Privacy Policy

At Nixon Peabody, protecting the confidentiality—and privacy—of information you share with us is a core professional responsibility and a fundamental part of our work. 

This Privacy Policy explains how and why we collect, use, share and store information, including personal information, when you visit our website, request or receive professional services from us, request information from us, participate in Nixon Peabody marketing or educational events, or otherwise provide information to us. This policy applies to website visitors, business contacts, and clients of Nixon Peabody LLP and its subsidiaries. A related privacy policy, available here, applies to the employment relationship between the firm and prospective, current, or former personnel.

We do not sell personal information. We collect, use, and share personal information solely to support the provision and marketing of legal and professional services, and other operational and administrative purposes.

A downloadable copy of this policy is available by clicking here.

Information we collect

When you visit our website, we collect information from your browser about the pages you visit.

When you fill out a form on our website, we collect personal information about you (e.g., e-mail address, state in which you live), which you voluntarily provide in order to receive information or other services from the firm.

When you seek to become a client of the firm, we collect more detailed personal information—directly from you, and from third-party sources, to make sure it is legally and ethically appropriate for the firm to represent you.

When you are a client of the firm, we may collect detailed and sensitive personal information about you, including financial or health information, as may be necessary to provide you with the legal services you request.

When you e-mail personnel at the firm, we collect your e-mail contact information, which may be stored in our customer relationship system, which keeps track of the personnel with whom you are communicating, and the marketing or educational services in which you have expressed interest. This may be combined with publicly available information, e.g., a LinkedIn profile.

We do not knowingly collect information from anyone under the age of 18, nor do we market our services to them.

Where we get personal information

Directly from you, such as when you fill out an online form or communicate directly with our personnel.

Indirectly from you, when you browse our website.

From our clients, who may provide information about their employees, associates, family members, and other third parties, as required to provide professional services.

From Nixon Peabody vendors, such as background screening services, or information in publicly available databases, which provide information needed to perform due diligence on clients and other third parties, as may be required by law or the rules of professional responsibility governing lawyers.

How we use personal information

Nixon Peabody may use and disclose your personal information in the performance under a contract with firm clients, to further its legitimate business purposes (e.g., for operational and administrative uses, or direct marketing) and/or with your consent. These uses will vary depending on the nature of our relationship with you, but include:

  • To provide you with the information that you have requested
  • To provide products and services you have requested
  • To communicate with you about products and services
  • To invite you to events
  • To send you legal news, newsletters, marketing communications, and other materials that may interest you
  • To evaluate, recruit, and hire personnel
  • To bill for services rendered and facilitate payment processing, as applicable
  • To operate, troubleshoot, analyze, and improve our website and digital services
  • As reasonably necessary and appropriate, to detect or prevent fraud, to comply with legal obligations, or protect your, our, or others’ rights
  • As applicable, to confirm your identity for compliance with “Know Your Customer” requirements and other legal or ethical obligations, e.g., screening to avoid conflicts of interest with other clients, responding to data subject access requests
  • To allow Nixon Peabody to pursue remedies or limit liabilities if a dispute arises
  • To fulfill other purposes permitted or required by law
  • For other uses disclosed to you, with your consent

When we share personal information

We share information with third parties when necessary to provide and market our services, to manage the law firm, when we have your consent, or when required by law.

Nixon Peabody may share personal information with its affiliates and subsidiaries for the purposes set out in this policy. However, under no circumstances does Nixon Peabody sell, trade, or barter the information.

Where applicable, we may disclose your personal information to third parties involved in the administration and operation of the firm, e.g., web-hosting companies, information technology providers, event-hosting services, financial services companies, and document management and storage companies. When required or appropriate and feasible, we obtain written assurances from third parties that access personal information that their privacy and security practices are in accord with applicable legal requirements. We may also disclose your personal information to third parties where we sell or merge any or all of our business and/or our assets to a third party, or where we are legally required to disclose your information.

The firm uses third-party service providers to support our marketing program.  With all website visitors, even those who do not complete any forms or otherwise seek our services, certain information is automatically collected through the use of a third-party service, Google Analytics, and similar technologies.  This information helps us administer, protect, and improve our services; analyze usage; and improve users’ experience.

Through Google Analytics, the website collects online identifiers, including cookie identifiers, IP addresses, and device identifiers. Google Analytics collects information and reports website usage statistics. To opt out of being tracked by Google Analytics, visit the Google Analytics Opt-Out Browser Add-on.

The website also uses cookies, which are small files placed on the hard drive of your computer, to improve the operation and functionality of the website. The cookies we use may include:

  • Process Cookies that enable the website to function properly and assist in navigating pages and accessing services. Without these cookies, the website may not function properly.
  • Session State Cookies that collect information about how users interact with a website. This may include the page users visit most often and whether users get error messages from certain pages. These cookies help improve users’ browsing experience, but blocking or deleting these cookies will not render the website unusable.

Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our website. By using our website, you consent to our use of cookies and the placement of cookies on your device for the purposes described.

Links to other third parties

Our website may link to third-party sites that we do not control.  Our website may include integrated content or links to content provided by third parties, e.g., for client payment processing, recruiting purposes, viewing videos, and social media. This privacy policy does not address the privacy, security, or other practices of these third-party service providers. We do not accept any responsibility or liability for their policies or the protection of data you provide to third-party sites accessed via

Privacy Practices: Finer print

The chart below provides additional information about the information we collect, the reason we collect it, and with whom it may be shared, e.g., the categories of third parties with whom the information may be shared. The chart further notes whether that information has been collected or disclosed in the past 12 months. Please note that when providing legal services, each type of personal information listed in the first column may be collected and shared with co-counsel, opposing counsel, regulators, and other third parties, as reasonably required to provide the service requested.

Personal information

Reason for collecting and/or sharing

Categories of third parties

Collected or disclosed in past 12 months

Common identifiers, e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, e-mail address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Provision of legal and other professional services; marketing; due diligence; payment processing and account management; information security; website management; defend or prosecute legal claims.

Information technology and security providers; document management and storage vendors; legal and other professional support vendors; banks and related financial services companies; marketing support vendors.

Collected and disclosed

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).  This includes: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

Provision of legal and other professional services; marketing; due diligence; payment processing and account management; information security; website management; defend or prosecute legal claims.

Information technology and security providers; document management and storage vendors; legal and other professional support vendors; banks and related financial services companies; marketing support vendors.

Collected and disclosed

Protected classification characteristics under California or federal law. This includes: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Provision of legal and other professional services.

Information technology and security providers; document management and storage vendors; legal and other professional support vendors (as may be required to provide the specific legal services requested).

Collected and disclosed

Commercial information.  This includes: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

This information may be collected from publicly available sources, e.g., court records, or through due diligence screening of prospective clients or other third parties.

Not applicable .


Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints; iris or retina scans; keystroke, gait, or other physical patterns; and sleep, health, or exercise data.

Not collected.

Not collected.

Not collected

Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Website management and marketing.

Web hosting, IT security, and marketing support vendors.

Collected and disclosed

Geolocation data.  Physical location or movements.

Web analytic and intrusion detection tools provide information about the location of the computer or device accessing the firm’s website and other technology resources.

Information technology and security vendors.

Collected and disclosed

Sensory data.  Audio, electronic, visual, thermal, olfactory, or similar information.

Certain firm events may be recorded or photographed.

Communications and marketing support vendors.

Collected and disclosed

Professional or employment-related information.  Current or past job history or performance evaluations.

Provision of legal and other professional services; marketing.

Information technology and security providers; document management and storage vendors; legal and other professional support vendors (as may be required to provide the specific legal services requested); marketing support vendors.

Collected and disclosed

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Provision of legal and other professional services.

Information technology and security providers; document management and storage vendors; legal and other professional support vendors (as may be required to provide the specific legal services requested).

Collected and disclosed

Inferences drawn from other personal information.  Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Provisions of legal services and marketing of legal and professional services.

Marketing support vendors.

Collected and disclosed

Choices about your data

You can ask us to stop sending you marketing communications. All marketing communications you receive from us contain an opt-out mechanism that will allow you to register or update your marketing preferences. If you no longer wish to receive marketing communications, you may also send an e-mail to

Website visitors can take steps to limit the amount of personal information collected about you.  As noted above, website visitors can use various tools to limit the amount of information shared with the firm and the third-party vendors it uses to support its website.

Data Privacy Rights: California and EU residents

Legal rights for California consumers

Under California law, certain California residents have rights to request specific information about the personal information the firm collects and/or shares about them. These rights are available to California residents who are clients of the firm, prospective clients, and/or website visitors or certain other business contacts who share personal information with the firm.

Website visitors, prospective clients, and clients may ask for information about the information collected about them. If you have provided personal information to Nixon Peabody, you can request:

  • To know the categories of personal information we have collected about you, the reason(s) we have collected it, the sources of the data, and the categories of third parties with whom we share the information.
  • To know the specific pieces of information we have collected about you (in addition to the information described above).

If you have only provided personal information as a result of browsing our website, i.e., you did not complete any forms or send the firm any e-mails or other communications, the firm is unable to provide information about the specific personal information it holds about you. Please refer to the table above for information about the firm’s general data handling practices. 

Note:  We will not provide information if doing so would violate a duty of confidentiality owed to our clients or any applicable laws and regulations. If you believe a client of the firm has provided Nixon Peabody with personal information about you, please refer your request for disclosures to the client or other relevant third party. In the alternative, you may authorize the firm to relay your request to one of the firm’s clients.

You may also request that Nixon Peabody delete the personal information it holds about you. However, requests to delete data are subject to various limitations by statute and the firm may retain certain data as permitted by law or required by the rules of professional responsibility.

Data requests can be made in the following ways:

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or the requestor’s authority to make the request. An authorized agent may request information on your behalf if they provide evidence of their legal authority to submit such requests.

Questions about the data request process should be directed to or 1-877-807-1213.

Verifying your identity is required before we respond to your request. To verify your identity, we will collect basic personal information about you to match with our records. Next, you will receive an e-mail confirmation that your request was received, as well as information about additional steps that may be required to confirm your identity and verify appropriate contact information. You may make data requests no more than twice in a 12-month period.

We will try to respond to verifiable requests within 45 days.  If we require more time, we will inform you of the reason and extension period in a written response. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We will not discriminate against you for exercising any of your rights under California law.

Legal rights for European residents

Under the European Union’s General Data Protection Regulation (GDPR), transfers of personal information from the European Economic Area (EEA) may be made to jurisdictions that provide adequate protections to the rights of data subjects in the European Union. The United States has not been deemed to provide such protection; therefore, we more generally rely on the following lawful bases for cross-border transfers from the EEA: standard contractual clauses, and the derogations available for contracts and consent.

In addition, residents of the European Union, whose personal information has been provided to the firm, may have additional rights under the GDPR, including, among other things, the right to see a copy of your personal information, the right to correct inaccurate information, the right to object to or restrict use of your information, and the right to have your personal information erased.  If you would like to discuss or exercise these rights, or have additional questions about our compliance with the GDPR, please contact or call the Nixon Peabody Data Request line at 1-877-807-1213.

Nixon Peabody International LLP, which is based in London, is the firm’s representative with respect to the General Data Protection Regulation.  Nixon Peabody International LLP can be reached at 17 Hanover Square, London W1S1BN, United Kingdom; or +44 (0) 20 7096 6600.

Data security

Nixon Peabody secures data through a mix of technical and administrative safeguards that are audited annually by third-party information security experts. The firm’s Rochester, NY, data center has been certified as compliant with ISO 270001, a globally recognized standard for information security. Nixon Peabody also has policies and procedures designed to promote commercially reasonable security practices in accord with U.S. and international requirements. Nonetheless, the transmission of information via the Internet is not completely secure and we cannot guarantee the security of data sent to us electronically over cellular and wireless networks that we do not control. 

Changes to this privacy policy

The effective date of this policy is January 1, 2020, and it was last reviewed on December 21, 2019. It will be reviewed at least annually, and updated in accord with evolving privacy practices and requirements. We encourage you to periodically review this page. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting a notice of the changes in a conspicuous manner on

Contact information

If you have any questions or comments about this policy, the ways in which Nixon Peabody collects and uses your information, or your choices and rights regarding such use, please do not hesitate to contact us at:

Phone: 1-877-807-1213


Postal Address:
Nixon Peabody LLP
Exchange Place
53 State Street
Boston, MA 02109
Attn: Sarah Ragland, Compliance Officer

Back to top