Effective Date: May 23, 2018
Updated: November 11, 2024
Chapman and Cutler LLP, headquartered at 320 South Canal Street, 27th floor, Chicago, Illinois 60606 (“Chapman,” “we,” “us,” or “our”) respects your privacy and is committed to collecting, maintaining and using Personal Information about you responsibly. This Privacy Policy (the or this “Policy”) explains how we collect, use, store, disclose and otherwise process Personal Information, also referred to as “personal data” from: (i) visitors to any of the websites created and maintained by Chapman, including www.chapman.com and structuredfinanceinsights.com (the “Sites”); (ii) current, former and prospective clients; (iii) visitors to our office(s) or Chapman-hosted events; (iv) attendees at our webinars or other online presentations; and (v) other individuals with whom we may correspond or interact through electronic or other means.
This Policy does not apply to Personal Information: (i) we receive about individuals when we act as service providers to our institutional clients in the course of our attorney-client relationships; or (ii) is collected by any third party through content that may link to or be accessible from or through the Sites. Nothing in this Policy should be construed to create an attorney-client relationship with visitors to our Sites or, conversely, to detract from any of the protections resulting from such relationships. Personal Information obtained from or relating to Chapman’s prospective, current or former clients may be subject to separate or additional terms of any notice, engagement letter or other similar letters or agreements with the client, the American Bar Association’s (ABA) Model Rules of Professional Conduct, and applicable laws and professional principles, in addition to this Policy.
If you are a resident of California, please see the Notice to California Residents section of this Privacy Policy for additional information about our information collection practices.
If you are based in the European Economic Area (“EEA”) or United Kingdom (“UK”), please see the Notice to EEA and UK Individuals section of this Privacy Policy for additional information about our information collection practices.
Terms that are capitalized in this Policy are defined within. Please read this Policy carefully to understand our policies and practices regarding your Personal Information. This Policy may change from time to time as described in the “Changes to Our Privacy Policy” section. Please check the Sites periodically for updates.
1. Information We Collect and How We Collect It
“Personal Information” in this Policy means information that identifies, relates to, describes, is reasonably capable of being associated with, or that could reasonably be linked, directly or indirectly, with a particular individual. Personal information does not include publicly available information from government records, or deidentified or aggregated information.
We collect or receive the following categories of Personal Information in the course of our business, including through your use of the Sites; when you contact or request information from us; when you visit us, register for and attend our events; sign up for our publications or our mailing list; when we provide legal services to our clients; and from our service providers, including technical, billing and accounting firms, data analytics and internet providers:
- Identifiers and Contact Information, such as name, email address, company affiliation, business mailing address and phone number(s).
- Sensitive Personal Information, also referred to as special categories of personal data, which includes information that may be protected under applicable law in certain circumstances including, but not limited to, driver’s license number, Social Security Number (SSN), Tax ID number, passport number, state identification number, other government-issued identifiers, demographic information such as gender; race or ethnicity; financial information, certain types of insurance information, and health-related information. Unless specifically requested and you use the method that we identify for such purpose, we ask that you not send us any confidential or Sensitive Personal Information.
- Financial Information, such as bank account, invoicing, and tax information.
- Audio, Electronic and Visual Information, such as a photograph or video recording when you visit our office; attend a Chapman-hosted webinar or other event; audio recording when you call us; and contents of your emails or other written communications that you send to us.
- Legal Ethics and Regulatory Compliance Information, as required for purposes such as client onboarding procedures, conflict assessments and other due diligence exercises.
- Other Information that you choose to share with us.
Like many websites, we use “cookies” and other technologies such as pixel tags or web beacons on the Sites. Cookies are text files containing small amounts of information that can be downloaded to your device when you visit a website, in order to help the website recognize you and your browsing preferences. We use cookies on the Sites for a variety of different purposes:
- Cookies that are essential in order to enable you to move around the Sites and use their features, such as accessing secure areas of the Sites.
- Functional cookies (including Oracle Eloqua) which are not essential for the Sites to function properly, but allow our Sites to perform certain functionalities such as email services, and collecting feedback.
- Performance and analytics cookies (including GA4) which help us track the number of visitors to our Sites, the pages that you visit, and the videos and other content you access, so we can determine popularity of content, track traffic throughout the Sites, and improve the performance of the Sites.
Depending on your browser settings, the Sites’ technologies may collect:
- Device Information, such as city and country location; device brand, model and name; browser type, internet service provider or mobile carrier; operating system or mobile device platform; and system configuration information.
- Site Usage Information, such as date or time stamps of your Site access; pages, files and other content that you view; and searches you conduct or other actions you take when you visit the Sites.
You can disable cookies on your device at any time by indicating this in the preferences or options menus in your browser. However, doing so may limit your ability to view all the pages of a Site or use online services that require registration. We do not currently respond to web browser “do not track” signals. For more information about website technologies, and ways to disable cookies, visit www.allaboutcookies.org and www.youronlinechoices.com.
2. How We Use Your Information
We may use and disclose the Personal Information we collect for one or more of the following business purposes:
- We use the information you voluntarily provide to us to fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request information or inquire about our legal services, we will use that information to respond to your inquiry.
- At your request or with your consent, to register you for events, or provide you with email alerts regarding events or news that may be of interest to you, and/or other notices about the services we provide to you.
- To perform our contract with you to provide legal services, if you are or become a client of our firm, and to otherwise administer our relationship with you or perform the functions you have directed us to fulfill.
- To provide, support, test, develop and personalize our Sites.
- To provide you with support, including to investigate and address any concerns you raise to us, and monitor or improve our responses.
- To maintain the safety, security, and integrity of our Sites and other technology assets.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Information or as otherwise set forth by applicable law.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our Sites’ users is among the assets transferred.
- For any other purpose, with your consent.
We may supplement the information provided directly to us with information that we receive or obtain from other sources, such as from our staff or personnel, clients, professional advisers, partners and agents of Chapman, third parties with whom we interact, and other publicly available sources. However, we will not use or disclose the Personal Information we collect for purposes that are materially different, unrelated, or incompatible with the purposes for which the information was collected, unless you consent to such use
We will only process Sensitive Personal Information to provide and support our legal services, for our internal business purposes, to comply with our legal obligations and/or to establish, exercise or defend a legal claim.
3. Disclosures of Your Information
Chapman does not sell, share, or otherwise disclose the Personal Information we have collected about you to third parties unless otherwise stated in this Policy or with your consent. We may disclose your Personal Information to the following categories of recipients:
- To our Service Providers who we utilize to help us provide or facilitate our legal services, and which process Personal Information on our behalf in connection with performing those functions. For example, we may disclose information to providers of our client and document management systems, and billing systems; web hosting, cloud hosting and IT providers; financial institutions, and other providers that help us maintain our business operations and provide our legal services. Our Service Providers may also include our professional advisors; auditors; consultants; and agents to provide our legal services, or for operational purposes. These Service Providers are contractually prohibited from selling or sharing, or otherwise utilizing Personal Information for any purpose other than performing the functions for us that are stated in the contract between us. Our Service Providers must implement appropriate security measures to protect your Personal Information consistent with applicable laws.
- With government agencies and regulatory authorities, with your authorization, to administer our services.
- In connection with a reorganization or combination of our firm with another firm; sale, divestiture, restructuring, dissolution, bankruptcy or other change of ownership or control (whether in whole or in part).
- If we determine that the disclosure of specific information is necessary to comply with the request of a law enforcement or regulatory agency or other legal process;
- To protect the legitimate rights, privacy, property, interests or safety of our company; our employees; our clients; or the general public;
- To pursue available remedies or limit damages;
- To respond to an emergency;
- As otherwise permitted by law, and;
- With other parties when we have your consent to do so.
4. Notice to California Residents
This Notice to California Residents supplements the information contained in this Privacy Policy and provides information about our information collection practices relating to California residents as described in the California Consumer Privacy Act, as amended by the California Privacy Rights Act and its implementing regulations (collectively the “CCPA”).
Categories of Personal Information Collected and Disclosed
We have collected or received the following categories of Personal Information in the course of our business within the last twelve (12) months and disclosed these categories of Personal Information within the last twelve (12) months to the following categories of recipients:
|
Categories of Personal Information Collected |
Purpose for Collection and Use |
Categories of Personal Information Recipients |
|
Identifiers, Contact and Verification Information, and Government Identification (name and contact details such as your email address, mailing address, phone number, government identification numbers). |
|
|
|
Financial Information (payment card or bank account, invoicing, and tax information). |
|
|
|
Internet or Network Activity Information (device information, including your browser type and language, device type, mobile network information and operating system, and website interactions, such as the pages visited on the Sites, time spent on each page, whether you’ve clicked on a hyperlink and search queries). |
|
|
|
Inferences (preferences, such as which areas of our services you are interested in). |
|
|
|
Demographic Information (your racial or ethnic origin, gender, age, military status or veteran’s status, which may be considered Sensitive Personal Information and include protected characteristics under state and federal law). |
|
|
|
General Geolocation Data (such as your general location based on your ZIP code or IP address). |
|
|
|
Audio, electronic, visual, or similar information (photograph or audio or video recording, email contents, and other written communications that you send to us). |
|
|
|
Sensitive Personal Information (such as your Social Security, driver’s license, state identification card, or passport number; veteran status; racial or ethnic origin; or certain information in the content of your written communications with us). |
|
|
Sales or Sharing of Personal Information
We do not “sell” or “share” Personal Information, nor have we “sold” or “shared” Personal Information, in the last twelve (12) months, as those terms is defined in the CCPA.
Sensitive Personal Information
We collect, use, disclose or otherwise process Sensitive Personal Information only to provide and support our legal services; for our internal business purposes; comply with our legal obligations; and/or to establish, exercise or defend a legal claim. We do not collect, use, disclose or otherwise process Sensitive Personal Information to infer characteristics of individuals.
5. Notice to EEA and UK Individuals
The following table depicts how we use and disclose the Personal Information we collect from EEA and UK Individuals and the lawful basis for such use and disclosure:
|
Categories of Personal Information Collected |
Lawful Basis for Use and Disclosure |
Categories of Personal Information Recipients |
|
Identifiers, Contact and Verification Information, and Government Identification (name and contact details such as your email address, mailing address, phone number, government identification numbers). |
|
|
| Financial Information (payment card or bank account, invoicing, and tax information). |
|
|
|
Internet or Network Activity Information (device information, including your browser type and language, device type, mobile network information and operating system, and website interactions, such as the pages visited on the Sites, time spent on each page, whether you’ve clicked on a hyperlink and search queries). |
|
|
|
Inferences (preferences, such as which areas of our services you are interested in). |
|
|
|
Demographic Information (your racial or ethnic origin, gender, age, military status or veteran’s status, which may be considered Sensitive Personal Information). |
|
|
|
General Geolocation Data (such as your general location based on your ZIP code or IP address). |
|
|
|
Audio, electronic, visual, or similar information (photograph or audio or video recording, email contents, and other written communications that you send to us). |
|
|
6. Privacy Rights and Choices
You may have certain rights with respect to Personal Information, depending on the applicable data protection laws in your jurisdiction. To the extent these rights apply to you, they may include:
Right to Access Information. You may have the right to request access to your Personal Information and, where technically feasible, be provided a copy of your Personal Information. You may also have the right to obtain information about how we process or disclose your Personal Information.
Right to Review and Correct Information. You may have the right to request that we correct any inaccurate or incomplete Personal Information we have about you.
Right to Delete Information: You may have the right to request that we delete your Personal Information. Please note that we may not be able to delete certain information depending on legal exceptions or obligations. Please see the Data Security and Retention section below for more information about why we may retain your information.
Right to Object to Processing. You may have the right to object to processing of your Personal Information where our legal basis for processing is that of our legitimate interest if you feel that your rights and freedoms are disproportionately impacted by the processing or if your information is processed for direct marketing purposes.
Right to Restrict Processing. In some circumstances, you may have the right to obtain restriction of processing of your Personal Information if, for example, you contest the accuracy of the Personal Information in our systems. Please note that this right is subject to exceptions where processing is necessary to establish, exercise or defend legal claims, or where the processing is necessary to protect the rights of another natural or legal person.
Right to Withdraw Consent. You may have the right to withdraw your prior consent to certain processing of your Personal Information.
Right to Opt-Out of Personal Information Sharing / Targeted Advertising. You may request to opt out of the “sharing” (as defined by applicable laws) of Personal Information, specifically with regard to certain types of behavioral or targeted advertising based on information collected about you on non-affiliated websites, applications, or services through cookies or website technologies. Please note that Chapman does not “sell” or “share” Personal Information as those terms are defined in certain US state consumer data privacy laws such as the California Consumer Privacy Act (CCPA).
Right to Opt-Out of Marketing Communications. You may request that we not use your Personal Information to send you certain emails or other marketing communications. You may also unsubscribe from receiving marketing emails from us by clicking on the “Unsubscribe” link found in those emails or email us at privacy@chapman.com. Please note you may not be able to opt-out of all communications as we may need to send you information related to our Services.
Right to Non-Discrimination. We will not discriminate against you for exercising your privacy rights and choices.
Right to Appeal. You may have the right to submit an appeal if you are not satisfied with the outcome of your request. Please send appeals directly to privacy@chapman.com.
Right to Lodge a Complaint. You may also have the right to submit a complaint to us and/or the applicable supervisory authority including the UK Information Commissioner's Office (www.ico.org.uk). A full list of Supervisory Authorities in the EEA can be found at www.edpb.europa.eu/about-edpb/about-edpb/members_en.
7. Exercising Your Rights
If you would like to exercise the rights that are available to residents of the jurisdiction where you reside, please email us at privacy@chapman.com or call us at (800) 477-7002. In order to protect your Personal Information, we may ask you to provide additional information to verify your identity. You may also have the right to submit a request to exercise your rights through an authorized agent, in which case your agent must present signed written permission to act on your behalf. You may be required to independently verify your identity with us and confirm that you have provided authorization to the agent.
We endeavor to respond to a verifiable data subject request as quickly as possible and no later than one calendar month for requests from EEA or UK individuals, or forty-five (45) days for requests from certain U.S. state residents. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us or are a current or former client of our firm, we will deliver our written response to the contact information we have on file for you. If you do not have an account with us or are not a current or former client of our firm, we will deliver our written response by mail or electronically, at your option.
Depending on the jurisdiction in which you reside and the type of request you make, any disclosures we provide may only cover the 12-month period preceding the verifiable request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
8. Data Transfers from EEA and UK
Chapman is a U.S.-based law firm comprised of offices in the United States. Details regarding our locations can be found at https://www.chapman.com/offices. Your Personal Information may be collected by or transferred within our offices’ integrated computer networks in the United States and transferred to recipients in other countries that may not be subject to data protection laws similar to or be regarded as providing an adequate level of data protection to the jurisdiction in which information is provided to or received by us.
If we transfer Personal Information (i) from within the EEA to countries located outside the EEA that have not received an adequacy decision from the European Commission or (ii) from the UK to countries that are not recognized as offering an adequate level of protection by the UK Government, including within Chapman offices and with our Service Providers, we implement adequate safeguards to appropriately protect such transfer of Personal Information, including on the terms of a valid data transfer agreement incorporating the European Commission’s or the UK Information Commissioner’s Officer’s standard contractual clauses or as permitted under applicable data protection laws.
You may ask for further information about the safeguards we use to protect the transfer of your Personal Information to countries outside of the EEA or the UK by contacting us at privacy@chapman.com.
9. Data Security and Retention
We have implemented appropriate physical, technical and organizational safeguards designed to protect your Personal Information against accidental loss and unauthorized access, use, alteration or disclosure. However, no method of transmission over the internet or method of electronic storage is fully secure or error free. As such, we make no representation as to the efficacy or appropriateness of the technical, administrative and procedural measures we use to safeguard data.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes for which we collected it; as required to satisfy any legal, accounting or reporting obligations; or as necessary to resolve disputes. The criteria used to determine the applicable retention period for your Personal Information includes the length of time we have an ongoing relationship with you and provide services to you and our clients, and whether there is a legal obligation to which we are subject that requires us to retain your information.
10. Links to Third Party Sites
Links to websites that are not operated by or for Chapman (“Third Party Sites”) are provided within this Privacy Policy and within the Sites, solely as a convenience to you. If you click on one of these links, you will leave the Site. This Privacy Policy does not apply to Third Party Sites. We do not control and are not responsible for the content of Third Party Sites or their data privacy practices. We do not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access, through any of the Sites, any of the Third Party Sites listed or linked on this Policy or any of the Sites, you should understand that you do so at your own risk. We recommend that you review the privacy policy of every website that you visit.
11. Notice to Minors
The Sites are not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Sites. We do not knowingly collect Personal Information from children under 16. If you are under 16, do not visit the Sites or any of our blogs or social media sites and do not send any type of information about yourself to Chapman or the Sites, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us as shown in the “How to Contact Us” section.
12. Changes to Our Privacy Policy
We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated Policy on our Sites and update the Policy’s effective date.
13. How to Contact Us
If you have any questions or comments about this notice, the ways in which Chapman collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under the applicable law, please do not hesitate to contact us at:
Phone: (800) 477-7002
Website: www.chapman.com/privacy
Email: privacy@chapman.com
Postal Address:
Chapman and Cutler LLP
Attn: Chief Marketing Officer
320 South Canal Street, 27th Floor
Chicago, Illinois 60606