Effective Date: 1 January 2011
Last Revised: 1 January 2021
- the collection and use of personal information and data as set forth in this Policy;
- emails sent to you for Redline account management purposes;
- emails (of which you may opt-out at any time) sent to notify you of Redline activity; and
- the transfer of your personal data to the US, if you reside outside the US (and if so, you may withdraw this consent at any time via email@example.com).*
*If you reside outside the US:
- the Court of Justice of the European Union (CJEU) has ruled that US government surveillance practices are incompatible with EU data protection rights, due to disproportionate government data collection and a lack of judicial redress for EU citizens, and as such, has invalidated the EU-US Privacy Shield as a legal basis for transferring personal data to the US;
- the response of the US government is here, in which the US Department of Justice, the US Department of Commerce, and the Office of the Director of National Intelligence point to factors (including the availability of judicial remedies for EU citizens) that were not addressed in the CJEU's decision, and that are relevant to your decision to consent to data transfers to the US;
- despite the CJEU's decision, we remain committed to EU-US Privacy Shield principles and requirements, and will continue to maintain our Shield certification, as instructed by the US Department of Commerce; and
- you may withdraw your consent to the transfer of your personal data to the US at any time via email sent to firstname.lastname@example.org.
This Policy tells you how we use and protect personal information and non-personal information and data collected through use of the Site. This Policy covers only information and data that is collected through this Site and no other web sites that may be linked to or from this Site; nor does this Policy apply to practices of companies that we do not control or to people we do not employ or manage.
By accepting the Policy during registration, you expressly consent to our collection, storage, use and disclosure of your personal information and non-personal information as described in this Policy and to all other terms herein.
B. Information Collected
This section details the personal and other information about you or arising from your activities on the Site as may be collected and stored by us (which will be in addition to the information we collect as described in the Terms of Membership).
We collect information about you in various ways when you use the Site. Some of this information may be Personal Data about you. As used in this Policy, "Personal Data" means any information (either alone or in combination with other information we hold) that specifically identifies you as an individual, such as your name, address and physical location, email addresses, and telephone numbers.
As well as Personal Data, we also collect some information that is not personally identifying, including aggregate or anonymized information, which is data we collect about use of the Site or about a group or category of users from which it has never been, or is no longer, possible to identify you (“Nonpersonal Data”; together with Personal Data, collectively "Information").
When you request an invitation to join the membership, or when you are invited to join by us or another member, we collect the following Personal Data:
- first and last name
- email address
- country and (if applicable) state of residence
- date of first admission or certification to practice law
- optional bar association number (if you choose to submit it)
- optional biographical content in aid of evaluating eligibility (if you choose to submit it)
Upon and after registration to join the membership, we collect the following Personal Data:
- login credentials (username and password)
- type of practice (law firm, in-house, government, academic or other)
- area(s) of law practice
- optional employer (if you choose to provide it)
- optional biographical information (if you choose to provide it)
- optional guilds of interest (if you choose to designate guilds)
- to the extent you provide any personally identifying information about you in any Content (as that term is defined in the Terms of Membership) you choose to submit
- to the extent you provide any personally identifying information about you in any communications you have with us
When you use the Site, we automatically collect Nonpersonal Data generated from your usage and activity on the Site, including statistics and data relating to upvotes, downvotes, bounty awarded and given, mojo awarded, best reply/bounty, guilds, content postings, followers and subscriptions. This Policy does not restrict or limit our collection, disclosure and use of Nonpersonal Data.
We do not solicit and do not knowingly collect data from you related to: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sexuality; or genetic or biometric data; or data related to criminal convictions or offenses.
Legal Bases for Collection
We collect and use Personal Data only if supported by a lawful basis. Lawful bases include: (i) consent, which you are free to withdraw at any time; (ii) contract, including the offering and purchase, for a fee or otherwise, of membership and participation in Redline; and (iii) our compelling legitimate interests, including for direct marketing purposes (of which you may opt-out or object), to perform, maintain and improve the Site, and as further set forth in section C, below.
We retain Personal Data from closed accounts, if, for as long as, and to the fullest extent permitted by applicable law, including in order to comply with law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our agreements and policies, and take other actions otherwise permitted by law or as specified elsewhere in this Policy.
C. Our Use of Information
We may use your Personal Data as specified in the Terms of Membership, and to:
(i) fulfill the purposes disclosed when you provided your information to us;
(ii) provide, deliver, and collect payment for the services, products, and customer support you request;
(iii) resolve disputes, collect fees, and troubleshoot problems;
(iv) prevent potentially prohibited or illegal activities, and enforce our Site-related agreements;
(v) provide, customize, measure, and improve our services, membership benefits and the Site's functionality, content and layout;
(vi) provide you with personalized content and offerings;
(vii) tell you about targeted marketing, service updates, and promotional offers including based on your communication preferences; and
(viii) compare information for accuracy, and verify it with third parties.
You have the option of submitting specified and individualized content anonymously. While we endeavor to ensure that such postings remain anonymous, we cannot guarantee absolute anonymity and make no warranty that other users will never be able to determine your identity, such as (without limitation) by observations of your activity on the Site, the manner in which you express yourself, and other patterns of conduct or behavior. Further, it may be possible for other members to ascertain the fact that a member has posted anonymous content.
Further, we may disclose Personal Data to respond to legal requirements, enforce Terms of Membership or Site policies, in connection with a merger, sale of assets, or other similar corporate transactions, respond to claims that a listing or other content violates the rights of others, or protect the rights, property, or safety or any person.
D. Sharing Information
We may also share your Personal Data with other members per the Site's settings (over which you have control), and to:
(i) members of our corporate family to help detect and prevent potentially illegal acts and provide joint services to requesting users;
(ii) service providers, consultants or similar contractors or agents to support or enhance the Site or our business operations, or with whom we contract in order to carry out transactions initiated by you, such as credit card processing organizations, and companies providing services available on the Site (including eg authentication and/or spellcheck services);
(iii) other third parties to whom you explicitly ask us to send your information (or about whom you are otherwise explicitly notified and solicited consent when using a specific service);
(iv) law enforcement or other governmental officials, in response to a verified request relating to a criminal investigation or alleged illegal activity, or to respond to any legal process;
(v) persons as we in our sole discretion believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity;
(vi) in an aggregated and/or anonymized form which cannot reasonably be used to identify you; and
(vii) other business entities, should we plan to merge with, or be acquired by such entities.
Third Party Recipients
We may share Personal Data with the following third parties:
Mailchimp (email marketing)
Rackspace Hosting Services
Clarion Technology (Site developers and administrators)
E. Your Use of the Site
In order to offer the services for which you will use the Site, your username will necessarily be displayed throughout the Site and to the public. All of your activities on the Site will be traceable to your username, from which your actual identity may be known. Notices are sent to other community members regarding suspicious activity and policy violations on the Site and refer to usernames and specific items. Please understand that because you link your name with your username, others will be able to personally identify your activities.
The Site may utilize "cookies", which are small text files placed on your computer or device and which are essential to operating the site, including to help identify you and maintain your signed-in status. You are always free to decline Site cookies via your browser settings, although doing so may interfere with your use of the Site. To learn more about cookies, please visit allaboutcookies.org.
The following is a list of the cookies that may be used and installed on your computer or device by the Site:
|SESS[*]||Fix user's session||Session-only||Redline||Functional|
Functional - these cookies are necessary for the Site to function properly.
Analytical - these cookies allow us to understand how visitors use our Site, so we can measure and improve how the Site works.
Duration - cookies may be session-only, in which they expire at the end of each browser session, or may expire at a certain date.
Your password deserves careful thought and protection. Use unique numbers, letters, and special characters and do not disclose your password to anyone. If you do share your password or your personal information with others, you are responsible for all actions taken in the name of your account. If you lose control of your password, you may lose substantial control over your personal information and may be subject to legally binding actions taken on your behalf. If your password has been compromised for any reason, you should immediately access your profile on the Site to change your password and notify us immediately at email@example.com.
H. Your Rights & Choices
You can see, review and change most of your Personal Data by logging into the Site and navigating to the Settings page or by editing Content via Site controls for that purpose. You have the right to request that we not process your Personal Data for marketing or promotional purposes. You may also opt-out of receiving promotional emails from us by following the instructions in the emails or via email sent to firstname.lastname@example.org. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.
Rights to Review, Rectify, Erasure, and Portability
You can review and change your Personal Data at any time via the Settings page or by contacting us. If at any time you choose to opt out from allowing us to share with or disclose to non-agent third parties your personal information in the future, or if you wish to request access to, or deletion or modification of, any Personal Data that we have about you that we don't already make available to you for your review and deletion or modification, contact us directly via email to email@example.com. We endeavor to provide such data in a portable, structured, commonly-used, and machine-readable format.
Upon receipt and process of a reasonable request, we will, within a commercially reasonable period of time, comply with such request to the extent technically and commercially feasible. Note that requests to terminate disclosure to third parties may frustrate or render impossible our ability to provide the Site or conduct transactions initiated by you.
We advise you to promptly update your Personal Data if it changes or is inaccurate. Once you make a public (to the members or otherwise) Content posting, you may not be able to change or remove it. If you deactivate your membership, your profile page (with a notice that your membership has been deactivated) will still be visible and all your Content will still be accessible.
Right to Object
You may exercise your right to object, if no opt-out mechanism is otherwise made available to you (including objecting to the basis of use for the purpose of our legitimate interest), by sending an email to firstname.lastname@example.org.
Except as otherwise expressly included in this Policy, this document addresses only the use and disclosure of information we collect from you. If you disclose your information to others, whether they are users on the Site or other sites throughout the internet, different rules may apply.
The Site is not directed to persons under 18 years of age, and we do not knowingly collect personal information from such persons. If you are younger than 18, please do not provide any personal information to us. If a person 18 years of age or younger has provided personal information to us, a parent or guardian of such person should contact us at email@example.com so that we can remove such personal information from our database.
Redline is located in the United States, as are the servers that make the Site available. All matters relating to privacy issues are governed by the laws of the United States and the State of California. Nothing in this Policy will be construed as an admission or implication that we are subject to the laws or jurisdictions of any national or international jurisdiction or governmental entity, or to non-US law.
L. Data Security
We take appropriate technical and organizational measures made available to us by our hosting provider to maintain the security of your personal information on the Site. However please remember that any messages you send over the internet are not secure unless they are appropriately encrypted. Despite our efforts, third parties may unlawfully intercept or access transmissions or private communications, and other users may abuse or misuse your personal information that they collect from the Site.
M. Policy Changes
We may amend this Policy from time to time. If we make any changes to this Policy, we will post the amended terms here and change the "Last Revised" date above.
N. Questions or Complaints
If you have any questions about this Policy, please contact us at firstname.lastname@example.org.
You have the right to lodge complaints with your applicable local data protection authority, but we hope that you will try to work things out with us first.
The United States Department of Commerce and the European Commission have agreed on a set of Privacy Principles and Supplemental Principles to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States (the "EU-US Privacy Shield"). The EU also has recognized the EU-US Privacy Shield as providing adequate data protection. The United States Department of Commerce and the government of Switzerland have agreed on a similar set of principles to enable U.S. companies to satisfy the requirement under applicable Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States (the “Swiss-US Privacy Shield”). Consistent with its commitment to protect personal privacy, we adhere to the principles of the EU-US Privacy Shield and the Swiss-US Privacy Shield in effect as of the last revised date above (the “Privacy Shield Principles”) as documented in this policy.
We comply with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles.
For purposes of this Policy, the following definitions will apply:
- “agent” means any third party that collects or uses personal information under our instructions and for us, or to which we disclose personal information for use on our behalf.
- “personal information” and "personal data" means any data, information or data/information set(s) that identifies or could be used by or on behalf of us to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
- “sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, we will treat as sensitive personal information any information received from a third party where that third party treats and explicitly identifies the information as sensitive within the same meaning as used here.
C. Privacy Shield Principles
(i) Notice. Where we collect personal information directly from individuals in the EU, we will inform such individuals about the purposes for which we collect and use personal information about them, the types of non–agent third parties to which we disclose that information, the choices and means, if any, we offer individuals for limiting the use and disclosure of personal information about them, and how to contact us. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information, or as soon as practicable thereafter, and in any event before we use or disclose the information for a purpose other than that for which it was originally collected.
Where we receive personal information from our subsidiaries, affiliates or other entities in the EU, we will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
(ii) Choice. We will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose that is materially different than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, we don't solicit such information and there's no need to disclose such information in order to use the Site. If we elect in the future to solicit such information, we will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of such solicited information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
We will provide individuals with reasonable mechanisms to exercise their choices.
(iii) Data Integrity. We will use personal information only in ways that are compatible with and relevant to the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that personal information is reliable to its intended use, accurate, complete, and current. We will remain compliant for as long as we retain personal information. Personal information will be retained in a form identifying or making identifiable an individual only for so long as necessary to process such information, subject to our right to retain such information for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis.
(iv) Accountability for Onward Transfer. To transfer personal data to an agent, we will: (a) transfer such data only for limited and specified purposes; (b) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (c) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with our obligations under the Privacy Shield Principles; (d) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles; (e) upon notice, including under (d), take reasonable and appropriate steps to stop and remediate unauthorized processing; (f) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request; and (g) enter into enforceable contracts with agents consistent with this Policy.
We will undertake to obtain assurances from our agents that they will safeguard personal information consistent with this Policy. Examples of appropriate assurances that may be provided by agents include: (g) a contract obligating the agent to provide at least the same or substantially similar level of protection as is required by the relevant Privacy Shield Principles, (h) such agent being certified as Privacy Shield Principles-compliant, (i) such agent being subject to the EU Data Protection Directive, or (j) such agent being subject to another EU or Swiss adequacy finding (e.g., companies located in Canada). Where we have knowledge that an agent is using or disclosing personal information in a manner contrary to this policy, we will take reasonable steps to prevent or stop such use or disclosure.
(v) Access and Correction. Upon request, we will grant individuals reasonable access to personal information that it holds about them. In addition, we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete, or that has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
(vi) Security. We will take reasonable and appropriate measures to protect personal information in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and nature of the personal data.
We have further committed to refer unresolved Privacy Shield complaints to JAMS (jamsadr.com), an alternative dispute resolution provider located in the United States, which serves as our third-party dispute resolution provider for Privacy Shield Principles-related disputes. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Individuals may submit complaints on an individualized basis (and not purporting to be acting in a representative capacity or on behalf of a class) to JAMS. No damages, fees, or other remedies are available. Arbitrators will have the authority only to award individual-specific non-monetary equitable relief (such as access, correction, deletion, or return of the individual data's in question). Each party will bear its own attorneys fees, subject to the rules of JAMS.
In addition, individuals may submit disputes to binding arbitration who first comply with pre-arbitration requirements. This arbitration may not be invoked and is not available if the individual’s same claimed violation of the Privacy Shield Principles: (a) has previously been subject to binding arbitration; (b) was the subject of a final judgment entered in a court action to which the individual was a party; or (c) was previously settled by the parties. In addition, arbitration is not available if an EU Data Protection Authority: (d) has authority under Sections III.5 or III.9 of the Privacy Shield Principles; or (e) has the authority to resolve the claimed violation directly with us.
F. Contact Information
Questions or comments regarding this policy should be submitted to the Redline Privacy Office,1320 San Anselmo Ave., San Anselmo, California, 94960 USA, or via e-mail to email@example.com.
CALIFORNIA PRIVACY RIGHTS
A. “Do Not Track” under the California Online Privacy Protection Act. We do not change system behavior within Redline in response to browser requests not to be tracked. We do not engage in the collection of personally identifiable information from users across third party sites or applications. We are not aware of any processes for others collecting personal information about your activities on the Site over time and across third party websites, apps, or other online services; nor do we knowingly collect information about your activities over time across third party sites and services.
B. California's "Shine the Light" law (Civil Code Section § 1798.83). This law permits users of the Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to us at firstname.lastname@example.org.
C. California Consumer Privacy Act (CCPA). We are not a "business" as that term is defined in the CCPA, and therefore are not subject to the CCPA.