural person located in the EEA/UK.

This Policy applies to our Services, which includes our website, www.dinsmore.com, its subdomains, and all of the websites and internet properties owned or operated by us (collectively, the “Sites”), regardless of the medium by which our Services are accessed by you (e.g., via a web or mobile browser).

Information We Collect

We are the sole owner of the information collected through our Services. We may collect several types of information from you, including:

Personal Information: We may collect PII (i.e., “personal data” under the GDPR) from you when you complete forms, navigate web pages, email us, or otherwise take advantage of other activities, services, features, or resources we make available as part of our Services. For purposes of this Policy, PII means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. PII does not include publicly available information from government records, deidentified or aggregate information, or information excluded from the scope of applicable data privacy laws.

While our collection of PII varies based upon our interactions with you, the table below generally identifies the categories of PII we have collected, used, stored, and disclosed in the last twelve (12) months:

Category

Type(s) of Information

Identifiers

First Name, Last Name, Email, Phone Number, Postal Address, IP Address, SSN, Driver’s License Number, Tax ID, and Other Government Identifiers

Financial Information

Credit/Debit Card Number, Expiration Date, Security Code

Categories of PII listed in the CA Consumer Customer Records Law

First Name, Last Name, Email, Phone Number, Postal Address, IP Address, Signature, Driver's license or state identification card number, Insurance policy number, Health insurance information, Medical information, Education, Employment, Bank account number, Credit card number, Debit card number

Information within this category may overlap with other categories.

Characteristics of Protected Classifications Under CA or US Law

Age, citizenship, marital status, medical condition, physical or mental disability, gender, veteran or military status

Professional or Employment-Related Information

Current and former employers and positions, qualifications, business contact information, and professional memberships

Non-Public Education Information

Education history, schools attended, degrees awarded, and associated dates

Internet or Other Similar Network Activities

Browsing History, Search History, Interactions with the Sites

Location Data

Geolocation, beacon based location

You may disable certain features through your device or browser settings.

Other Information

Any other information you voluntarily provide to us.

Sensitive PII: Some of the PII we collect may be considered sensitive personal information, such as: SSN, driver’s license, state identification card, or passport numbers, financial account information, racial or ethnic origin, the contents of communications (as authorized), and data concerning health (“Sensitive PII”). We only use Sensitive PII as necessary to provide our Services, or otherwise as permitted by applicable law. We shall seek explicit consent prior to processing Sensitive PII for any other purpose.

Deidentified Information: We may collect deidentified information from you and aggregate information that may not by itself reasonably identify you as the source when you navigate the Sites (“Deidentified Information”). Deidentified Information may include: (i) device type, (ii) device operating system, (iii) internet browser type, (iv) internet service provider, (v) referring/exit pages, (vi) date/time stamp, and (vii) clickstream information. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law.

Children’s Information: We do not promote our Services to, nor do we intentionally collect or retain PII from, children who are younger than 18 years of age. If we discover that we have inadvertently collected information from a child under 18 years of age, we will promptly take all reasonable measures to delete such information from our systems.

How We Collect Information

We may collect PII and Deidentified Information from you in various ways, including:

Directly from You: We collect PII when you voluntarily submit it to us while completing forms on the Sites, registering for events we host or sponsor, and in connection with other activities, services, features, or resources we make available as part of our Services. The PII we collect depends on how you choose to engage and communicate with us. You can choose not to provide PII to us; however, if you do not provide necessary information, or if you delete or remove it, we may not be able to perform certain services for you.

Through Your Use of the Sites: We may automatically collect PII that your browser transmits when you visit the Sites or otherwise engage with our Services online through the use of automated tracking technologies, such as cookies, log files, pixel tags, and web beacons.

A cookie is a small data file that is transferred to an internet browser, which enables the Sites to remember and customize your subsequent visits. Some cookies allow us to make it easier for you to navigate our Sites, while others are used to enable a faster log-in process or to allow us to track your activities while using our Sites. Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Sites. Please refer to your internet browser’s instructions to learn more about these functions. If you reject cookies, the functionality of the Sites may be limited and you may not be able to participate in several of the Sites’ features.

We may also use clear GIFs (web beacons, pixel tags), which are small graphics embedded invisibly on web pages that function similar to cookies. We may use these tracking technologies to track the activities of users of our Sites, help us manage our web content, and compile statistics about usage of our Sites and Services. We may also use clear GIFs in HTML emails to our Firm community, to help us track email response rates, to identify when our emails are viewed, and to track whether our emails are forwarded.

We may also collect Deidentified Information through automated applications, such as Google Analytics, to evaluate the use of our Sites and Services and improve user experience. These applications may use tracking technologies to perform their services and may combine the information they collect about you on our Sites with other information they have collected for their own purposes. We do not control these third party tracking technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible provider directly.

From Third Parties: We may collect or receive PII about you from service providers and other third parties, including clients, representatives, advisers, government authorities, and public sources, among other sources, who assist us in providing our Services. The privacy practices of these parties may differ from the practices described in this Policy. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third party services and/or third party websites is governed by and subject to the terms and conditions of those third parties and/or third party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third party websites.

How We Use Information

We may use your PII for lawful business purposes: (i) as necessary for the performance of our contract with users, (ii) for our legitimate interests, so long as they are not overridden by users’ own rights and interests, (iii) with your consent (where consent is a basis for data processing), or (iv) as required by law. These purposes include:

To Deliver our Services: We may use your PII to provide our Services to you, communicate with you about your use of the Sites or our Services, provide support, respond to your inquiries, fulfill your requests, and otherwise engage with you as requested.

To Communicate with You: We may use your PII in order to develop and market our Services to you by sharing client alerts, legal or firm news, and other information we think may be of interest to you. You have the right to opt-out of receiving direct marketing at any time.

To Analyze and Improve our Services: We may use your PII for testing, research, analysis, and development, including to develop and improve our Sites and Services. We may also use your PII to audit interactions with our Sites, including counting ad impressions and verifying their quality. All of this is done with the intention of making our Services more useful for you.

For User Experience Personalization: We may use your PII or Deidentified Information in the aggregate to analyze your browsing and usage activities and patterns in order to understand our community’s interests and preferences with respect to the Sites and our Services. This will help us optimize your experience.

For Safety and Security: We may use your PII to promote the safety and security of the Sites, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, or enforce our terms and policies.

We will not collect additional categories of PII or use PII we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How We Disclose Information

We may disclose your PII to third parties for a business purpose as described below. Otherwise, we do not sell, rent, lease, or “share” PII, and will not disclose your PII to third parties without your permission. The CCPA defines “sharing” as the disclosure of PII for cross-context behavioral advertising.

To Our Affiliates: We may disclose your PII to our affiliates and business partners, including other relationship firms.

To Contractors and Service Providers: We may disclose your PII to third party contractors and service providers that assist us in providing user support, communicating with users, and promoting our Services, as well as third party contractors and service providers that provide other services to us relating to our Services and/or the Sites, including our advisers, accountants, and regulators. We only make these business purpose disclosures under written agreements that require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.

Law Enforcement, Safety, and Legal Processes: We may disclose your PII to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your PII: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal or administrative process.

Sale or Acquisition of Assets: If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer your PII as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your PII pursuant to its own privacy policies, and those policies may be different from this Policy.

Other Third Parties: We may disclose your PII to other third parties as expressly authorized by you, or as otherwise permitted or required by law.

Type of Information Disclosed

In the last twelve (12) months, we have disclosed the following categories of PII to the third parties listed below for a lawful business purpose:

PII Category

Category of Third-Party Recipients

Identifiers

Affiliates, Service Providers, Partners, Internet Cookie Data Recipients, Advertising Networks, Data Analytics Providers, Government/Judicial Entities, Social Networks, Clients, Parties and Related Parties in Legal Matters

Financial Information

Affiliates, Service Providers, Partners, Government/Judicial Entities, Clients, Parties and Related Parties in Legal Matters

Categories of PII listed in the CA Consumer Customer Records Law

Affiliates, Service Providers, Partners, Government/Judicial Entities, Clients, Parties and Related Parties in Legal Matters

Characteristics of Protected Classifications Under CA or US Law

Affiliates, Service Providers, Partners, Government/Judicial Entities, Clients, Parties and Related Parties in Legal Matters

Professional or Employment-Related Information

Affiliates, Service Providers, Partners, Government/Judicial Entities, Clients, Parties and Related Parties in Legal Matters

Non-Public Education Information

Affiliates, Service Providers, Partners, Government/Judicial Entities, Clients, Parties and Related Parties in Legal Matters

Internet or Other Similar Network Activities

Affiliates, Service Providers, Partners, Internet Cookie Data Recipients, Advertising Networks, Data Analytics Providers, Government/Judicial Entities, Social Networks

Location Data

Affiliates, Service Providers, Partners, Internet Cookie Data Recipients, Advertising Networks, Data Analytics Providers, Government/Judicial Entities, Social Networks

Security

The security and confidentiality of your PII is very important to us. We use commercially reasonable security measures to protect your PII through the Sites and in connection with our Services. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your PII, we cannot guarantee or warrant that your PII will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or a telecommunications networks.

Data Retention

We will retain your PII (including Sensitive PII, where applicable) while you are a client with us or to the extent necessary to provide our Services. Thereafter, we will keep PII for as long as reasonably necessary: (i) to respond to any queries from users; (ii) to demonstrate we treated users fairly; (iii) for ordinary business continuity procedures; or (iv) to comply with any applicable laws. We delete PII within a reasonable period after we no longer need the information for the purposes set out in this Policy.

Legal Rights

GDPR Data Subject Rights

If you are a data subject located in the EEA or UK, the GDPR grants you certain data privacy rights. Your rights include the:

  • Right to Be Informed: You have the right to know or be notified about the collection and use of your PII.
  • Right to Access: You have the right to request a copy of your PII.
  • Right to Rectification: You have the right to request that we correct any mistakes in your PII.
  • Right to Erasure: Subject to certain exceptions, you have the right to request that we delete your PII.
  • Right to Restrict Processing: You have the right to restrict processing of your PII.
  • Right to Object to Processing: You have the right to object to our processing or your PII.
  • Right to Data Portability: You have the right to receive your PII in a structured, commonly used and machine-readable format.
  • Right to Not be Subject to Automated Individual Decision Making: You have the right not to be subject to a decision based solely on automated processing.

To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights are limited to the extent permitted by applicable law.

California Resident Rights

If you are a California resident, the CCPA grants you certain data privacy rights. Your rights include the:

  • Right to Access: You have the right to request a copy of the specific pieces of PII that we have collected about you in the previous twelve (12) months. The information will be delivered by mail or electronically. Upon receipt of a Verifiable Consumer Request, we will disclose:
    • The categories of PII we have collected about you;
    • The categories of sources from which PII is collected;
    • Our business purpose for collecting PII;
    • The categories of third parties with whom we share PII, if any; and
    • The specific pieces of PII we have collected about you.
  • Right to Data Portability: You have the right to receive your PII in a portable, readily usable format that allows you to transmit your information to another entity without hindrance.
  • Right to Correct Inaccurate Information: You have the right to request that we correct inaccurate information about you that we maintain.
  • Right to Deletion: Subject to certain exceptions, you have the right request that we delete your PII.
  • Right to Be Free from Discrimination: You have the right to not be discriminated against by us for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:
    • Deny goods or services to you;
    • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
    • Provide a different level or quality of goods or services to you; or
    • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by applicable law.

Additional California Privacy Rights

California’s “Shine the Light” law permits California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us at the Contact Information provided below.

Other State Privacy Rights

Residents of certain other states in the U.S. may have additional personal information rights and choices that are not detailed in this Policy, similar to those described above in the “California Resident Rights” section. If you believe you have such rights and wish to exercise them, please use the Verifiable Consumer Request method described below. Please be aware that your rights are limited to the extent permitted by applicable law.

Verifiable Consumer Requests

You can exercise your legal rights by submitting a Verifiable Consumer Request to us by:

Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your PII. Making a Verifiable Consumer Request does not require you to create an account with us. You may only make a Verifiable Consumer Request for access to PII twice in a 12-month period.

The Verifiable Consumer Request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm the PII relates to you. We will only use PII provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We will acknowledge receipt of a Verifiable Consumer Request within ten (10) days. We endeavor to respond to Verifiable Consumer Requests within thirty (30) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to Verifiable Consumer Requests, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Withdraw Consent

Generally, we do not process PII based on consent. However, in the event we do, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on said consent before its withdrawal. If you would like to withdraw your consent, please contact us at the Contact Information provided below.

Cross Border Data Transfer

When you submit PII to us, or when others provide PII to us, we will receive it and process it in the United States. As such, it may be necessary for us to process data subjects’ PII outside of the EAA/UK. In the event we transfer PII outside the EEA/UK, we will take commercially reasonable measures to ensure the transfer complies with applicable data protection laws and PII is securely transferred. Our standard practice is to use standard contractual clauses approved by the European Commission and the UK Information Commissioner’s Office to facilitate such data transfers. If you have any questions about our data transfer practices, please contact us at the Contact Information provided below.

Do Not Track Disclosure

Some internet browsers may transmit “do-not-track” signals to websites with which the browser communicates. Our Sites do not currently respond to these “do-not-track” signals.

SPAM

We do not participate in bulk email solicitations that you have not consented to receiving (i.e., “Spam”).  We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share PII with any third party advertisers.

Third Party Links

The Sites may contain links to other websites or applications (“Linked Sites”) that are not owned by the Firm. We do not control the collection or use of any information, including PII, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for —and will not in any way be liable for—any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Sites are framed within a page of the Sites or made available through our Services.

Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and the Firm is not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Sites and read the privacy policies of Linked Sites.

Modifications

We reserve the right to update this Policy from time-to-time in our sole discretion. If our privacy practices change materially in the future, we will post an updated version of the privacy policy to the Sites. It is your responsibility to review this Policy for any changes each time you engage with our Sites and Services. We will not lessen your rights under this Policy without your explicit consent. If you do not agree with the changes made, we will honor any opt-out requests made after the Effective Date of a new privacy policy.

Accessing, Updating, and Controlling Information

If you ever wish to access, update, change, delete, opt-out of us sharing, or otherwise control your PII, you may do so by contacting us at the Contact Information provided below. To help us process your request, please provide sufficient information to allow us to identify you in our records. We reserve the right to ask for additional information verifying your identity prior to disclosing any PII to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete.

If you wish to opt-out of receiving update messages and/or direct marketing communications from us, you may opt-out by (i) following any instructions included in the communication or (ii) contacting us at the Contact Information provided below. Please be aware that although you may opt-out of update messages and/or direct marketing communications, we reserve the right to email you administrative notices regarding our Services and the Sites, as permitted under the CAN-SPAM Act.

File a Complaint

If you would like to file a complaint with us about our privacy practices, please contact us at the Contact Information provided below. If you are a data subject located in the EEA or UK, the GDPR grants you the right to lodge a complaint with a competent supervisory authority as well. To find a competent supervisory authority in your jurisdiction, please use the following resources:

For the EEA: https://edpb.europa.eu/about-edpb/board/members_en.

For the UK: https://ico.org.uk/global/contact-us/.

Contact Information

If you have questions about this Policy or wish to contact us with questions or comments, please contact us at:

Attn: Kurt R. Hunt

Dinsmore & Shohl LLP

255 East Fifth Street

Cincinnati, OH 45202

[email protected]

Effective Date

This Policy was last modified as of the effective date printed above. This version of the privacy policy replaces and supersedes any prior privacy policies applicable to our Sites and Services.