Privacy

Finnegan, Henderson, Farabow, Garrett & Dunner, LLP and its related entities operating globally under the Finnegan brand, (collectively, “Finnegan”) appreciates the trust and respects the privacy of everyone who uses its Website(s). This Privacy Statement explains how Finnegan collects, uses, stores, and protects the information that we collect from users of our Website(s), as well as your rights and choices regarding the information that we collect.

Finnegan is global law firm with domestic and international business clients. As a result, information that we collect on our Website(s) from overseas, including personal information, may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, personal information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the information was initially collected. In all such instances, we use, transfer, and disclose personal information solely for the purposes described in this Privacy Statement.

Information Collection Not Covered by this Privacy Statement

This Privacy Statement also does not apply to personal information that Finnegan collects and uses for employment-related purposes, whether through this Website or through a Website operated on our behalf by a third-party service provider.

This Privacy Statement also does not apply to data that Finnegan collects when it provides services to its Clients through its client-use-only secured internet portal (“Client Site”). When you access the Client Site, you are doing so in a business capacity as a representative of your company.

What Finnegan Means by "Personal Information"

For purposes of this Privacy Statement, “Personal Information” means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source. Personal Information stops being personal information when it has been aggregated, de-identified, or otherwise anonymized sufficiently that the individual is no longer identified or identifiable using reasonable efforts, resources, and technology.

Information We Collect From and About You

Categories of Personal Information that We Collect on the Website(s)

Names
Physical address
Email addresses
Telephone numbers
Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title
Personal information that you choose to share with us voluntarily when you ask a question, request follow-up, or otherwise interact with us
Identifiers of devices used to access the Website
Locations of devices used to access the Website

Information that You Provide to Us Voluntarily

If you choose to communicate with us through an online form, by sending us an email, by requesting additional information, by registering for one of our events, by purchasing goods or services from us, or by otherwise contacting us, we will collect whatever information, including personal information, that you choose to provide us with. We will combine that information with other information that we collect from and about you as described in this Privacy Statement.

Information that We Collect Automatically When You Visit Our Website

Logs

Our Website(s) automatically creates logs regarding user sessions that contain information about the features that you use, the actions that you take, and the information that you access. When your session ends, Finnegan only retains the information in a statistical and aggregated format (non-personal information) that we use for research purposes, assessing the effectiveness of our Website(s), and improving user experience.

Cookies are small pieces of information transferred to your computer’s hard drive through your web browser to enable our systems to recognize your preferences and settings. Cookies collect information such as the type of search engine used, the sections of the Website(s) visited, and other Website(s) usage information. We use cookies to help recognize that a device has visited our Website(s) previously, therefore allowing us to recommend Finnegan content that is relevant to you as you navigate the Website(s). We do not use cookies for advertising purposes, nor do we use cookies to identify individuals or store your personal information, unless you have voluntarily provided your personal contact details such as name, mailing address, e-mail address, and company through our subscription form. You may opt not to accept or disable cookies on our Website(s). Our Website(s) may still be viewed if you choose to disable cookies, but your use and enjoyment of our Website(s) may be adversely affected and the “Your Finnegan” feature will be disabled as well.

Analytics

Our Website(s) use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google uses cookies to help us analyze how visitors use our Website(s). The information generated by the cookie about your use of our Website(s)s is generally transmitted to and stored on a Google server in the United States. We have activated IP anonymization so that Google will truncate/anonymize the last eight-bit segment of your IP address. Google will use this information for evaluating your use of our Website(s), compiling reports on the Website(s) activity, and providing us with other analytic services relating to our Website(s) and Internet use. Google will not associate your IP address with any other data held by Google.

You may manage and opt out of Google’s use of cookies by choosing not to accept cookies via the banner on our Website(s). However, please note that if you do so, you may not be able to use the full functionality of our Website(s).

We collect and retain information from Google Analytics in a statistical and aggregated format (non-personal information) for research purposes, assessing the effectiveness of our Website(s), and improving user experience.

Email Tracking Technology

Information that We Collect From Other Sources

Finnegan may obtain information, including personal information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from direct marketing providers, third-party publishers, email distribution software, and social media platforms. We also may combine information we receive from third parties with other information we collect from you as described in this Privacy Statement. In addition, we may review, collect, and use information that you post publicly about us or our activities on public-facing websites, social media platforms, blogs or that you otherwise present to the public. Finally, in engaging on our social media sites individuals may provide information about another individual. We assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of personal information as described in this Privacy Statement, but we will delete such information if contacted by the affected individual. Please contact us immediately at privacy@finnegan.com.

Why We Collect Information From and About You

Finnegan does not collect, use, share, or disclose your personal information for anything other than the following lawful purposes:

To establish and maintain contractual relationships with our clients:

To establish relationships with new clients
To fulfill our obligations to current clients
To contact clients regarding account-related issues and business communications, including technical notices, updates, security alerts, and administrative messages
To enable individuals to access and use our Services

To comply with our legal obligations:

To demonstrate compliance with applicable privacy and data security law
To comply with incident monitoring, reporting, assessment, and notification requirements
To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law

To provide services and information that you request and consent to receive:

To provide customer service and support
To communicate with you, including responding to your comments, questions, and requests
To process and complete transactions, and send you related information, including purchase confirmations and invoices
To provide direct marketing, email, and other distributed information distribution

To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:

To administer, operate, maintain, and secure our Website(s)
To monitor and analyze trends, usage, and activities in connection with our Website(s) and to conduct our business activities
To investigate and prevent fraudulent transactions, unauthorized access to our Website(s), and other illegal activities
To verify compliance with our internal policies and procedures
For accounting, recordkeeping, backup, and administrative purposes
To customize and improve the content of our communications and Website(s)
To provide information and education
To provide, operate, maintain, improve, personalize, and promote our business activities
To develop new products, services, features, and functionality

To the greatest extent possible, we will use aggregated, de-identified, or otherwise anonymized data to accomplish these purposes, but if we do not, or if we combine it with Personal Information, we will continue to treat personal information in accordance with this Privacy Statement.

Finnegan’s Information Sharing and Disclosure

Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or in response to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you.

With Your Express Consent: We will share your personal information with companies, organizations, or individuals outside of Finnegan when we have your prior express consent to do so.
When You Choose to Directly Share Your Information About Our Website(s) or Your Usage: When you use our Website(s), certain features allow you to make some of your usage and content accessible to the public, directly or through social media platforms. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
With Our Service Providers, Business Partners and Others to Accomplish Our Business Purposes as Stated in this Privacy Statement: We may share your information with our service providers and other third parties who perform services on our behalf, such as infrastructure, analytics, marketing, and email marketing services. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Website(s).
When Necessary to Comply with Laws and Law Enforcement Requests or Otherwise to Protect Finnegan, Its Clients, and Individuals: We may disclose your information (including your personal information) to a third party if:
- - We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request;
  - To enforce our agreements, policies, and terms of service;
  - To protect the security or integrity of Finnegan products and services;
  - To respond to an incident involving personal data for which Finnegan has direct or indirect responsibility;
  - To protect the property, rights, and safety of Finnegan, our clients, or the public;
  - To prevent harm or illegal activities;
  - To respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing serious harm to any person or entity; or
  - To investigate and defend ourselves against any third-party claims or allegations.
As the Result of a Business Transition: We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our Website(s).
Sharing Aggregate, Anonymized, De-identified, or Otherwise Non-Personal Data: We may share personal information that has been aggregated, de-identified, or otherwise anonymized and thus does not directly or indirectly identify you and that cannot, with reasonable efforts, resources, and technologies, be used to re-identify you. Such aggregated, anonymized, de-identified, or otherwise not re-identifiable information is not personal information within the scope of this Privacy Statement or applicable privacy laws.

Your Control Over Information that We Collect From and About You

You may decline to share certain personal information such as Names, Physical address, Email addresses, Telephone numbers, and Business contact information with us, in which case we may not be able to provide you with some of the features and functionality of our Website(s) or fulfill your requests.
You may decline to accept cookies, but that decision may affect the functionality and performance of our Website(s).
You may update or correct your personal information at any time by accessing the account settings page on the Website(s).
You may opt out of receiving Finnegan promotional communications by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.
You may request information about, and access to, the personal data that we collect from you.
You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.
You may request that we delete information that we have collected about you.
You may ask us for a copy of the information that we collected from you.

To modify the way we record information about you, please contact us at preferences@finnegan.com. To no longer receive information from us, please contact us at unsubscribe@finnegan.com. For questions, complaints, or other information regarding our privacy and data security practices, contact us at privacy@finnegan.com.

Security

Finnegan uses reasonable organizational, technical, and administrative measures to provide a level of security appropriate to the risk associated with the personal information that we collect. We protect personal information under our control against—and require our service providers to also protect against—accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data that is transmitted, stored, or otherwise processed. Only authorized employees have access to the data you provide, and that access is limited to least privilege, need to know access. Finnegan employees who have access to your personal data have agreed to maintain the confidentiality of that information.

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have concerns about the security of your information with Finnegan, please contact us immediately at privacy@finnegan.com.

ISO 27001 Compliance

Finnegan is an ISO 27001 certified provider whose Information Security Management System has received third-party accreditation from the International Standards Organization. Initially developed by the International Organization for Standardization and the International Electrotechnical Commission, ISO 27001 is a global standard for managing information security. The ISO 27001 mandates the consideration of personal data as information security assets and requires you to understand what personal data you collect, where you store it, how long, its origin, and who has access.

The standard outlines requirements for organizations to establish, maintain, and monitor an information security management system. Compliance with this internationally recognized standard confirms that Finnegan’s security management program is comprehensive and follows industry leading practices.

Data Retention

Finnegan policy is to retain information about use of our Website(s) only as long as it is being retained to accomplish the business purpose for which it was collected and to comply with Finnegan’s legal and contractual obligations. When Finnegan acts to delete your personal data, for example at your request, Finnegan’s policy is to dispose of that information securely.

Children's Privacy

Our Website(s), and the services we provide to our clients, are not directed to or intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under the age of 18 has provided us with personal information, we will take steps to delete such information. If you become aware that a child under the age of 18 has provided us with personal information, please contact us at privacy@finnegan.com.

California Privacy Rights

California Civil Code Section 1798.83 permits Website(s) users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at privacy@finnegan.com.

Privacy Policy for Job Applicants

Finnegan, Henderson, Farabow, Garrett & Dunner, LLP (Finnegan) is committed to protecting the privacy and security of the personal information of job applicants. This privacy policy outlines the types of personal identifiable information (PII) Finnegan may collect from you during the job application and hiring process and how we use, store, and protect that information. Further, Finnegan is committed to complying with the California Consumer Privacy Act (“CCPA”), Massachusetts data security regulations (201 CMR 17.00 et seq., the “Massachusetts Regulations”), General Data Protection Regulation (“GDPR”), China’s “Regulations on Administration of Network Data Security,” and any other applicable local, state and/or federal laws related to data protections for job applicants.

Read the full privacy policy for job applicants here.

Privacy Notice for Applicants at Finnegan Munich

This Privacy notice describes our policies and procedures on the collection, use, and disclosure of your information upon your job application to us, Finnegan, Henderson, Farabow, Garrett & Dunner LLP, Munich office, and tells you about your privacy rights under the GDPR.

This Privacy notice applies exclusively to the application process. The processing of personal data in the context of a subsequent employment relationship is subject to separate privacy notices. Read the full privacy notice here.

Privacy Notice for EU Event Participants

With this privacy policy, we explain how we handle your personal data when you, as an EU citizen, register for and participate in one of our events in the EU. Additionally, we inform you about your rights under the General Data Protection Regulation (GDPR).

Controller

The data controller within the meaning of the GDPR for processing your data is:

Finnegan, Henderson, Farabow, Garrett & Dunner LLP

Contact details:
Thierschplatz 6, 80538 Munich
Phone: +49 89 83931 1230

For questions, complaints, or further information regarding our privacy practices, contact us at privacy@finnegan.com.

Data

We collect the data specified in the registration form, including but not limited to:

Salutation, name, job title, company, and business address
Additional data collected during participation, such as correspondence, confirmations/cancellations, or attendance records.

Required fields are marked accordingly (e.g., with an "*").

Purpose of Use

We use your information for:

Event preparation (e.g., content coordination, reminders)
Event execution (e.g., access control, badges)
Follow-up (e.g., sending event materials)
Event-related communication (e.g., cancellations, venue changes)

Legal Basis

The legal basis for the processing is:

Performance of the contract (Art. 6 (1) b GDPR)
Our and your legitimate interest in event preparation, execution, and follow-up (Art. 6 (1) f GDPR)

Data Recipients

Your data is shared within Finnegan with departments, offices and attorneys responsible for the event, e.g., office management, and the respective practice group attorneys.

We may also engage service providers who process data on our behalf for: Technology, Logistics and Administration.

Your data may also be stored in Finnegan’s databases in the USA.

Transfers to countries outside the European Economic Area (EEA) ("third countries") only occur if explicitly stated. If the EU Commission has not determined that a third country (or region or sector) ensures an adequate level of protection (“unsafe third countries), we secure appropriate safeguards through Standard Contractual Clauses (SCCs), unless otherwise stated. SCCs are model contracts provided by the EU Commission. The text of the SCCs can be accessed at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087 (see Annex).

Retention

We store your information until the event concludes, plus approximately six months thereafter.

Our retention period is generally determined based on:

The specific purposes for which we use the data
Legal retention and documentation obligations, in Germany e.g. under the Commercial Code (HGB) and the Fiscal Code (AO)
Statutory limitation periods, in Germany typically three years (§§ 195 ff. German Civil Code (BGB))
The necessity of proof and documentation of legal and contractual compliance

Further retention is considered if necessary for establishing, exercising, or defending legal claims.

Consent

As part of the registration process, you may consent to the use of your data for marketing purposes. This consent is optional – you can participate in the event without granting consent. If consent is given, the purpose of use, storage duration, and additional recipients are determined by the specific consent wording. Your consent is valid until you withdraw it, even if we do not sent you marketing materials for a longer period of time.

Your Rights

Under the legal requirements, you have the right to:

Access your data
Rectification of inaccurate data
Deletion
Restriction of processing
Data portability
Withdrawal of your consent

You also have the right to lodge a complaint with a data protection authority. Contact details of German authorities can be found at: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

Additionally, you have the right to object to data processing for reasons related to your particular situation. Further you have the right to object to the processing of your data for direct marketing purposes and any related profiling.

Personal Data Modifications, Questions, Complaints or Additional Information

Changes to this Privacy Statement

Finnegan may change and update this Privacy Statement from time to time, including materially changing the use made of personal information described herein. Any change or update to our Privacy Statement will be posted on our Website(s) under “Privacy Statement” prior to implementation.

This policy was last updated March 2025.