Privacy Policy

Table of Contents

Our Privacy Mission

Goulston & Storrs PC is a full service law firm based in the United States with offices in Boston, New York, and Washington DC. Our work extends across the United States and, although not part of our targeted market, we provide some services to businesses and residents outside of the United States, including in Canada, the Peoples Republic of China, and in the European Economic Area (“EEA”).  The purpose of this Privacy Notice (“Notice”) is to provide transparency to you about how we obtain, use, and maintain your Personal Data and to inform you of the mechanisms available for you to manage how we obtain, use, and maintain your Personal Data.

Contact Us

If, after reviewing this Notice, you have questions or comments, please do not hesitate to contact us at:

Goulston & Storrs PC
400 Atlantic Avenue
Boston, MA 02110
ATTN: Compliance Manager
Email: [email protected]
Phone: 617-574-2222

What is Personal Data

You will see references to “Personal Data” throughout this Notice. Personal Data is information, either by itself or in combination with other information, about a person that enables the person to be individually identified. Personal Data can take many different forms such as the following:

Descriptive Information

  • Name
  • Date of birth
  • Employer
  • Title
  • Gender
  • Photograph 

Contact Information

  • Telephone numbers
  • Physical addresses
  • Email addresses
  • Fax

Marketing Information

  • Username
  • Subscriptions and interests
  • Survey responses

Profile Information

  • IP address
  • Time zone and location
  • Browser type, including plug-ins
  • Preferences provided through internet activity and navigation of our digital resources

How We Obtain Personal Data

Business Related Data

We will collect Descriptive Information and Contact Information from you when we discuss our legal services with you and when we provide those services to you as our client (“Client Data”).  Further, as part of providing you with our services, Client Data may include additional Personal Data that we receive from others, such as information related to your employment, commercial contracts, correspondences, evaluations, tax information, and estate planning documents. 

When we provide services to our clients, we often collect Personal Data about individuals who are not our clients but that is necessary for us to provide our services to our clients, such as during the course of transactions, litigation matters, estate planning, and other services. For example, in responding to a legal request or in the context of a transaction, it may be necessary for a client to share with us Personal Data about you, or for us to collect Personal Data about you from available sources, for us to address the request appropriately or to perform the tasks required to consummate the transaction (“Client Related Data”).

Only if and to the extent necessary to provide our services to our client, we may collect “Sensitive Information,” which may include racial or ethnic origin, political affiliations, religious or philosophical beliefs, sexual orientation, genetic or biological data, or health related data.  When required by statute, law, or regulation, we will procure your express written consent before collecting Sensitive Information about you.

We may also collect certain Contact Information about you if you work at or for one of our vendors or other service providers (“Vendor Contact Data”). 

In this Notice we refer to all Client Data, Client Related Data, and Vendor Contact Data collectively as “Business Related Data.”

Direct Marketing Data

When we interact with you in ways other than as described above, such as through phone calls, email communications, in-person meetings, conferences, or through other events, we may collect Personal Data from you within the categories of Descriptive Information, Contact Information, or Marketing Information. In addition, we use “cookies” on our website and other digital resources.  We do not use "cookies" to collect and distribute your Personal Data to third parties for marketing purposes.  Please see our cookie policy for further information on our use of cookies.  We may collect Contact Information, Marketing Information, or Profile Information about you: (a) when you visit our website and our other digital resources (such as our blogs, including Retail Law Advisor and Tax Law Roundup, and our Advisories), (b) through your navigation of our social media pages or interaction with our social media content (such as through LinkedIn, Twitter, or Facebook), (c) by clicking on any of our digital advertising, or (d) if you register with us to receive any of our email updates, alert mailings, or notifications of events that we sponsor.  We refer to the information that we collect about you described in this paragraph as “Direct Marketing Data.”

How We Use Your Personal Data

We will use your Personal Data only for the purposes for which it was collected. 

All Client Data will be used only for purposes related to performing the services for which the Client engaged us.  All Client Related Data will be used only for purposes related to performing the relevant services for our client.  All Vendor Contact Data will be used only as related to the services being provided to us by the relevant vendor or service provider.  All such uses of Business Related Data may include uses to enforce any of our contracts or to resolve any disputes with clients through litigation or any other dispute resolution mechanisms.

All Direct Marketing Data will be used only to market directly to you the services that we provide, for our internal research to identify the effectiveness of our marketing efforts, to determine new and effective ways to market our services, and to ensure proper performance and usefulness of our digital resources.  Each of our uses of Direct Marketing Data are necessary legitimate business interests.  We use Profile Information for our internal research to assess the performance of our digital resources and to tailor our direct marketing efforts to issues and information that would be of interest to you.  We believe that you will benefit from receiving our marketing materials by learning (i) of our services that may be of interest to you, (ii) of legal updates that may be applicable to you, and (iii) of events that you may wish to attend.  At any time you may withdraw from receiving any or all of our marketing materials.  We provide further information regarding your rights in the section entitled “Unsubscribe” below.

We caution you that Direct Marketing Data collected through third party social media or digital sources (such as LinkedIn, Twitter, Facebook, or banner advertising) may also be subject to the privacy and use policies provided by those sources, which differ from our Notice.  This Notice does not apply to the collection of or use of any Personal Data by the owner, operator, or user of a digital source that we do not control.  This Notice applies only to the manner in which we collect Personal Data and to the Personal Data that we receive.  We encourage you to visit the privacy policies of those other sources and to review our cookie policy for further details on the information that may be collected.


While we hope you enjoy hearing from us and derive value from receiving updates through our blogs or other communications, we understand that your interests or preferences may change. You may modify your preferences or unsubscribe from receiving any marketing communications from us at any time by clicking here or contacting us via the information under Contact Us.  You may also adjust the information that you provide through certain cookies by adjusting your browser settings and by accessing the following sites:

In addition to the ability to modify your preferences and to unsubscribe, you have other rights with respect to your Personal Data, which we describe in the section entitled “Your Rights” below.

How We Share Your Personal Data

Type of Data:

We may share with:

Any Personal Data

Third party vendors who host our information and who assist us in installing and maintaining our information technology systems.  These third party vendors and service providers are bound to us by contract and have agreed to comply with the requirements of this Notice. None of our third party vendors or service providers are granted any rights to use any of your Personal Data for any purpose other than as directed by us.

Our Client Data and Client Related Data (which, in either case, may include Sensitive Information) is hosted in encrypted and tokenized format; none of our third party vendors or service providers can access that data.

Third Parties to perform our legal services (such as with co-counsel, opposing counsel, governmental or judicial authorities, or enforcement agencies), to comply with our own legal obligations, to protect your or another person’s vital interests, or to carry out official tasks.

Third parties and professional service providers if our business or any part of it is transferred, merged, or acquired by another business, or if we acquire all or any part of another business.  Any such sharing of Personal Data will be subject to appropriate confidentiality agreements and you will be notified of any change in control over your Personal Data through a prominent notice on our website.

Business Related Data

Third parties with your express consent.

Direct Marketing Data

Third parties with whom we are co-hosting or co-sponsoring an event. 

Third parties who provide the cookies for our digital resources, subject to our cookie policy.

We do not otherwise share or sell any Direct Marketing Data. To the extent that we do share any Direct Marketing Data, the data will be used solely for the purposes for which it was collected and shared.

Data Security and Retention

We have instituted safeguards to check that our internal procedures meet our stated policies. We also use all efforts reasonably necessary to be sure that our service providers agree to protect Personal Data accessed when providing their services.

We retain your Personal Data only for as long as necessary for us to carry out and fulfill our legitimate business purposes, and our legal and marketing obligations or objectives as set forth in the previous sections. The amount of time that we retain different types of Personal Data varies depending on factors such as the sensitivity of the Personal Data and the purposes for which such Personal Data is used. In particular,

  • we retain Business Related Data for an appropriate period of time after our relationship has concluded in case any legal claims arise relating to our relationship and to fulfill our ethical obligations to our clients; 
  • we retain our Direct Marketing Data until you request removal from our marketing database.  However, when we unsubscribe you from our marketing database, we will store your information in a separate suppression database to be able to confirm our continuing compliance with your unsubscribe request. 

Data Loss

If we become aware of any loss of or unauthorized access to any of your Personal Data, we will meet all of our legally required obligations to notify you and will take action to mitigate the impact and damages to you from such loss or unauthorized access. 

Your Rights

United States Residents

If you are a resident of the United States, by providing us with any of your Personal Data and continuing to access any of our digital resources or by not unsubscribing from receipt of our materials, you agree to our use and sharing of your Personal Data in accordance with the terms of this Notice, subject to the federal and state laws of the United States.  If you do not agree with the terms of this Notice, you must not continue to access our digital sources and you must unsubscribe from receiving any of our digital marketing materials. If you are located outside of the United States, you should be aware that we will collect, process, and maintain your information in the United States.  If you are a resident of the EEA, please see the “EEA Residents” section below.

California residents

If you are a California resident and have an established business relationship with us, you can request a notice disclosing the categories of personal information we have shared with third parties for the third parties’ direct marketing purposes during the preceding calendar year. To request a notice, please submit your request to Goulston & Storrs, Attn: Compliance Manager, 400 Atlantic Avenue, Boston, MA 02110; [email protected].  Please allow 30 days for a response.

EEA Residents

If you are a resident of the EEA, transfers of your Personal Data out of the EEA to the United States are based on our third party service provider either being a certified member of the EU-US Privacy Shield or being subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (such as standard data protection clauses adopted by the European Commission).

Our undertakings under this Notice are intended to be consistent with your rights under the General Data Protection Regulation 2016/679 (“GDPR”).  The GDPR affords you rights that are in addition to those set forth above in this Notice. We will comply with the following additional rights under the GDPR, subject to its terms and conditions:


Subject to legal and ethical restrictions governing our practice of law, you have the right to access the following additional information about your Personal Data to determine that we are processing it lawfully: (i) the purpose of the processing; (ii) the categories of Personal Data; (iii) identification of the recipients and intended recipients of the Personal Data; and (iv) our source of the Personal Data.

Data Portability

If we have your Personal Data because of a contract that we entered into with you (such as Client Data) or because you have consented to providing us your Personal Data, you may request that we provide you with a digital file of the Personal Data that you have provided to us, which includes any records we have collected from observing your digital activities.  We will provide you with such digital file if and in a manner compliant with GDPR.

Updates or Corrections

Subject to our separate confirmation, you may request that we update or correct any of the Descriptive Information and Contact Information that we have about you.

Objection to or Restriction on Processing

If you feel that our access to or our use of your Personal Data impacts your fundamental rights or freedoms, you may object to the processing of such Personal Data or restrict the processing of such data by contacting us through the information provided under Contact Us above. In some cases, we may have legitimate grounds to process such data that may override your rights or freedoms.


You may request that we erase your Personal Data if it is determined that we do not have a legal basis for using it, you withdraw your consent to our processing, you object to the processing and we have no overriding legitimate interest, or  if required by law.

Withdrawal of Consent

If we use your Personal Data in a manner that you have previously consented to, you may withdraw your consent by contacting us through the information provided under Contact Us above.

Unsubscribe or Modify Preferences

If at any time you prefer to receive less marketing or other information from us, you may modify your preferences or unsubscribe by contacting us through the information provided under Contact Us above or as set forth in Unsubscribe above.

Supervisory Authority

If you believe your rights regarding your Personal Data have been breached or if a breach has been inadequately addressed, you have the right to report to or file a complaint with any independent public authority which is established by a European Union member state pursuant to Article 51 of the General Data Protection Regulation.

If you have further questions about your rights as summarized above, or any questions about the Personal Data that we collect and use, please do not hesitate to Contact Us.


We may make changes to our Privacy Notice to keep it current with industry standards and applicable law.  The date of the most recent revisions will be provided on this page.

Version July 9, 2018

© Goulston & Storrs PC 2018