Privacy Policy—Personnel

Our policy

This policy explains how and why we collect, use, and share information to facilitate the employment relationship or administer benefits. It applies to current and former Nixon Peabody personnel, as well as prospective employees and partners. Further information for current employees about your privacy when you use firm technology resources is available in the firm’s Responsible Use of Technology policy. Information provided to the firm outside of the employment relationship is governed by the general Nixon Peabody Privacy Policy.

A downloadable copy of this policy is available here.

Information we collect

When you apply for a position at the firm, we collect contact information and information about your education, background, and professional experience(s) from you.

When you are offered a job with the firm, we collect a wide range of personal information, including sensitive information, directly from you and from third-party sources, in order to perform background screening and conflicts checks.

When you work at the firm, we collect additional personal information directly from you and third parties, in order to administer benefit programs, pay our personnel, review and pay for expenses, foster professional development, and for other firm administrative and operational purposes.

When you visit our offices, or offsite events hosted by the firm, we may collect personal information and ask you to sign visitor logs for security purposes, and we may ask you for information about health symptoms, vaccination status, and recent travel and related medical information for public health screening purposes.

Where we get personal information

Directly from you, such as when you fill out an online form or share information with human resources, employee benefits or finance personnel.

Indirectly from you, when you browse our website, access and use other firm technology resources.

From Nixon Peabody vendors that support operations and administration, such as background screening services, payroll and benefits administrators, and from databases that provide publicly available information.

How we use personal information

Nixon Peabody may use and disclose your personal information to further its legitimate business purposes (e.g., for operational and administrative uses) and/or with your consent. These uses will vary depending on the nature of our relationship with you, but include:

To administer employee benefits and payroll
To facilitate professional development
To track billing and expenses
To provide you with technology resources
To provide alerts and corporate communications (e.g., workplace emergencies, updated benefits information)
To operate, troubleshoot, analyze, and improve the firm’s technology resources (e.g., email, document management, intranet)
As reasonably necessary and appropriate, to detect or prevent fraud, to comply with legal obligations, or protect your, our, or others’ rights
As reasonably necessary to protect public health
To allow Nixon Peabody to pursue remedies or limit liabilities if a dispute arises
To fulfill other purposes permitted or required by law
For other uses disclosed to you, or with your consent

When we share personal information

We share information with third parties for operational and administrative purposes, when we have your consent, or when required by law.

When required or appropriate and feasible, we obtain written assurances from third parties that access personal information that their privacy and security practices are in accord with applicable legal requirements.

Nixon Peabody may share personal information with its affiliates and subsidiaries for the purposes set out in this policy. However, under no circumstances does Nixon Peabody sell, trade, barter, or exchange the information. We may also disclose your personal information to third parties where we sell or merge any or all of our business and/or our assets to a third party, or where we are legally required to disclose your information.

Links to other third parties

Our website and NP Connect may link to third-party sites and services that we do not control. Our website and NP Connect may include integrated content or links to third parties (e.g., for recruiting purposes, social media platforms, employee benefits providers, meal-delivery services, video conferencing, and webinars). This personnel privacy policy does not address the privacy, security, or other practices of these third-party service providers, where you are sharing information directly with them. Please review the privacy policies of such third-party providers before submitting personal information to them.

Data Collection Details

The chart below provides more detailed information about the information we collect, the reason we collect it, and with whom it may be shared (e.g., the categories of third parties with whom your information may be shared). The chart further notes whether that information has been collected or disclosed in the past 12 months.

Reason for Collecting and/or Sharing

The firm collects common personal identifiers for the following uses:
- Legal recruiting
- Background screening
- Administration of employee benefits, payroll and for tax purposes
- Corporate communications and marketing
- Operation of technology resources
- Management of firm operations
- Public health screening and protection
- Physical (office building) security
Categories of Third Parties

Benefits administrators; banks and related financial services; expense and payroll processing; information technology and security providers; document management and storage vendors; legal and other professional support vendors; government agencies; travel and hospitality vendors

Collected or Disclosed in past 12 months

Collected and disclosed
Reason for Collecting and/or Sharing

The firm collects personal identifiers regulated under various California statutes for the following uses:
- Legal recruiting
- Background screening
- Administration of employee benefits and payroll, and for tax purposes
- Operation of technology resources
- Management of firm operations
- Public health screening and protection
- Physical (office building) security
Categories of Third Parties

Benefits administrators; banks and related financial services; expense and payroll processing; information technology and security providers; document management and storage vendors; legal and other professional support vendors; government agencies; travel and hospitality vendors

Collected or Disclosed in past 12 months

Collected and disclosed
Reason for Collecting and/or Sharing

The firm collects personal identifiers protected under California and federal statutes for the following uses:
- Background screening
- Administration of employee benefits and payroll
- Operation of technology resources
- Management of firm operations
- Public health screening and protection
- Physical (office building) security
- Immigration-related services
Categories of Third Parties

Information technology and security providers; document management and storage vendors; legal and other professional support vendors; government agencies.

Collected or Disclosed in past 12 months

Collected and disclosed
Reason for Collecting and/or Sharing

Personnel may choose to use a fingerprint or faceprint ID to secure a firm-provided or firm-supported laptop or other mobile device. However, this information is not stored on firm servers or accessible to other firm personnel. For public health and safety purposes, the firm may require information about physical symptoms or exposure to communicable diseases.

Categories of Third Parties

Government officials and other third parties may have access to information about physical symptoms or exposure to communicable diseases to the extent required by law and/or protect public health.

Collected or Disclosed in past 12 months

Collected and disclosed to the extent required by law and/or to protect public health.
Reason for Collecting and/or Sharing

This information may be collected when firm personnel submit information collected from ride-sharing or similar sites for expense reports, and when enabled on firm-connected mobile devices and laptops. The firm may collect information about your recent travel for public health screening.

Categories of Third Parties

Expense reporting and payment processing vendors.

Collected or Disclosed in past 12 months

Collected and disclosed
Reason for Collecting and/or Sharing

The firm may make audio and visual records of events or meetings; photos may be used for internal and external websites and security purposes. For public health and safety purposes, the firm may conduct scans to assess body temperature of people entering firm offices.

Categories of Third Parties

Communications support vendors; commercial landlords, government officials and other third parties may have access to sensory data to the extent required by law and/or to protect public health.

Collected or Disclosed in past 12 months

Audio and visual information collected and disclosed; collection and disclosure of sensory data for health screening
Reason for Collecting and/or Sharing

This information is collected from job applicants on a third-party site accessible from NixonPeabody.com; the firm maintains personnel files on current and former personnel as may be required by law or the rules of professional responsibility.

Categories of Third Parties

Background screening services; information technology and security providers; document management and storage vendors; other third parties with consent or as required by law or the rules of professional responsibility

Collected or Disclosed in past 12 months

Collected and disclosed
Reason for Collecting and/or Sharing

This information is collected from job applicants on a third-party site accessible from NixonPeabody.com; the firm maintains personnel files on current and former personnel as may be required by law or the rules of professional responsibility.

Categories of Third Parties

Background screening services; information technology and security providers; document management and storage vendors; other third parties with consent or as required by law or the rules of professional responsibility.

Collected or Disclosed in past 12 months

Collected and disclosed
Reason for Collecting and/or Sharing

Nixon Peabody may collect communicable disease detection and prevention information to meet legal and contractual requirements and/or to protect public health.

Categories of Third Parties

Administrative support vendors; marketing event vendors; property managers and owners; other third parties, e.g. clients, or where required by law or contract or to protect public health.

Collected or Disclosed in past 12 months

Collected and disclosed

Legal Rights for European residents

Under the European Union’s (EU’s) General Data Protection Regulation (GDPR), transfers of personal information from the European Economic Area (EEA) may be made to jurisdictions that provide adequate protections to the rights of data subjects in the EU. The United States has not been deemed to provide such protection; therefore, we more generally rely on the following lawful bases for cross-border transfers from the EEA: standard contractual clauses, and the derogations available for contracts and consent.

In addition, residents of the EU, whose personal information, has been provided to the firm, may have additional rights under the GDPR, including, among other things, the right to see a copy of your personal information, the right to correct inaccurate information, the right to object to or restrict use of your information, and the right to have your personal information erased. If you would like to discuss or exercise these rights or have additional questions about our compliance with the GDPR, please contact compliance@nixonpeabody.com.

Nixon Peabody International LLP, which is based in London, is the firm’s representative with respect to the GDPR. Nixon Peabody International LLP can be reached at 17 Hanover Square, London W1S1BN, United Kingdom or +44 (0) 20 7096 6600.

Data security

Nixon Peabody secures data through a mix of technical and administrative safeguards that are audited annually by third-party information security experts. The firm’s Rochester, New York, data center has been certified as compliant with ISO 270001, a globally recognized standard for information security. Nixon Peabody also has policies and procedures designed to promote commercially reasonable security practices in accordance with U.S. and international requirements. Nonetheless, the transmission of information via the Internet is not completely secure, and we cannot guarantee the security of data sent to us electronically over cellular and wireless networks that we do not control.

Changes to this privacy policy

The effective date of this policy is January 1, 2020, and it was last reviewed and updated on November 1, 2021. It will be reviewed at least annually and updated in accordance with evolving privacy practices and requirements. We encourage you to periodically review this page. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you.

Contact

If you have any questions or comments about this policy or the ways in which Nixon Peabody collects and uses your information, please do not hesitate to contact Compliance Officer Sarah Ragland at 617.345.1037; email compliance@nixonpeabody.com or sragland@nixonpeabody.com.

Postal Address
Nixon Peabody LLP
Exchange Place
53 State Street
Boston, MA 02109
Attn: Sarah Ragland, Compliance Officer

Privacy Policy—Personnel

Our policy

Information we collect

Where we get personal information

How we use personal information

When we share personal information

Links to other third parties

Data Collection Details

Common identifiers. This includes real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Commercial information This includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Geolocation dataPhysical location or movements.

Sensory dataAudio, electronic, visual, thermal, olfactory, or similar information.

Professional or employment-related information.Current or past job history or performance evaluations.

Inferences drawn from other personal informationProfile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Communicable disease detection and prevention informationProof of vaccination, negative medical diagnostic test results (e.g. COVID-19 tests); symptom scanning and assessment and related medical information.

Legal Rights for European residents

Data security

Changes to this privacy policy

Contact

Common identifiers.
This includes real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Commercial information
This includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Internet or other similar network activity
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Geolocation data
Physical location or movements.

Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information.

Professional or employment-related information.
Current or past job history or performance evaluations.

Inferences drawn from other personal information
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Communicable disease detection and prevention information
Proof of vaccination, negative medical diagnostic test results (e.g. COVID-19 tests); symptom scanning and assessment and related medical information.