Effective Date: February 26, 2025

This Privacy Policy explains how the Firm collects, uses, and discloses information about you collected online and offline through websites (Gustlaw.com), software applications made available by us for use on or through computers and mobile devices (Liquid Files), social media platforms from which you are accessing this Privacy Policy (Facebook, LinkedIn, and X), email messages we send to you that link to this Privacy Policy (Constant Contact), and any other offline business interactions you may have with us, such as when you visit our offices or attend our events Collectively, we refer to the Websites, the Apps, Our Social Media, Emails, and Offline Interactions as the Services.

Please note that in some cases we may provide separate or additional privacy notices. For example, we have a separate privacy policy that applies to the information we collect from our clients when providing certain legal services

Revisions and Updates to this Privacy Policy

We may change this policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy and, in some cases, we may provide you with additional notice (such as by adding a statement to our website home page or by sending an email notification). Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services after any changes means that you accept the revised Privacy Policy. We encourage you to review our Privacy Policy frequently to stay informed about our information practices and the choices available to you.

Collection of Personal Information

In this Privacy Policy, Personal Information means information that identifies you as an individual or relates to an identifiable individual. The types of Personal Information we collect about you depend on your interactions with us and are described in more detail below.

Personal Information Collected through the Services

We and our service providers collect Personal Information through the Services, for example, when you sign up for newsletters, create an account to access or use the Services, request Services, register for or attend an event, access or use any collaboration tools or participate in any interactive features of the Services, send us an email, respond to a survey, comment on a blog, fill out a form, respond to a survey, apply for a job, call or visit our offices, or otherwise communicate with us.

The types of Personal Information we may collect include your:

  • Contact information, such as name, email address, postal address, and phone number;
  • Education information, such as educational degrees, languages, professional memberships, qualifications, and certifications;
  • Employment information, such as employer, job status, job title, and office location;
  • Health and health-related information, such as accessibility requirements, dietary restrictions, and, where necessary and appropriate to protect the health and safety of our personnel and others, information related to symptoms of, or risk of exposure to, certain illnesses;
  • Demographic information, which may include sensitive personal information or information about protected classifications, such as age, gender, race/ethnic origin, and nationality; and
  • Any other information you choose to provide.

Personal Information We Collect Automatically

We automatically collect Personal Information when you access or use the Services. The types of information we collect may include:

  • Log Information: We collect log information about your use of the Services, including your browser type and language, App version, access times, pages viewed, Internet Protocol (IP) address, approximate geographic location, and the webpage or online service you visited before navigating to the Services.
  • Device Information: We collect information about the mobile device you use to access the Apps, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
  • Location Information: In accordance with your device permissions, we may collect information about the precise location of your device.
  • Information Collected by Cookies and Other Tracking Technologies: We and our service providers use various technologies to collect information, including cookies and web beacons (also known as pixel tags and clear GIFs). Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data. We do not currently respond to browser do-not-track signals. For more information, please refer to our Cookie Policy. Web beacons are clear, electronic images that may be used to track the actions of user of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.

Personal Information We Collect From Other Sources

We may also collect Personal Information from other sources including publicly available databases; social media platforms, such as LinkedIn; marketing partners and sponsors Effective

of joint events that share information with us; entities to which we provide Client Services, which may include your employer; and partner Client Services organizations, such as legal aid, pro bono, and nonprofit groups. We may combine information from other sources with information we collect through the Services. For example, we may use information from LinkedIn to update information about you in our contact database.

Personal Information We Derive

We may derive information or draw inferences about you based on the other types of Personal Information we collect. For example, we may infer your location based on your IP address, or that you are interested in employment or participating in an event based on your browsing behavior on our Services.

We need to collect Personal Information to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

Use of Personal Information

We and our service providers use Personal Information for legitimate business purposes, including to:

  • Operate and improve the Services, including for data analysis to improve the efficiency of the Services;
  • Respond to your inquiries and fulfill your requests;
  • Provide the information or services you request and send you related information, including confirmations and receipts;
  • Send you newsletters, publications, legal alerts, and information about our seminars or events;
  • Communicate with you about our services and other news about our firm;
  • Assess job applicants and make hiring decisions;
  • Monitor and analyze usage, trends, and activities related to the Services;
  • Manage your online account(s) and send you technical notices, updates, security alerts, and support and administrative messages;
  • Conduct audits to verify that our internal processes function as intended and comply with legal, regulatory, or contractual requirements;
  • Monitor for fraud and security, for example, to detect and prevent cyberattacks or prevent identity theft;
  • Meet our legal and regulatory obligations;
  • Protect the health, safety, and vital interests of our personnel and others;
  • Validate authorized client signatories when concluding agreements and transactions;
  • Contact individuals (including employees of institutional clients) in connection with providing Client Services;
  • Respond to and fulfill client requests, administer their files, provide legal services, and manage our relationship; and
  • Notify you about any changes to the Services.

We may process and store your Personal Information in the United States and other countries, which may have less-protective data protection laws than your country of residence. Please note that this processing, including storage, may involve cross-border transfers of your Personal Information as described in the Cross-Border Data Transfers section below.

Disclosure of Personal Information

We may share your Personal Information as follows or as otherwise described in this Privacy Policy:

  • With vendors, consultants, professional advisors, and other service providers working on our behalf to facilitate services they provide to us, such as providers of website hosting, consulting and monitoring related to the Services, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services related to meeting our clients’ legal needs. As our service providers are located around the world, please note that these disclosures may involve cross-border transfers of your Personal Information as described in the Cross-Border Data Transfers section below;
  • To comply with applicable laws and regulations, which can include laws outside your country of residence;
  • To cooperate with public and government authorities, which can include those outside your country of residence, by responding to a request or providing information;
  • To cooperate with law enforcement, including by responding to law enforcement requests and orders or providing information;
  • For other legal reasons, such as to enforce our terms and conditions and to protect our rights, privacy, safety, or property or that of our affiliates, you, or others;
  • With the applicable state bar association, we may share your name and bar number in connection with an application for CLE credit;
  • To third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
  • With your consent or at your direction, including if we notify you that your personal information will be shared in a particular manner and you provide such personal information. We may also share your personal information with third parties when you intentionally direct us to do so or when you use our Services to intentionally interact with third parties. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.

Please note that any Personal Information you post in your profile, blogs, listings, public or private groups, forums, and any other interactive areas of the Services will be available to other users of those features and, in some cases, may be publicly available.

Advertising and Analytics Services Provided by Others

We work with analytics providers to better understand your use of our Services. These providers use cookies, web beacons, and other tracking technologies to collect information about your use of the Services and other websites and applications. We use this information to monitor and analyze your browsing behavior, determine the popularity of certain content on our Services, and improve your experience while using our Services.

Data Security

Although we employ reasonable security measures, the transmission of information over the Internet is not completely secure or private, and no data transmission or storage system can be guaranteed to be completely secure. If you have reason to believe that your interaction with us is no longer secure, please notify us in accordance with the Contacting Us section below.

Use of Services by Minors

The Services are not intended for individuals younger than 18 years’ old, and we do not target our Services to or knowingly collect information from individuals under 18 years’ old.

Links to Other Websites and Third-Party Content

We may provide links to or embed videos hosted by third-party websites, services, and applications, such as YouTube, that are not operated or controlled by us. This Privacy Policy does not apply to third-party services, and we cannot take responsibility for the content, privacy policies, or practices of third-party services. We encourage you to review the privacy policies of any third-party service before providing any information to or through them. The Services may include an activity feed, social media button, or widget, such as the X “Tweet” button, the Facebook “Like” button, or similar. Your interactions with these features are governed by the privacy policy of the third-party service that provides the feature. We are not responsible for the collection, use, disclosure, or security practices or policies of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform, operating system provider, wireless service provider, or device manufacturer including regarding any Personal Information you disclose to other organizations through or in connection with the Apps or Our Social Media.

Your Choices

You have certain choices about how we treat your Personal Information, as described below.

  1. If you no longer wish to receive marketing-related emails from us going forward, you may opt out by following the unsubscribe instructions in any such emails or by contacting us at marketing@gustlaw.com We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing communications from us, we may still send you nonmarketing communications, such as those about your account or our ongoing business relations.
  2. If you would like to request to review, correct, update, suppress, delete, or object to or restrict processing of Personal Information that you have previously provided to us, or if you would like to request an electronic copy of your Personal Information for purposes of transmitting it to another company, please contact us in accordance with the Contacting Us section below. We will respond to your request consistent with applicable law. If you are a California resident, please refer to the Additional Information regarding California section at the end of this Policy for more information about the requests you may make under the California Consumer Privacy Act of 2018 (CCPA).

In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database, or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Mobile Push Notifications/Alerts

With your consent, we may send marketing and nonmarketing push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

Contacting Us

Gust Rosenfeld P.L.C., 1 E. Washington St., Suite 1600, Phoenix, AZ 85004, is the entity responsible for the collection, use, and disclosure of your personal information under this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us.

You can reach us at privacyofficer@gustlaw.com or by mail at:

Gust Rosenfeld P.L.C.,
Privacy Officer,
1 E. Washington St., Suite 1600,
Phoenix, AZ 85004.

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

Additional Information for California Clients:

Your California Privacy Rights under the CCPA

Pursuant to the CCPA, we are providing the following additional details regarding the categories of Personal Information about California residents that we collected, used, and disclosed in the preceding 12 months:

Category

We Collected

We Disclosed

A. Identifiers, such as name, postal address, online or device identifier, IP address, email address, and social media account.

YES

YES, to affiliates, service providers, and other vendors

B. Personal information as defined in the California customer records law, such as name, signature, contact information, and social media account handle, and other information you may share or make public on social networks.

YES

YES, to affiliates, service providers, and other vendors

C. Characteristics of protected classifications under California or federal law, which we may collect in order to provide you with our Client Services, such as age.

YES

YES, to affiliates, service providers, and other vendors

D. Commercial information, such as Client Services transaction history, financial details, and payment information.

YES

YES, to affiliates, service providers, and other vendors

E. Biometric information, such as fingerprints and voiceprints.

YES

YES, to affiliates, service providers, and other vendors

F. Internet or other electronic network activity information, such as browsing history and interactions with our Websites, applications, systems, and emails.

YES

YES, to affiliates, service providers, and other vendors

G. Geolocation data, such as device location and IP location.

YES

YES, to affiliates, service providers, and other vendors

H. Audio, electronic, visual, and similar information, such as call recordings and CCTV footage created for safety and security purposes, and audio and video recordings of events, conferences and meetings

YES

YES, to affiliates, service providers, and other vendors

I. Professional or employment-related information, such as employer name and role or title.

YES

YES, to affiliates, service providers, and other vendors

J. Education information subject to the federal Family Educational Rights and Privacy Act, such as student records.

YES

YES, to affiliates, service providers, and other vendors

K. Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

YES

YES, to affiliates, service providers, and other vendors

As described above in the Collection of Personal Information section, we collect this Personal Information from you, our affiliates, partner Client Services organizations (such as legal aide, pro bono, and nonprofits), publicly available databases, social media platforms, and joint marketing partners and event sponsors. Also as described above in the sections on Use of Personal Information and Disclosure of Personal Information, we may use this Personal Information to operate, manage, and maintain our business, to provide our services, for vendor and employment management, and to accomplish our business purposes and objectives, including, for example, using Personal Information to: provide Client Services; personalize, advertise, and market our services and provide you with content and events of interest; conduct research, analytics, and data analysis; host conferences and events; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; facilitate corporate transactions; and exercise and defend legal claims.

We have not “sold” Personal Information for purposes of the CCPA. We do not “sell” the Personal Information of minors under 16 years of age.

If you are a California resident, you may have the right to request that we:

  1. Disclose to you the following information covering the 12 months preceding your request: o The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
    1. The specific pieces of Personal Information we collected about you;
    2. The business or commercial purpose for collecting Personal Information about you; and
    3. The categories of Personal Information about you that we shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information.
    4. Delete Personal Information we collected from you.

To make a request for the disclosures or deletion described above, please contact us in accordance with the Contacting Us section above or by calling us toll-free at 1-800-258-4878.

We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. For your protection, we may need to request additional information from you (such as your name, email address, mailing address, and relationship with us) in order to verify your identity and protect against fraudulent requests. We will try to comply with your request as soon as reasonably practicable.

To make a request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we will request that you provide your contact information, relationship to the California resident, documentation verifying your identity, and documentation showing that you are authorized to act as a representative of the California resident (such as a power of attorney or signed written permission from the California resident).

You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

Additional Information for Canadian, European Economic Area, and United Kingdom Clients:

Your Personal Information may be stored and processed in any country where we have facilities, provide legal services, or engage service providers. By using the Services, you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Information.

Some countries outside the European Economic Area (EEA) are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available by clicking-here.

While we do not have offices located in those countries, we may process any personal data that you provide to us (“Personal Data”) for our legitimate business interests. Specifically, we may process Personal Data to perform the legal services for which the Firm has been retained, to process client and employee data, to keep our client records current, to analyze and help us manage our practice, and for legal and regulatory compliance. The Firm’s legitimate interests may include assisting clients in complying with U.S. laws and regulations, in reporting or responding to U.S. agency requests or requirements, in asserting rights and claims under U.S. laws, and in complying with industry practices or industry self-regulation. Our legitimate interests also include monitoring and protecting our firm, its systems, network, infrastructure, computers, information, intellectual property and other rights from security intrusions, unauthorized access or acquisition of information, data and system breaches, hacking, industrial espionage and cyberattacks.

Our legal services may occasionally require us to disclose Personal Data to other third parties such as expert witnesses or other professional advisors in the U.S. or elsewhere. We may disclose Personal Data about you if we believe in good faith that the law requires it (such as a subpoena, court order or a law enforcement request), or if we reasonably believe it is necessary to protect our legal interests. Personal Data collected from you may be transferred to a third party in the unlikely event of a sale, acquisition, merger, or bankruptcy involving us.

We will process Personal Data in accordance with instructions in connection with our legal services, have appropriate organizational and technical measures against its unauthorized access or acquisition, and take reasonable steps to limit access to it and ensure confidentiality. We use commercially reasonable security measures to reduce the risk of unauthorized access to your Personal Data. However, we cannot and do not guarantee that these measures will be sufficient to protect against all efforts to gain unauthorized access to it. Your Personal Data will be used and stored in the United States, where data protection and privacy regulations may differ from those in other parts of the world.

If your personal data is subject to GDPR or UK GDPR, we will transfer personal data from the EEA or UK to a location outside the EEA or UK only when there has been a documented adequacy determination, or where we have confirmed adequate privacy protections and we have one of the mechanisms to transfer the data in place such as Standard Contractual Clauses or reliance on a derogation. If your personal data is subject to PIPEDA, we will transfer personal data from Canada to locations outside Canada only where we have confirmed adequate privacy protections. If we transfer personal data to a third party acting as our agent, we will also obligate the third party to have adequate privacy protections in place.

If our processing of your personal information is subject to GDPR, UKGDPR, and/or PIPEDA, and unless subject to an exemption, you may have the following rights with respect to your personal information:

  • To request a copy of the personal information we hold about you and where possible, to transmit that data directly to another data controller.
  • To request we correct any personal information about you.
  • To request your personal information be erased when no longer necessary for us to retain such data.
  • To withdraw your consent to the processing of your personal information.
  • To request a copy of the personal information we hold about you.
  • Where there is a dispute in relation to the accuracy or processing of your personal information, to request a restriction be placed on further processing.
  • To object to the processing of personal information (where applicable).
  • To lodge a complaint with a data supervisory authority.

We will need to verify your identity to process any requests described in this Section and may deny your request if we are unable to verify your identity. Government or other identification may be required.

If you are a resident of the European Economic Area (EEA), when we process your personal information, we will only do so in the following situations:

  • We need to use your information to perform our responsibilities under our agreement with you.
  • We have a legitimate interest in processing your personal information. For example, we may process your personal information to send you marketing communications, to communicate with you about the Client Services, and to provide and improve the Client Services.
  • We have your consent to do so.
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges