Goulston & Storrs PC
Privacy Notice
Last updated: December 22, 2024
Goulston & Storrs PC (“Goulston & Storrs”, “we”, “our” or “us”) is a full service law firm based in the United States of America with offices in Boston, New York, and Washington DC. Our work extends across the United States and, although not part of our targeted market, we provide some services to businesses and residents outside of the United States, including in Canada, the Peoples Republic of China, the United Kingdom, and the European Economic Area (“EEA”). We are committed to safeguarding the privacy of our clients, business partners, contacts, job applicants, website visitors, and subscribers (collectively, “you”) and to protecting the personal information you share with us.
This Privacy Notice explains our privacy practices, including how we collect, use, process, maintain, and share personal information in connection with:
- your use of our websitewww.goulstonstorrs.com, which includes our blogs, client advisories, webinars, and our Perspectives online article repository (https://perspectives.goulstonstorrs.com/), and any online services offered through any of these resources (collectively, the “Site”);
- your attendance at any of our events;
- the services offered by Goulston & Storrs to its clients and business partners;
- recruitment and hiring; and
- communications with you, including to respond to your inquiries, inform you about our services and events, and to send you our newsletters (including blogs, client alerts, invitations to webcasts, or other materials).
We store and process your data in the United States of America. If you are contacting us from outside of the United States of America, we are notifying you that the United States of America might not provide the same level of protection and safeguards for your data as in your own country, including that your data may be subject to lawful requests and access by the courts and law enforcement authorities in the United States of America without your knowledge or consent.
- If you are located in the EEA or the United Kingdom, you understand and expressly consent as required by the General Data Protection Regulation 2016/679 (“GDPR”) and the UK Data Protection Act of 2018 (“DPA”) (together referred to as the “GDPR/DPA”) that (a) your data is transferred to and stored in the United States of America, which does not provide the same level of protection and safeguards for your data as in your own country; and (b) your data may be subject to lawful requests and access by the courts and law enforcement authorities in the United States without your knowledge or consent. You are entitled to certain rights under the GDPR/DPA as specified in Your Rights Under the GDPR/DPA below. If you do not consent to the storage of your Personal Information in the United States and that your information is subject to the laws of the United States, do not provide us with any of your Personal Information.
- If you are located in Canada, you are entitled to the rights that we offer to all of our users as set forth in this Privacy Notice. In addition, by providing us with your electronic contact information or using our services within the past two years, you are implying your consent to receive email and other electronic marketing materials from us related to our services. If you use our “Contact Us” feature through our Site or contact us by phone or email to make an inquiry, you are expressly consenting to receive marketing materials from us until and unless you withdraw consent via one of the means we describe in this Policy Notice. Under no circumstance are you required to participate in behavioral advertising to engage us to provide services.
Residents of the following states have certain data privacy rights pursuant to state laws that are currently in effect or that will soon be in effect: California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia. If you reside in one of these states, you may be entitled to the rights described in “Your U.S. State Privacy Rights” below. If you reside in any other state with a consumer data privacy law that becomes effective after the date of this Privacy Notice, we will comply with that law as applicable to our collection and processing of your data.
Contents
- Collection of Personal Information
- How We Use Your Personal Information
- Use of Cookies
- Disclosure of Personal Information
- Security Procedures
- Retention of Personal Information
- Your U.S. State Privacy Rights
- Your Rights under the GDPR/DPA
- Third-Party Links
- Children’s Privacy
- Revisions to this Privacy Notice
- Contact Us
COLLECTION OF PERSONAL INFORMATION
“Personal Information” is information that includes a personal identifier such as your name, email address or physical address, phone number, IP address or device identifier, or any data that is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, back to a natural person, household, or device. This may include unique physical characteristics or biological features such as a photo or fingerprint. Personal Information does not include (a) information made public in any government record, (b) information that has been modified so that it cannot reasonably be used to identify or be associated with a particular individual, household, or device, and (c) information relating to a group or category of individuals where the information cannot be reasonably linked to any specific individual, household, or device.
Some of the Personal Information we receive may be deemed “Sensitive Personal Information,” or a similar term, as defined by certain laws. This information may include racial or ethnic origin, political affiliations, religious or philosophical beliefs, sexual orientation, genetic or biological data, or health related data. We only collect and use Sensitive Personal Information in accordance with privacy laws, upon your consent where required, and as necessary to fulfill legitimate business purposes.
Goulston & Storrs processes Personal Information of (i) our clients and their employees and representatives when using any of our legal services, (ii) individuals who are not our clients where necessary for us to provide our services to our clients, such as during the course of transactions, litigation matters, estate planning, and other services, (iii) users of our Site, (iv) anyone who sends us an inquiry, registers for one of our events, or subscribes to our updates, newsletters, or advisories, (v) individuals who interact with us through phone calls, in-person meetings, conferences, webinars, and other events, (vi) individuals who work at or for our vendors or service providers, and (vii) job applicants and our employees.
We acquire Personal Information (i) provided to us by you, (ii) automatically through our Site, our communications with you, and through other digital services, and (iii) from third parties for our business purposes. We also collect Personal Information through your navigation of our social media pages or interaction with our social media content (such as through LinkedIn, X, or Facebook) or when you click on any of our digital advertising.
We caution you that Personal Information collected through third party social media or digital sources (such as LinkedIn, X, Vimeo, or banner advertising) is also subject to the privacy and use policies of those sources, which differ from our Privacy Notice. This Privacy Notice does not apply to the collection or use of any Personal Information by the owner, operator, or user of a digital source that we do not control. This Privacy Notice applies only to the manner in which we collect Personal Information and to the Personal Information that we receive. We encourage you to visit the privacy policies of those other sources and to review our Cookie Policy for further details on the information that may be collected.
Personal Information we collect to provide our services:
- Contact information, including first name, last name, email address, physical address, work and personal telephone numbers, and other similar identifiers.
- Payment and transactional data needed to provide you with legal services, including billing information.
- Professional or employment-related information, including title, company, and business phone number.
- Other information as reasonably necessary to the specific matters for which Goulston & Storrs provides legal services.
Personal Information we collect to respond to your inquiry, in connection with our events (in-person and digital), and to send you our newsletters and advisories:
- Contact information, including first name, last name, email address, physical address, work and personal telephone numbers, and similar identifiers, and your areas of interest.
- Professional or employment-related information, including job title, company name, and business phone number.
- Other information that you voluntarily provide to us.
Personal Information we collect when you use the Site:
- Our system may collect information about your browser or mobile device automatically when you enter or utilize the Site. We may use cookies and similar technologies to help us understand your activity on our Site, as well as for email communications. Data we collect automatically includes your IP address, other device identifiers, access dates and times, and referring and exiting URLs.
- For areas of the Site that require entry of log-in credentials, we will collect and process the Personal Information provided to us when signing in with us, including your contact details, username, and password. For more information on how to manage your cookie preferences, please see our Cookie Notice.
- We use Google Analytics 4 as a tool to manage interactions with our Site and may use it to manage our online advertising. Google may receive certain device identifiers necessary to target our advertising to specific users. We do not control Google’s use of device identifiers. We encourage you to visit Google’s Privacy Policy at https://policies.google.com/technologies/partner-sites to exercise your options as to Google’s collection and use of Personal Information. You can see how Google collects and uses information through this site: https://myactivity.google.com/.
You can access the Google Analytics opt-out browser add-on here: https://tools.google.com/dlpage/gaoptout
- In addition, we may use tools provided by third parties to allow you to access our social media presence, including our articles and announcements, and to share content from our Site with your social media services, such as LinkedIn, Vimeo, Facebook, Instagram, or X. We provide this access and use these tools to promote and improve our Site and services. We do not control the information collected, used, or shared by these tools.
Personal Information we collect to evaluate and process your application for employment with our firm:
- Contact information, including first name, email address, physical address, work and personal telephone numbers, Social Security number, taxpayer identification information, state identification card number, driver’s license number, employee identification number, employee credentials and related passcode, emergency contacts, and dependents’ names.
- Professional or employment-related information, including job title, employment history, and educational background, as well as information collected from the recruitment, hiring, and termination processes (for example, interview information, CV or resume, cover letters, references, reference letters, transcripts, pre-hire interactions, letters of reference, publicly available social media, letters of offer and acceptance, hire, start and end dates, resignation date, and reasons).
- Education, work experience, certifications, registrations, professional license numbers, training, and language abilities.
- Residency, citizenship, or work authorization status, visa number, military status, sponsorship requirement, nationality, and passport information.
- Performance-related information (including reviews, references, disciplinary procedure information, attendance records) and content for certain job descriptions.
- Characteristics of protected classifications under U.S. federal law and some state laws (including sex, gender, marital status, ethnic origin, date of birth, age, sexual orientation, veteran status, and physical limitations and special accommodations, as needed).
- Where permitted by law and as applicable, we may collect the results of (i) criminal background checks, (ii) drug testing, (iii) a general background search on the highest level of education obtained and employment history, (iv) SSN tracing, (v) a national sex offender registry search, and (vi) a driving record search.
- Other information linked to the Personal Information above as reasonably necessary for Goulston & Storrs’s business purposes.
Personal Information we collect when you and we explore entering an engagement for our services:
- Contact information of the employee or individual contacting use for services, including first name, email address, physical address, work and, if acting in a personal capacity, such individual’s personal telephone numbers, and if required for our legal services, Social Security number, taxpayer identification information, state identification card number, driver’s license number, emergency contacts, and names of family members.
- If relevant to our services, we may collect information about your education, work experience, certifications, registrations, professional license numbers, training, and language abilities, residency, citizenship, or work authorization status, visa number, military status, sponsorship requirement, nationality, and passport information.
- If we are engaged or to be engaged by a company, we will perform a financial and legal background check on the company, which may result in our collecting information relating to certain of the company’s personnel.
HOW WE USE YOUR PERSONAL INFORMATION
We do not (i) use any Personal Information to infer characteristics about you; (ii) enable any automated algorithm to create a personal profile about you; or (iii) sell or share your Personal Information for cross-context behavioral or targeted advertising purposes.
We will only process or use your Personal Information for the purposes for which it is collected, in accordance with this Privacy Notice, with your consent, or where we have a legal basis to do so.
For our legitimate business purposes
Goulston & Storrs processes Personal Information based on its legitimate business interests, which consist of:
- assessing your Personal Information prior to agreeing to provide you with any of our services;
- providing our legal and administrative services to our clients, including to the company for which you are working, and managing our relationship with our clients;
- enforcing any of our contracts or to resolve any disputes with clients or others through litigation or any other dispute resolution mechanisms;
- responding to requests from, and other communications with, competent public, governmental, judicial or other regulatory authorities and responding to valid legal process;
- investigating or participating in civil discovery, litigation, or other dispute resolution proceedings; as well as protecting or defending your rights, property or security or ours;
- responding to your inquiries, including those sent through the Site and, where consent is not required, sending you marketing communications regarding our services and events;
- our internal research to identify the effectiveness of our marketing efforts and to determine new and effective ways to market our services;
- ensuring proper performance and usefulness of our digital resources; and
- as otherwise required by applicable law.
We process Personal Information collected through our Site to store cookies on your device(s) as described in our Cookie Notice.
Individuals may opt out of receiving direct marketing communications at any time by clicking on the opt-out or unsubscribe link included in our marketing communications or sending a request using the contact details specified at the end of this Privacy Notice. Individuals may block cookies as described in our Cookie Notice.
While we hope you enjoy hearing from us and derive value from receiving updates through our blogs or other communications, we understand that your interests or preferences may change. You may modify your preferences or unsubscribe from receiving any marketing communications from us at any time by contacting us via the information under Contact Us. You may also adjust the information that you provide through certain cookies by adjusting your browser settings and by accessing the following sites:
- If you are in the U.S., please see the DAA opt-out program (currently available at http://www.aboutads.info/choices/) or the NAI opt-out program (currently available at http://www.networkadvertising.org/choices/);
- If you are in the EEA, please see the EDAA opt-out program (currently available at http://www.youronlinechoices.eu/).
In addition to the ability to modify your preferences and to unsubscribe from our direct marketing, you may have other rights with respect to your Personal Information, which we describe in the section entitled “Your U.S. State Privacy Rights” or “Your Rights Under the GDPR/DPA” below.
To evaluate and process your application for employment with our firm
Goulston & Storrs processes Personal Information submitted for employment purposes only to evaluate your candidacy, to process your application for employment, and, once employed, to manage your employee relationship at Goulston & Storrs.
To comply with applicable legal obligations
Goulston & Storrs also processes Personal Information to comply with applicable legal obligations to which it is subject, including employment law, and money laundering or anti-bribery checks.
Further information
If you wish to obtain further details regarding our use of Personal Information, please contact us by sending a request using the contact details specified at the end of this Privacy Notice.
Goulston & Storrs uses “cookies” (small data files) on the Site to enable the Site to operate and to improve its functionality and our services. For detailed information about “cookies” and how they are used on the Site, please refer to the Cookie Notice.
DISCLOSURE OF PERSONAL INFORMATION
We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral or targeted advertising purposes.
We may disclose your Personal Information in the following limited circumstances:
- Authorized Third Parties and Service Providers: We disclose your Personal Information to third-party vendors and service providers who provide us with the services necessary for our legitimate business purposes, including information technology services and companies that provide web analytics, advertising, email distribution, and other services to us. These third parties are only permitted to use your Personal Information to the extent necessary to enable them to provide their services to us pursuant to a written contract consistent with the requirements of this Privacy Notice. They are required to follow our instructions and to comply with appropriate security measures to protect your Personal Information.
- Social Media Sites: We do not distribute your Personal Information to third parties for their or others’ marketing purposes. We use tools provided by third parties to allow you to share content from our Site with your social media services, such as LinkedIn, Facebook, Instagram, or X. We use Cookies provided by these services to enable these services to deliver our content and advertising to you when you use those services. We do not control the information collected by social media tools or how that information is used or shared. We also use Google Analytics 4 as a tool to manage interactions with our Site and may use it to manage our online advertising. Google may receive certain device identifiers necessary to target our advertising to specific users. We do not control Google’s use of device identifiers. We encourage you to visit Google’s Privacy Policy at https://policies.google.com/technologies/partner-sites to exercise your options as to Google’s collection and use of Personal Information. You can see how Google collects and uses information through this site: https://myactivity.google.com/.
You can access the Google Analytics opt-out browser add-on here: https://tools.google.com/dlpage/gaoptout
- Other Parties When Required by Law or as Necessary to Perform our Legal Services: We may disclose your Personal Information to others as needed to perform our legal services (such as with co-counsel, opposing counsel, governmental or judicial authorities, or enforcement agencies), to comply with our own legal obligations, to protect your or another person’s vital interests, or to carry out official tasks.
- Other Parties With Your Consent: There may be instances where we disclose your Personal Information to other authorized third parties when you expressly consent to such disclosure.
- Other Parties In Connection With a Transfer of Assets: We may disclose your Personal Information to third parties and professional service providers if our business or any part of it is transferred, merged, or acquired by another business, or if we acquire all or any part of another business. Any such sharing of Personal Information will be subject to appropriate confidentiality agreements and in a manner consistent with this Privacy Notice.
Goulston & Storrs maintains appropriate technical and organizational security procedures to protect your Personal Information from loss, misuse, unauthorized access, disclosure or alteration in accordance with applicable data protection and privacy laws. We also use efforts reasonably necessary to be sure that our service providers agree to protect Personal Information accessed when providing their services to us. In addition to such measures, Goulston & Storrs maintains confidentiality policies that govern all information that any attorney or other personnel of Goulston & Storrs receives in the course of their employment or association with Goulston & Storrs. All attorneys and personnel are made aware of these policies and Goulston & Storrs has in place procedures to train all attorneys and personnel to implement these policies. Despite our efforts, we cannot guarantee that Personal Information will not be accessed, disclosed, or altered by breach of our safeguards. You should take adequate precautions to protect your Personal Information.
RETENTION OF PERSONAL INFORMATION
General principles
Goulston & Storrs will retain your Personal Information for no longer than is necessary for the purposes identified under this Privacy Notice and as permitted by applicable law.
Please note that the data retention period actually applied by Goulston & Storrs may vary, depending on the purpose for which the information was collected.
On the expiration of the applicable data retention periods, Goulston & Storrs will delete or anonymize the relevant Personal Information.
Information collected in connection with providing services
Goulston & Storrs will keep your Personal Information for the whole duration of our services, for an appropriate period of time after our relationship has concluded in case any legal claims arise relating to our relationship, and as reasonably needed to fulfill our ethical obligations to our clients.
Information collected in connection with inquiries, events, and marketing
Goulston & Storrs will keep your Personal Information for communication purposes until you withdraw your consent. However, when we unsubscribe you from our marketing database, we will store your information in a separate suppression database to be able to confirm our continuing compliance with your unsubscribe request.
For your recruitment and employment
Information collected from applicants who do not receive an employment offer will be maintained for a reasonable period of time and then deleted unless required by applicable law, or unless the prospective employee has requested that Goulston & Storrs keep their application on file for consideration for future positions.
For the applicants who are hired, Goulston & Storrs will keep your Personal Information in accordance with its employment policies made available to you.
YOUR U.S. STATE PRIVACY RIGHTS
If you are a California resident and have an established relationship with us, which may include through employment or application for employment, you can request a notice disclosing the categories of Personal Information we have shared with third parties for the third parties’ direct marketing purposes during the preceding calendar year. To request a notice, please submit your request to Goulston & Storrs, Attn: Compliance Manager, One Post Office Square, Boston, MA 02109; [email protected]. Please allow 30 days for a response.
In addition, if you reside in California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, or Virginia, or in any other state that has a consumer data privacy law in effect, you may have one or more of the following rights, subject to the exceptions allowed by law. Although you have the right to make requests relating to exercising your legal rights, we have the right to reject such requests based on this Privacy Notice and the scope of our obligations under applicable law.
- Transparency Under the above listed laws businesses are required to provide you with notice regarding the categories of Personal Information to be collected, the purposes for which the categories of Personal Information are collected or used, whether that information is sold or shared and for what purpose, and the length of time intended to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period, among other information.
- Access / know You have the right to know the categories and specific pieces of Personal Information collected about you, the categories of sources from which the Personal Information is collected, the business purpose for collecting the Personal Information, and the categories of third parties with whom the business shares Personal Information.
- Correct You have the right to correct inaccurate or obsolete Personal Information.
- Delete You have the right to require deletion of your Personal Information under certain circumstances.
- Not to be discriminated against We will not discriminate against you on the basis of your exercising any of your rights afforded by state law.
- Limit You have the right to limit certain uses and disclosure of Sensitive Personal Information.
Opt out of the sale or sharing of Personal Information: You have the right to opt out of our processing of your Personal Information for any of the following purposes: targeted advertising; sale of your Personal Data; and profiling in furtherance of automated decisions. We do not use your Personal Information for any of these purposes.
To exercise or inquire regarding your rights, please contact us at [email protected], or call us at 617-482-1776 and ask for our privacy compliance group.
We will first acknowledge receipt of your request and then follow with a substantive response after such acknowledgement. If we require more time (up to 90 days or the permitted timeframe), we will inform you of the reason and extension period in writing. If we deny your request, you may appeal our decision by emailing your request to [email protected] or calling us at 617-482-1776 and asking for our privacy compliance group. Within 45 calendar days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision.
Only you or your authorized agent may make a verifiable individual request related to your Personal Information. To respond to your requests, we must verify your identity.
- How to Authorize an Agent: You may designate an authorized agent to submit your verified individual request on your behalf, but only if the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.
- How We Verify Your Request: We will only use the Personal Information provided in the context of your request to verify your identity or the authority of your authorized agent to make the request. Depending on how you interact with us, we may require that you provide at least two pieces of Personal Information, such as your name, email address, client reference, or other information that we already have in our possession. We will verify your request by comparing the information you provide to information already in our possession to minimize the risk of fraud.
YOUR RIGHTS UNDER THE GDPR/DPA
If you are in the EEA or the UK, you may have additional rights in relation to the processing of your Personal Information, depending on the relevant situation. These include:
Access |
Subject to legal and ethical restrictions governing our practice of law, you have the right to access the following additional information about your Personal Information to determine that we are processing it lawfully: (i) the purpose of the processing; (ii) the categories of Personal Information; (iii) identification of the recipients and intended recipients of the Personal Information; and (iv) our source of the Personal Information. |
Data Portability |
If we have your Personal Information because of a contract that we entered into with you or because you have consented to providing us your Personal Information, you may request that we provide you with a digital file of the Personal Information that you have provided to us, which includes any records we have collected from observing your digital activities. We will provide you with such digital file if and in a manner compliant with GDPR/DPA. |
Updates or Corrections |
Subject to our separate confirmation, you may request that we update or correct the Personal Information that we have about you. |
Objection to or Restriction on Processing |
If you feel that our access to or our use of your Personal Information impacts your fundamental rights or freedoms, you may object to the processing of such Personal Information or restrict the processing of such data by contacting us through the information provided under Contact Us. In some cases, we may have legitimate grounds to process such data that may override your rights or freedoms. |
Erasure/Removal |
You may request that we erase your Personal Information if it is determined that we do not have a legal basis for using it, you withdraw your consent to our processing, you object to the processing and we have no overriding legitimate interest, or if required by law. |
Withdrawal of Consent |
If we use your Personal Information in a manner that you have previously consented to, you may withdraw your consent by contacting us through the information provided under Contact Us. |
Unsubscribe or Modify Preferences |
If at any time you prefer to receive less marketing or other information from us, you may modify your preferences or unsubscribe by contacting us through the information provided under Contact Us or by clicking on the opt-out or unsubscribe link included in the marketing communication. |
Supervisory Authority |
If you believe your rights regarding your Personal Information have been breached or if a breach has been inadequately addressed, you have the right to report to or file a complaint with the competent data protection authority in the country of your habitual residence, place of work, or place of alleged breach of rights. |
The Site may contain hyperlinks to websites of third parties. This Privacy Notice does not apply to such third-party content or websites. If individuals decide to follow such links, they must be aware that Goulston & Storrs does not take any responsibility for the third-party content or compliance of the third-party website with data privacy laws. Individuals are encouraged to make themselves aware of applicable privacy policies before they submit Personal Information to third-party websites.
Goulston & Storrs does not knowingly collect, use, or disclose Personal Information from children unless and only to the extent directly related to and permitted in connection with the services that we provide. If Goulston & Storrs is made aware that it has collected Personal Information from a child in a manner that is inconsistent with applicable laws, Goulston & Storrs will delete this information as soon as possible.
We do not sell or share the Personal Information of any individuals and, therefore, necessarily do not sell or share the information of children of any age.
REVISIONS TO THIS PRIVACY NOTICE
Goulston & Storrs reserves the right to change or update this Privacy Notice at any time. The applicable version of this Privacy Notice is available on the Site. If such change to the Privacy Notice requires your consent, you will have a choice to consent as to whether or not Goulston & Storrs may use your Personal Information in the revised manner.
To exercise any of your rights, or if you have any other questions about our use of your Personal Information, including if you wish to obtain further details regarding our legitimate interests, please send a request using the contact details specified at the end of this Privacy Notice. Please note that we may ask you to provide us with additional information so that we can verify your identity.
For any requests, questions or comments about this Privacy Notice or the collection, processing, or storage of your Personal Information by Goulston & Storrs, please contact us via e-mail at: [email protected].
or in writing to:
Goulston & Storrs
Attn.: Office of the General Counsel
One Post Office Square
Boston, MA 02109
United States of America