Privacy Notice

Privacy Notice

Last Updated: November 2024

Bricker Graydon LLP (“Bricker Graydon,” “we,” “us,” “our”) takes data privacy seriously. We recognize and value the trust that individuals place in us when providing us with Personal Data, and we are committed to safeguarding the privacy and security of Personal Data we may collect from visitors to our websites and/or the clients to whom we provide legal and other services.

This Privacy Notice (“Notice”) describes how we collect, use, share, or otherwise process Personal Data as a data controller in the course of operating our business, particularly in association with our marketing and business development practices and the operation of our main website (www.brickergraydon.com) and the website of our consulting group, Beyond Consulting Group, LLC d/b/a INCompliance Consulting (www.incomplianceconsulting.com), and our other digital properties that link to this Notice, including our websites, mobile applications, and digital communications (collectively, our “Services”).

While we may also process Personal Data during our legal representation of a client, such processing is performed on behalf of and at the direction of our client, subject to our client agreements and professional responsibilities, and is not covered by this Notice.

“Personal Data” may be defined differently depending on which laws you are subject to.  However, as used in this Notice, Personal Data means information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to a specific natural person. It does not include information that is considered anonymous, de-identified, or aggregated by applicable law.

This Notice aims to help you understand our Personal Data collection, usage, and disclosure practices.

By providing your Personal Data to us (whether via one of our websites, by email, in person, or over the phone), you agree to the processing set out in this Notice. Further notices highlighting certain uses of your Personal Data together with the ability to opt-in or out of selected uses may also be provided to you when we collect Personal Data from you.

Please note: This Privacy Notice does not apply to, and Bricker Graydon is not responsible for, any third-party websites which may be accessible through links from this website. If you follow a link to any of these third-party websites, they will have their own privacy policies, and you will need to check these policies before you submit any Personal Data to such third-party websites.

1. Who we are and what we do

Bricker Graydon is a full-service law firm with offices throughout Ohio and Kentucky and lawyers located throughout the country.  Our affiliate, INCompliance Consulting, provides consulting services to clients across the United States. 

2. The types of information we collect

The types of Personal Data we collect about you depends on your interactions with us and is further described below.

Information You Provide to Us

We collect Personal Data that you provide to us. For example, we may collect Personal Data when you contact us, request that we send you newsletters, alerts, or other materials, register for a webinar or event, fill out a form, respond to a survey, comment on a blog, or otherwise communicate with us.

Depending on the context of your interactions with us, the categories of Personal Data we may collect from you include:

• Unique Identifiers that we can use to identify you as a unique individual, such as your name, telephone number, postal or e-mail address, bar license number, social media identifiers, signature, and government-issued identification numbers (such as your social security number or passport number). If you have registered with a Digital Service, we may also collect your account username and password.
• Demographic Information, which may include sensitive personal information or information about protected classifications, such as your age, gender, race, sexual orientation, marital status, or veteran status.
• Professional and Educational Information related to your occupation, such as your current or previous employers, your job title, or other information about the organization with which you are affiliated. You might also provide information about your professional qualifications or your education, such as your bar information, degrees, fields of study, the institutions you’ve attended, languages, professional memberships, qualifications, and certifications.
• Health Information, such as accessibility requirements and dietary restrictions.
• Geolocation Information, such as your city, state or province, and country. When you access the Services, we may collect precise geolocation information if you permit the Services to access such information so that we may provide you with content based on your location and your proximity to our offices.
• Audio and Visual Information, such as your voice and likeness as captured in photographs, video, or audio recordings if you attend our events, visit our offices, or leave us a voicemail.
• User Content, such as comments or other material you post to our social media pages, blogs, or other forums on our Services.
• Preferences, such as your stated interests, how frequently you wish to receive our newsletters, or other communications.
• Any other information you choose to provide.

You generally can use our Services without providing us with Personal Data, though we may still collect Personal Data automatically as described in the next section.

Information We May Collect Automatically or Generate

We may automatically collect and generate information from and about you when you interact with us or our Services, which may include the following categories of Personal Data:

• Unique Identifiers: Including information that uniquely identifies you or the device through which you interact with our Services, such as your name, e-mail address, username, social media identifiers, IP address, and device and mobile advertising identifiers.
• Device Information: Including information pertaining to the device through which you interact with the Services, such as the type of device used to interact with the Services, that device’s operating system and version, your browser type.
• Interaction Information: Including information about your interaction with our Services, such as the content you view and features you access on our Services, the pages you view immediately before and after you access our Services, whether and how you interact with content available on our Services, and the search terms you enter on our Services. We might also collect information about the events and materials in which you have indicated interest or for which you have registered or requested.
• Geolocation Information: Including information regarding your location, such as your ZIP code, city, state or province, country, or general geographic location as derived from your device data (such as your IP address).
• Inferences: Including information drawn from your interactions with our Services, the events you choose to attend, or any of the other Personal Data available to us.

We and our service providers or third parties engaged on our behalf may use cookies and similar tracking technologies (collectively, “Cookies”) to collect information from and store information on your device when you use, access, or otherwise interact with our Services. For information about how we use Cookies and the choices you may have, please see our Cookies Policy. We do not currently respond to “Do Not Track” signals.

Information We Collect From Other Sources

We may obtain Personal Data from other sources, such as our clients, employees, or business partners, or from business contact databases. We may also receive information about you from social media platforms, such as when you interact with us on those platforms or access our social media content. We may collect information about you from publicly available sources, such as public social media profiles, publications, and other websites or materials available through search engines.

We may collect the following categories of information from these other sources:

• Unique Identifiers, such as name, telephone number, postal or e-mail address, social media identifiers, and device and mobile advertising identifiers.
• Professional and Educational Information about your occupation and professional activities, such as professional licenses held, employers, business contact information, or information about your education, such as your degrees, fields of study, institutions attended, languages, professional memberships, qualifications, and certifications.
• User Content you post or make available online, such as your social media posts or publications.

3. How we use your Personal Data

We will only use your Personal Data where we are permitted to do so by applicable law. Under EU and UK data protection law, the use of Personal Data must be justified under one of several legal grounds. The principal legal grounds that justify our use of your Personal Data are:

• Contract performance: where your information is necessary to enter into or perform our contract with you.
• Legal obligation: where we need to use your information to comply with our legal obligations.
• Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
• Legal claims: where your information is necessary for us to defend, prosecute, or make a claim against you, us, or a third party.
• Consent: where you have consented to our use of your information (you will have been presented with a consent form or facility in relation to any such use and may withdraw your consent through an unsubscribe function).

We may use your Personal Data for lawful business purposes: (i) as necessary for the performance of our contract with users, (ii) for our legitimate interests, so long as they are not overridden by users’ own rights and interests, (iii) with your consent (where consent is a basis for data processing), or (iv) as required by law. We may use your Personal Data in the following ways.

• To provide our legal and other services to you and to conduct our business: to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us;
• To facilitate use of our websites and to ensure content is relevant: to respond to requests for information or inquiries from visitors to our websites and to ensure that content from our websites is presented in the most effective manner for you and for your device;
• For marketing and business development purposes: to provide you with details of new services, legal updates, and invites to seminars and events where you have chosen to receive these. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you, or you may opt-out by contacting us as set out below;
• For research and development purposes: analysis in order to better understand your and our clients’ services and marketing requirements and to better understand our business and develop our services and offerings;
• For recruitment purposes: to enable us to process applications for employment submitted via the Careers section of our website and to assess your suitability for any position for which you may apply at Bricker Graydon;
• To fulfill our legal, regulatory, or risk management obligations: to comply with our legal obligations (performing client due diligence/“know your client,” anti-money laundering, anti-bribery, sanctions, or reputational risk screening, identifying conflicts of interests); for the prevention of fraud and/or other relevant background checks as may be required by applicable law and regulation and best practice at any given time (if false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them); to enforce our legal rights, to comply with our legal or regulatory reporting obligations, and/or to protect the rights of third parties;
• To ensure that we are paid: to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings);
• To inform you of changes: to notify you about changes to our services or our Standard Terms of Engagement for legal services or this Notice;
• To reorganize or make changes to our business: In the event that we undergo a re-organization (for example if we merge, combine, or divest a part of our business), we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process or transfer to that re-organized entity or third party your Personal Data for the same purposes as set out in this Notice or for the purpose of analyzing any proposed re-organization;

4. How we may share the Personal Data that we collect

Bricker Graydon does not sell your Personal Data. We also do not share Personal Data that reasonably identifies you with unaffiliated entities for their independent use except when we have your permission, are doing so at your direction, as needed to comply with our legal obligations, as permitted by applicable law, or as otherwise described in this Notice.

We may also disclose the categories of information we collect to the following categories of recipients in furtherance of the purposes described above:

• Our affiliates: We may share information with our Bricker Graydon offices and business entities located in jurisdictions around the world for any of the purposes listed above.
• Our service providers: We may share information with third parties that perform services on our behalf, such as web-hosting companies, mailing vendors, analytics providers, event hosting services, and information technology providers.
• Law enforcement, government authorities, or third parties with legal rights: We may share information as may be permitted or required by the laws of any jurisdiction that may apply to us, as provided for under contract, or as we deem reasonably necessary to provide legal services. In these circumstances, we strive to take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organization, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
• Parties in connection with a business transaction: We may share information with service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets, as well as any bankruptcy or corporate reorganization.
• Others with your consent or at your direction, including if we notify you that your information may be shared and you provide such information or if you use Bricker Graydon to interact with a third party. For example, we may share your name and bar number with your employer or state bar association in connection with an application for CLE credit, or we may share your name and contact information with a business partner who co-sponsors an event you attend or publication you sign up for or with a social media service if you share or like our content.

We may share anonymous, de-identified, or aggregate information that cannot reasonably identify you with others for any purpose, as permitted by applicable law. Please note that any Personal Data that you post to a profile, blog, comment section, or forum on our Services or social media pages may be available to other users of those forums or, in some cases, made publicly available.

5. International transfers of Personal Data

In the course of providing our services, we will likely need to transfer Personal Data to locations outside the jurisdiction in which you provide it or where you are viewing our website. If you are based in the European Economic Area (EEA), this will mean that your Personal Data may be transferred to, accessible from, and/or stored at, a destination outside the EEA such as the United Kingdom or other countries in which data protection laws may not be as comprehensive as in the EEA.

Regardless of the location of our processing, we will impose the same data protection safeguards that we deploy inside the EEA and implement appropriate measures to ensure that your Personal Data is protected in accordance with applicable data protection laws. Bricker Graydon has a data-sharing agreement in place signed by all Bricker Graydon entities which includes GDPR standard contractual clauses. Similarly, where a third-party service provider processes the Personal Data of EEA or UK residents on our behalf, we will ensure that appropriate measures are in place to ensure an adequate level of protection for your Personal Data, usually by including GDPR standard contractual clauses in our agreements with such third-party service providers (alongside other supplementary technical or contractual measures where necessary).

6. How long we keep your Personal Data

We will retain your Personal Data for as long as is necessary to fulfill the purpose for which this data was collected and any other permitted linked purpose (for example, certain transaction details and correspondence related to any legal services we provide may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). If your Personal Data is used for two purposes, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. Our retention periods are also based on our business needs and good practice.

7. How we protect your Personal Data

We recognize that information security is an integral element of data privacy. While no data transmission (including over the Internet or any website) can be guaranteed to be secure from intrusion, we implement a range of commercially reasonable physical, technical, and procedural measures to help protect Personal Data from unauthorized access, use, disclosure, alteration, or destruction in accordance with data protection law requirements.

Information that you provide to us is stored on our or our service providers’ secure servers and accessed and used subject to our security policies and standards, or those agreed with our service providers.

Everyone at Bricker Graydon and any third-party service providers we may engage that process Personal Data on our behalf (for the purposes listed above) are also contractually obligated to respect the confidentiality of Personal Data.

Alongside our role, please also note that where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites or online services, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

8.Your choices and rights

If you have any questions about our use of your Personal Data, you should first contact us via the details provided below. This Notice is designed to provide you with notice of our recent information practices over the prior twelve (12) months form the “Last Updated” date. This Notice also applies to our current data practices such that it is also meant to provide you with “notice at collection”.  Under certain circumstances and in accordance with EU, U.S. State Privacy Laws[1], or other applicable data protection laws, you may have the right to require us to:

• provide you with further details on the use we make of your information;
• provide you with a copy of information that we hold about you;
• update any inaccuracies in the Personal Data we hold;
• delete any Personal Data that we no longer have a lawful ground to use;
• where processing is based on consent, to withdraw your consent so that we stop that particular processing;
• object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
• restrict how we use your information whilst a complaint is being investigated.

You may also ask us not to process your Personal Data for marketing purposes. We will inform you if we intend to disclose your information to any third-party service provider for this purpose. As indicated above, you can exercise your right to prevent such processing at any time by using an unsubscribe facility or contacting us at marketing@brickergraydon.com.

While it is our policy to respect the rights of individuals, please be aware that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime), our interests (e.g., the maintenance of legal privilege), and some of these rights may be limited (for example, the right to withdraw consent) where we are required or permitted by law to continue processing your Personal Data to defend our legal rights or meet our legal and regulatory obligations.

If you contact us to exercise any of these rights, we will check your entitlement and respond in most cases within 30 – 45 days. Depending on your state of residence, you may be limited to the number of free requests you can make in a 12-month period. If you exceed the number of requests allotted under the applicable state law, we reserve the right to charge a reasonable fee to respond to your request.

If you are in a jurisdiction that recognizes your ability to appeal a decision we have made in connection with your attempt to assert a right under applicable U.S. State Privacy Laws, you may file an appeal of our decision refusing your request to exercise your rights under this Notice. Requests to change our policies or practices are not grounds for an appeal. You may request an appeal of such decision by contacting us at marketing@brickergraydon.com, please provide the state that you are writing from, accompanied with documentation that you may have regarding the matter you are appealing. 

If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you have the right to complain to the relevant Supervisory Authority.

9. How we use cookies and similar technologies

When you visit our websites, we may send a cookie to your computer. This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages. For details of the cookies employed by us, please see our Cookie Policy, which forms part of this Notice. We may also analyze website traffic to identify what visitors find most interesting so we can tailor our websites accordingly.

10. How you can contact us

If you have any questions about this Notice or how we process your Personal Data, please contact us by sending an email to: marketing@brickergraydon.com or by writing to:

Website Team

Bricker Graydon LLP 

100 S. Third St.

Columbus, Ohio 43215

11. How we update this Notice

We may change the content of our websites and how we use cookies without notice, and consequently, our Notice and Cookie Policy may change from time to time in the future. We, therefore, encourage you to review them when you visit the website to stay informed of how we are using Personal Data.

[1] U.S. State Privacy Laws includes but is not limited to: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah and Virginia.