Privacy Policy



At Nixon Peabody, protecting the confidentiality—and privacy—of information you share with us is a core professional responsibility and a fundamental part of our work.

This Privacy Policy explains how and why we collect, use, share, and store information, including personal information, when you visit our website, request or receive professional services from us, request information from us, participate in Nixon Peabody marketing or educational events, or otherwise provide information to us. This policy applies to website visitors, business contacts, and clients of Nixon Peabody LLP and its subsidiaries. A related privacy policy, available here, applies to the employment relationship between the firm and prospective, current, or former personnel.

We do not sell personal information. We collect, use, and share personal information solely to support the provision and marketing of legal and professional services, and other operational and administrative purposes.

A downloadable copy of this policy is available by clicking here.

Information we collect

When you visit our website, we collect information from your browser about the pages you visit.

When you fill out a form on our website, we collect personal information about you (e.g., email address, state in which you live), which you voluntarily provide in order to receive information or other services from the firm.

When you seek to become a client of the firm, we collect more detailed personal information—directly from you, and from third-party sources, to make sure it is legally and ethically appropriate for the firm to represent you.

When you are a client of the firm, we may collect detailed and sensitive personal information about you, including financial or health information, as may be necessary to provide you with the legal services you request.

When you e-mail personnel at the firm, we collect your email contact information, which may be stored in our customer relationship system, which keeps track of the personnel with whom you are communicating, and the marketing or educational services in which you have expressed interest. This may be combined with publicly available information (e.g., a LinkedIn profile).

When you visit our offices, we may collect personal information and ask you to sign visitor logs for security purposes, and we may ask you for information about health symptoms and recent travel and related information for public health screening purposes.

We do not knowingly collect information from anyone under the age of 18, nor do we market our services to them.

Where we get personal information

Directly from you, such as when you fill out an online form or communicate directly with our personnel.

Indirectly from you, when you browse our website.

From our clients, who may provide information about their employees, associates, family members, and other third parties, as required to provide professional services.

From Nixon Peabody vendors, such as background screening services, or information in publicly available databases, which provide the information needed to perform due diligence on clients and other third parties, as may be required by law or the rules of professional responsibility governing lawyers.

How we use personal information

Nixon Peabody may use and disclose your personal information in the performance under a contract with firm clients, to further its legitimate business purposes (e.g., for operational and administrative uses, or direct marketing) and/or with your consent. These uses will vary depending on the nature of our relationship with you, but include:

  • To provide you with the information that you have requested
  • To provide products and services, you have requested
  • To communicate with you about products and services
  • To invite you to events
  • To send you legal news, newsletters, marketing communications, and other materials that may interest you
  • To evaluate, recruit, and hire personnel
  • To bill for services rendered and facilitate payment processing, as applicable
  • To operate, troubleshoot, analyze, and improve our website and digital services
  • As reasonably necessary and appropriate, to detect or prevent fraud, to comply with legal obligations, or protect your, our, or others rights
  • As applicable, to confirm your identity for compliance with “Know Your Customer” requirements and other legal or ethical obligations (e.g., screening to avoid conflicts of interest with other clients, responding to data subject access requests)
  • To allow Nixon Peabody to pursue remedies or limit liabilities if a dispute arises
  • To fulfill other purposes permitted or required by law
  • For other uses disclosed to you, with your consent

When we share personal information

We share information with third parties when necessary to provide and market our services, to manage the law firm, when we have your consent, or when required by law.

Nixon Peabody may share personal information with its affiliates and subsidiaries for the purposes set out in this policy. However, under no circumstances does Nixon Peabody sell, trade, or barter the information.

Where applicable, we may disclose your personal information to third parties involved in the administration and operation of the firm (e.g., web-hosting companies, information technology providers, event hosting services, financial services companies, and document management and storage companies). When required or appropriate and feasible, we obtain written assurances from third parties that access personal information that their privacy and security practices are in accord with applicable legal requirements. We may also disclose your personal information to third parties where we sell or merge any or all of our business and/or our assets to a third party, or where we are legally required to disclose your information.

The firm uses third-party service providers to support our marketing program. With all website visitors, even those who do not complete any forms or otherwise seek our services, certain information is automatically collected through the use of a third-party service, Google Analytics, and similar technologies. This information helps us administer, protect, and improve our services; analyze usage; and improve users’ experience.

Through Google Analytics, the website collects online identifiers, including cookie identifiers, IP addresses, and device identifiers. Google Analytics collects information and reports website usage statistics. To opt out of being tracked by Google Analytics, visit the Google Analytics Opt-Out Browser Add-on.

The website also uses cookies, which are small files placed on the hard drive of your computer, to improve the operation and functionality of the website. The cookies we use may include:

  • Process cookies that enable the website to function properly and assist in navigating pages and accessing services. Without these cookies, the website may not function properly.
  • Session state cookies that collect information about how users interact with a website. This may include the page users visit most often and whether users get error messages from certain pages. These cookies help improve users’ browsing experience, but blocking or deleting these cookies will not render the website unusable.
  • Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies when you direct your browser to our website. By using our website, you consent to our use of cookies and the placement of cookies on your device for the purposes described.

    Links to other third parties

    Our website and e-mail from the firm may link to third-party sites that we do not control. Our website and email communications from the firm may include integrated content or links to content and services provided by third parties (e.g., for client payment processing, recruiting purposes, viewing videos, social media, webinars, and video conferencing). This privacy policy does not address the privacy, security, or other practices of these third-party service providers. We encourage you to review the privacy and security practices of third-party sites and vendors before providing personal information.

    Data Collection: Details

    The chart below provides additional information about the information we collect, the reason we collect it, and with whom it may be shared (e.g., the categories of third parties with whom the information may be shared). The chart further notes whether that information has been collected or disclosed in the past 12 months. Please note that when providing legal services, each type of personal information listed in the first column may be collected and shared with co-counsel, opposing counsel, regulators, and other third parties, as reasonably required to provide the service requested.

    Personal information

    Reason for collecting and/or sharing

    Categories of third parties

    Collected or disclosed in past 12 months

    Common identifiers. This includes real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

    Nixon Peabody collects common personal identifies for a wide range of business purposes, including:

    • To provide legal and other professional services
    • For marketing (unless you have opted out of marketing)
    • To perform due diligence on new clients and other business partners or third parties
    • For payment processing and account management
    • For information security and website management
    • To defend or prosecute legal claims

    Information technology and security providers; document management and storage vendors; legal and other professional support vendors; banks and related financial services companies; marketing support vendors.

    Collected and disclosed

    Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). This includes name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

    Some personal information included in this category may overlap with other categories.

    The firm collects personal information regulated under California law for the same purposes it collects common identifiers:

    • To provide legal and other professional services
    • For marketing (unless you have opted out of marketing)
    • To perform due diligence on new clients and other business partners or third parties
    • For payment processing and account management
    • For information security and website management
    • To defend or prosecute legal claims

    Information technology and security providers; document management and storage vendors; legal and other professional support vendors; banks and related financial services companies; marketing support vendors.

    Collected and disclosed

    Protected classification characteristics under California or federal law. This includes age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

    Note: Information related to exposure to communicable diseases is listed below under the categories for geolocation, biometric information, and sensory information.

    Nixon Peabody collects certain legally protected information for the provision of legal and other professional services.

    Information technology and security providers; document management and storage vendors; legal and other professional support vendors, as may be required to provide the specific legal services requested.

    Collected and disclosed

    Commercial information. This includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

    Nixon Peabody may collect this information from publicly available sources (e.g., court records) or through third-party vendors to perform due diligence screening of prospective clients or other third parties.

    Not applicable .

    Collected

    Biometric information. Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

    For public health and safety purposes, the firm may require information about physical symptoms or exposure to communicable diseases prior to allowing third parties to enter firm offices.

    Government officials and other third parties may have access to information about physical symptoms or exposure to communicable diseases to the extent required by law and/or protect public health.

    Collection and disclosure of health screening information (to the extent required) to begin in mid-2020

    Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

    Nixon Peabody collects Internet and other similar network activity for information security, website management, and marketing.

    Web-hosting, IT security, and marketing support vendors.

    Collected and disclosed

    Geolocation data. Physical location or movements.

    Web analytic and intrusion detection tools provide information about the location of the computer or device accessing the firm’s website and other technology resources and may be used for website management and information security.

    The firm may also collect information about recent travel for public health screening purposes.

    Information technology and security vendors may have access to information about device location; government officials and other third parties may have access to information about recent travel to the extent required by law and/or protect public health.

    Device location information collected and disclosed; collection and disclosure of health screening information (to the extent required) to begin in mid-2020

    Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.

    Certain firm events may be recorded or photographed.

    For public health and safety purposes, the firm may conduct scans to assess the body temperature of people entering firm offices.

    Communications and marketing support vendors (for audio, visual, electronic information); commercial landlords, government officials, and other third parties may have access to sensory data to the extent required by law and/or protect public health.

    Audio, video and electronic information collected and disclosed; collection and disclosure of health screening information (to the extent required) to begin in mid-2020

    Professional or employment-related information. Current or past job history or performance evaluations.

    The firm may collect professional or employment-related information to provide legal and other professional services, or for marketing.

    Information technology and security providers; document management and storage vendors; legal and other professional support vendors (as may be required to provide the specific legal services requested); marketing support vendors.

    Collected and disclosed

    Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

    The firm may collect regulated, non-public education information to provide legal and other professional services.

    Information technology and security providers; document management and storage vendors; legal and other professional support vendors, as may be required to provide the specific legal services requested.

    Collected and disclosed

    Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

    Nixon Peabody may create profiles of its contacts (based on interactions with firm personnel) for marketing and to provide legal and other professional services.

    Marketing support vendors.

    Collected and disclosed

    Choices about your data

    You can ask us to stop sending you marketing communications. All marketing communications you receive from us contain an opt-out mechanism that will allow you to register or update your marketing preferences. If you no longer wish to receive marketing communications, you may also send an email to subscriptioninquiries@nixonpeabody.com.

    Website visitors can take steps to limit the amount of personal information collected about you. As noted above, website visitors can use various tools to limit the amount of information shared with the firm and the third-party vendors it uses to support its website.

    Under California law, certain California residents can request specific information about the personal information the firm collects and/or shares about them. These rights are available to California residents who are clients of the firm, prospective clients, and/or website visitors or certain other business contacts who share personal information with the firm.

    Website visitors, prospective clients, and clients may ask for information about the information collected about them. If you have provided personal information to Nixon Peabody, you can request:

    • To know the categories of personal information we have collected about you, the reason(s) we have collected it, the sources of the data, and the categories of third parties with whom we share the information
    • To know the specific pieces of information we have collected about you (in addition to the information described above)

    If you have only provided personal information as a result of browsing our website (i.e., you did not complete any forms or send the firm any emails or other communications), the firm is unable to provide information about the specific personal information it holds about you. Please refer to the table above for information about the firm’s general data handling practices.

    Note: We will not provide information if doing so would violate a duty of confidentiality owed to our clients or any applicable laws and regulations. If you believe a client of the firm has provided Nixon Peabody with personal information about you, please refer your request for disclosures to the client or other relevant third party. In the alternative, you may authorize the firm to relay your request to one of the firm’s clients.

    You may also request that Nixon Peabody delete the personal information it holds about you. However, requests to delete data are subject to various limitations by statute, and the firm may retain certain data as permitted by law or required by the rules of professional responsibility.

    Data requests can be made in the following ways:

    We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or the requestor’s authority to make the request. An authorized agent may request information on your behalf if they provide evidence of their legal authority to submit such requests.

    Questions about the data request process should be directed to compliance@nixonpeabody.com or 1-877-807-1213.

    Verifying your identity is required before we respond to your request. To verify your identity, we will collect basic personal information about you to match with our records. Next, you will receive an email confirmation that your request was received, as well as information about additional steps that may be required to confirm your identity and verify appropriate contact information. You may make data requests no more than twice in a 12-month period.

    We will try to respond to verifiable requests within 45 days. If we require more time, we will inform you of the reason and extension period in a written response. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    We will not discriminate against you for exercising any of your rights under California law.

    Legal rights for European residents

    Under the European Union’s (EU’s) General Data Protection Regulation (GDPR), transfers of personal information from the European Economic Area (EEA) may be made to jurisdictions that provide adequate protections to the rights of data subjects in the EU. The United States has not been deemed to provide such protection; therefore, we more generally rely on the following lawful bases for cross-border transfers from the EEA: standard contractual clauses, and the derogations available for contracts and consent.

    In addition, residents of the EU, whose personal information, has been provided to the firm, may have additional rights under the GDPR, including, among other things, the right to see a copy of your personal information, the right to correct inaccurate information, the right to object to or restrict use of your information, and the right to have your personal information erased. If you would like to discuss or exercise these rights or have additional questions about our compliance with the GDPR, please contact compliance@nixonpeabody.com or call the Nixon Peabody Data Request line at 1 877 807 1213.

    Nixon Peabody International LLP, which is based in London, is the firm’s representative with respect to the GDPR. Nixon Peabody International LLP can be reached at 17 Hanover Square, London W1S1BN, United Kingdom or +44 (0) 20 7096 6600.

    Data security

    Nixon Peabody secures data through a mix of technical and administrative safeguards that are audited annually by third-party information security experts. The firm’s Rochester, New York, data center has been certified as compliant with ISO 270001, a globally recognized standard for information security. Nixon Peabody also has policies and procedures designed to promote commercially reasonable security practices in accordance with U.S. and international requirements. Nonetheless, the transmission of information via the Internet is not completely secure, and we cannot guarantee the security of data sent to us electronically over cellular and wireless networks that we do not control.

    Changes to this privacy policy

    The effective date of this policy is January 1, 2020, and it was last reviewed and updated on June 25, 2020. It will be reviewed at least annually and updated in accordance with evolving privacy practices and requirements. We encourage you to periodically review this page. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will notify you by posting a notice of the changes in a conspicuous manner on www.nixonpeabody.com.

    Contact information

    If you have any questions or comments about this policy, the ways in which Nixon Peabody collects and uses your information, your choices and rights regarding such use, please do not hesitate to contact us at:

    Phone: 1-877-807-1213

    E-mail: compliance@nixonpeabody.com

    Postal Address:
    Nixon Peabody LLP
    Exchange Place
    53 State Street
    Boston, MA 02109
    Attn: Sarah Ragland, Compliance Officer

Back to top