Factor Privacy Policy Overview
Factor Law Inc. (Factor) and its international subsidiaries respect your privacy and are committed to protecting your Personal Data. As a global organization, it is our duty to comply with the various applicable regulations around the world that govern the collection and processing of Personal Data.
Protecting the personal rights and privacy of each individual is at the core of the foundation of trust in our business relationships and of Factor’s reputation as an attractive and responsible employer. We recognize the need for appropriate safeguards and management practices in relation to the collection and use of your Personal Data.
We want to ensure that you understand what information we collect about you and how we use it. This Privacy Policy sets out the principles Factor follows when we collect and process your Personal Data through your use of our website or when you otherwise engage with Factor and it applies to our candidates, clients, suppliers, website-users and anyone who subscribes to our newsletters or participate in our programs or similar activity.
This website is not intended for children and we do not knowingly collect data relating to children.
We may amend this Privacy Policy from time to time, and we will endeavor to inform our contacts of major changes to this policy. You may always review our current policy at this page. If we need your consent to process your Personal Data in a different way, we will seek your permission in advance.
Please use the Glossary to help you understand the meaning of some of the terms used. If you have any questions regarding the policy, contact us at privacy@factor.law.
1. WHO WE ARE
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
3. HOW WE USE YOUR PERSONAL DATA
4. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA
5. HOW WE SHARE YOUR PERSONAL DATA
6. INTERNATIONAL TRANSFERS OF DATA
11. GLOSSARY
1. WHO WE ARE
Factor Law Inc. (“Factor”) is a leading alternative legal services provider headquartered at 33 West Monroe Street, Suite 200, Chicago, IL 60603. Factor Law Inc is a parent entity for EU registered entities as well.
This Privacy Policy is issued on behalf of Factor as a whole. When we mention “Factor”, “we”, “us” or “our”, we are referring to the relevant Factor entity responsible for collecting or processing your data.
Unless specified otherwise in this Privacy Policy, Factor is the controller of your Personal Data which means that Factor decides why and how your Personal Data is processed. Unless otherwise stated the Factor entity you are engaging with will be the controller of your data.
Data Privacy Office
Our Data Privacy Office, which is part of our Legal & Compliance team, is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise any of your legal rights, please contact the Data Privacy Office using the details set out below.
Full name of legal entity: Factor Law Inc.
Address: 33 West Monroe Street, Suite 400, Chicago, IL 60603
Contact: Privacy Office
Email address: privacy@factor.law
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
“Personal Data” is any information about an individual from which that person can be identified. It might include your name, mailing address, email address, telephone number, company, title, site username or site password. It does not include data where the identity has been removed (anonymous data).
We collect, store and process your Personal Data by different methods depending on whether you are a candidate, client, supplier or website user.
WHERE YOU ARE A CANDIDATE:
You may be a past candidate or a candidate in process or you may have participated in our recruitment or other similar events.
We do not mandate the collection of any Special Categories of Personal Data about you through this website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
We will ask for your explicit consent before we collect Special Category Personal Data, except in circumstances:
WHERE YOU ARE A CLIENT:
When you are inquiring about or using our services we collect and use information to understand your requirements, agree role specifications, propose candidates, discuss our contract, provide training or consultancy services or to share Factor content which is likely to be relevant and useful to you.
When supplying services to us or contracting with us we need certain information so that we can receive and pay for the services you provide.
WHERE YOU ARE A WEBSITE USER:
When you are using our website, which may include when you download content or contact us via our website.
3. How we use your personal Data
We collect, process or disclose your Personal Data for our legitimate business purposes including:
4. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA
We rely on the following main grounds to process Personal Data of candidates, clients, suppliers, web users or other third parties:
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at privacy@factor.law.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or seek your consent, providing you with a clear, conspicuous and readily available mechanism for you to exercise choice.
Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
5. HOW WE SHARE YOUR PERSONAL DATA
We will not sell or rent to anyone the Personal Data provided to us or obtained by us.
In certain circumstances we will share your Personal Data with other parties. When we do, we take responsibility and bear liability for such sharing in accordance with this Privacy Policy and applicable law.
We share your data with other entities within Factor acting as joint controllers or processors. We do this to provide sales and marketing, IT, HR, system administration services, product development and undertake internal reporting. We will also share your Personal Data across Factor entities to provide candidates to our clients to fulfill client engagements, for business development, to improve our client service and to make our services more valuable to you.
For a limited period of time, as a result of the Spin-Off, we will also share your data with Factor, AI Digital Contracts Inc. (which was spun off from Factor at the same time as the Spin-Off) and their subsidiaries, under transition services agreements that ensure the same high degree of privacy and confidentiality for your data as applied prior to the Spin-Off. Specifically, Factor will process Factor administrative data, including for IT, HR, and systems administration purposes, until the end of 2019 (or earlier); and AI Digital Contracts Inc. will share certain staff and support with Factor, including receiving client delivery services and providing systems management, for up to six months after the Spin-Off. Over the course of 2019, these functions are expected to be transitioned to permanent arrangements for handling of your data by Factor.
We also share your Personal Data with the following third parties:
We require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable laws. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
We also collect, use and share aggregated data such as statistical or demographic data for purposes which include monitoring how we are doing against our Diversity and Equality targets. Aggregated data is not Personal Data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Personal Data where we are required by law to report on mixes of religious beliefs or political opinions or affiliations.
6. INTERNATIONAL TRANSFERS OF DATA
Factor complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Factor has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
We share your Personal Data within Factor. We transfer the Personal Data we collect about you to countries outside of the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy.
Transfers out of the EEA
If you are located in the European Economic Area (EEA) this may involve transferring your Personal Data outside of the EEA. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
General Safeguards
EU-US Privacy Shield Framework
Please contact us at privacy@factor.law if you want further information on the specific mechanism we use when transferring your Personal Data out of the EEA.
Factor uses industry-standard physical, technical, and administrative controls to protect your Personal Data by:
While we operate to the highest standards we are also aware that the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Where we have given you (or where you have chosen) a password which enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
You should note that this website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their content or privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Factor uses "cookies" on its sites. A cookie is a piece of data stored on a site visitor's system that helps us improve your access to our site and identify repeat visitors to our site.
Cookies can also enable us to track and target the interests of our users to enhance their experience on our site. Except where 1) contacts elect to identify themselves for purposes of receiving information from Factor or inquiring as to a business relationship with Factor or 2) candidates elect to establish and use an account to apply to Factor and employment opportunities with Factor, cookies are not linked to any personally identifiable information.
You can disable or remove any cookies already stored on your computer, but these may stop our websites from functioning properly.
Where we collect your Personal Data, the length of time for which we retain it depends on the type of data, the purpose for which we use that data and our accounting, regulatory and legal data retention obligations. We do not retain Personal Data in an identifiable format for longer than:
After which, it is likely your Personal Data will no longer be relevant for the purposes for which it was collected and we will delete or destroy it.
In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, by you have the right to:
• Request access to your personal information (commonly known as a “subject access request” or “SAR”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
• Object to processing of your personal information where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and/or
• Request the transfer of your personal information to another party.
If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your Personal Data, or request that we transfer a copy of your personal information to another party, please contact us by email at privacy@factor.law.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please send us email at privacy@factor.law. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate legal basis for doing so.
Our response timescales
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is incomplete and we need to write to you for more information or is particularly complex or you have made several requests. In these cases, we will notify you and keep you updated.
The right to complain to a supervisory authority
In the EU we have nominated the UK Supervisory Authority as the Lead Supervisory Authority for our EU based establishments (Poland, UK). You have the right to complain to the Information Commissioner’s Office about how and/or why we are processing your Personal Data.
You also have a right to make a complaint regarding how and/or why we process your data with respect to the EU-US Privacy Shield Principles.
Please see “how to make a complaint”.
Data privacy laws are constantly evolving, and we endeavor to maintain best practice. However, we recognize that we may not always get it right and if you are not satisfied in the way we handle your Personal Data or you wish to discuss our processes then we would like to hear from you.
Factor Complaint process
If there is something which we have not done correctly with your Personal Data then we would appreciate the chance to deal with your concerns before you approach a Supervisory Authority so please contact us in the first instance – privacy@factor.law.
EU Supervisory Authority
In any case, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
In the EU we have nominated the ICO as the Lead Supervisory Authority for our EU based establishments (Poland, UK). You have the right to complain to the Information Commissioner’s Office about how and/or why we are processing your Personal Data for any of our European Entities.
EU-US Privacy Shield
In compliance with the Privacy Shield Principles, Factor commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Factor at: privacy@factor.law
Factor has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
If your complaint is not resolved after following the recourse mechanisms described above, you may have the ability to invoke binding arbitration. More information can be found at the following URL: http://go.adr.org/privacyshieldfiling.html.
11. GLOSSARY
Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to them.
Data Controller: the person or organization that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes.
Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
EEA: the 28 countries in the EU, and Iceland, Liechtenstein and Norway.
Explicit Consent: consent which requires a very clear and specific statement (that is, not just action).
General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Category (Sensitive) Personal Data and pseudonymized Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behavior.
Privacy Notices or Privacy Policies: separate notices setting out information that may be provided to Data Subjects when Factor collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy) or they may be stand-alone, one-time privacy statements covering Processing related to a specific purpose.
Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Special Category or Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offenses and convictions.
REVISION HISTORY
Revision Date |
Version |
Revised by |
Sections |
Description |
Approved by |
4/15/2019 |
1.0 |
C. Kemnitz |
All |
Initial document created by Axiom for Ares |
C. Kemnitz |
8/23/2019 |
2.0 |
L. Flemming |
All |
Document updated to Ardent/AMS |
C. Kemnitz |
9/27/2019 |
2.1 |
L. Flemming |
All |
Text edits based on comments from Privacy Shield analyst |
R. Erxleben |
12/06/2019 |
2.2 |
L.Flemming |
All |
Text edits based on comments from Privacy Shield analyst |
J. Law |
3/10/2020 |
3.0 |
L.Flemming |
All |
Update to Factor template and business use |
J. Law |
2/22/2021 |
4.0 |
L.Flemming |
All |
Text edits based on Privacy Shield response to recertification application |
J. Law |