Pitta & Baione LLP (collectively, “Pitta & Baione,” “the Firm,” “we,” “our,” or “us”) is committed to safeguarding the privacy of visitors to our website, clients, prospective clients, vendors, providers, candidates for employment or engagement, and any other individual for whom the Firm obtains personal information (each, “you,” or “your”).
We want you to know how we collect, use, share, and protect your information. Some of the information may be “personal information” (also referred to as “personal data”) which is information that (either alone or in combination with other information available to the Firm) identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you, or a particular individual or household (subject to certain exceptions set forth in the California Consumer Privacy Act (the “CCPA“)).
The Firm is the data controller in relation to any personal information that the Firm processes about you and is responsible for ensuring that such processing complies with applicable data protection laws, including the European Union General Data Protection Regulation (the “GDPR”) and the CCPA.
Notification of Changes
Personal Information We Collect About You
We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
- Identifiers and identification data, including your name, alias, unique personal identifier, Internet Protocol address, account name, social security number, driver’s license number, passport number, sex, gender, title, job title, or other similar identifiers.
- Contact information, including phone number, address, email address and social media account or handle, where appropriate.
- Financial data, such as credit card, bank account or other payment information and invoicing details.
- Event registration or mailing list data, such as dietary requirements (which may reveal information about your health or religious beliefs), preferences and interests, subscriptions, downloads, and username/passwords.
- Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).
- Job applicant data, such as identification data and contact information, resume and other data provided by you or third parties (e.g., recruiters) in connection with job openings, which may be subject to additional local requirements based on the country for which the position is advertised.
- Legal and regulatory compliance data as required for purposes such as anti-money laundering and market abuse regulations requirements,
- Client data as part of our client onboarding process or to manage client records, which may include driver’s license, passport or other identification data, date of birth, home address, and other due diligence data.
- Service data, such as personal information relevant to the provision or receipt of services.
- Cookie and device data, such as information about your visit to our website, IP address, device identifier, browser type and version, operating system and network, location and time zone setting, or other Internet or electronic network activity information.
- Geolocation data.
- Audio, electronic, visual, and audio-visual data.
- Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her signature, physical characteristics or description, insurance policy number, education, employment, employment history, biometric information, medical or health information, or health insurance information.
- Characteristics of protected classifications under California, New York or federal law.
- Any other information you may provide.
- Inferences drawn from any of the above to create a profile about your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
This personal information is required to provide our services to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing our services to you.
We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our staff or personnel, clients, professional advisors, partners, and agents of the Firm, third parties with whom we interact, and publicly available sources.
How Your Personal Information is Collected
We collect most of this personal information directly from you—in person, by telephone, text or email, and/or via our website and apps. However, we may also collect information via:
- Publicly accessible sources (e.g., property records)
- A third party (e.g., phone call screeners, sanctions screening providers, credit reporting agencies, or customer due diligence providers)
- A third party with your consent (e.g., your bank);
- Cookies on our website
- Our IT systems
How, Why and How Long We Use Your Personal Information
We may use your personal information for the following purposes as is necessary to complete or perform our services for you or perform or satisfy a legitimate interest or to comply with legal requirements that apply to the Firm:
- Provision of services or to take steps at your request before entering into an agreement to provide services – for example, we use or may use personal information that you voluntarily submit to us on the website or during the course of our engagement, regardless of the media used, such as identification data, contact details, and other service data that we may process in connection with the provision of services. The Firm’s work for you may also involve providing such information to third parties, such as expert witnesses and other professional advisors, in order to represent your interests most effectively.
- Administration of client and vendor relationships – for example, we use or may use identification data, contact details, financial data, and other service data, including for the processing of invoices, the updating of client records, and the management of our vendor relationships.
- Addressing client inquiries/feedback – for example, we use identification data, contact details, and other service data for this purpose.
- Marketing purposes – for example, sending relevant marketing messages and inviting you to events. We use or may use identification data, contact details, cookie and device data, and mailing list data to communicate with you by way of email alerts and post to provide you with information about our events, seminars, or services that may be of interest to you.
- Improving our website and services – for example, we use or may use cookie and device data to improve the functionality and user-friendliness of our website and services.
- Keeping our website and IT systems and processes safe – for example, we use or may use identification data, contact details, financial data, cookie and device data, and other service data.
- Complying with legal or regulatory inquiries/requests – for example, we use or may use identification data, contact details, financial data, cookie and device data, and legal and regulatory compliance data (including for anti-money laundering or fraud detection purposes, statutory returns and fulfillment of the Firm’s ethical obligations).
- To prevent and detect fraud and prevent security breaches – for example, conducting checks to identify our customers and verify their identity and preventing unauthorized access and modifications to systems.
- For operational and analytical purposes – for example, improving efficiency, training and quality control, and statistical analysis to help us manage our business.
- For auditing purposes and quality checks.
- For our legitimate interests or those of a third party – for example, we may use your information to protect our rights or property, or to protect someone’s health, safety or welfare, and to comply with a law or regulation, court order or other legal process.
- Where you have given consent.
We will retain your personal information for as long as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce agreements. Different retention periods apply for different types of personal information.
We may also remove your personal identifiers (your name, e-mail address, etc.) so that you are no longer identified as a single unique individual. Once we have de-identified information, it is not personal information and may be treated like public information.
Throughout the course of our dealings, you may disclose certain health information as it relates to your potential legal claims or case. We do not share any personally identifiable health information and keep such information confidential.
We may use your personal information to send you updates, news, and information about our industry, our business and our services generally, including by email, text message, telephone, or post.
We will always treat your personal information with the utmost respect and never sell or share it with other organizations outside the Firm for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by contacting us at the contact details below or using the “unsubscribe” link in emails or “STOP” number in texts, where applicable.
Who We Share Your Personal Information With
In the ordinary course of business, we may share your information with the following categories of recipients:
- Our affiliates, advisors, partners, and agents of the Firm
- Service providers and vendors we use to help deliver our services to you, such as IT service providers, financial institutions, payment service providers, customer relationship management databases and other cloud-based solutions, website hosts, payment service providers, warehouses, and mailing & delivery companies.
- Other third parties we use to help us run our business, such as third-party companies providing us with business analytics and statistics to assist with our marketing campaigns, marketing agencies, venues in which we may host events and seminars.
- Credit reporting agencies, insurers, brokers, banks that our Firm uses for our business.
- Law enforcement, regulatory, or government agency requesting personal information in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures, with which we would need to comply. We may also share personal information to establish or protect the Firm’s legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
- Any third party connected with our Firm’s business transfer or restructuring. For example, we may transfer your personal information to third parties in connection with a reorganization, restructuring, merger, acquisition, or transfer of assets of the Firm, provided that the receiving party agrees to treat your personal information in a manner consistent with this Policy.
- Third parties approved by you.
In all cases in which we share your information with a third party for the purpose of providing a service to us, we ensure that they only process your personal information under our instructions and ensure the security and confidentiality of your personal information by implementing the appropriate technical and organizational measures for such processing.
We are not responsible for the data policies or procedures or content of any linked websites or referenced resources. We recommend that you check the privacy and security policies of each website you visit or resource you access.
Where Your Personal Information is Held
Information may be held at our offices and those of our Firm’s affiliates, third-party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”).
Some of these third parties may be based outside the European Economic Area.
Users in the European Economic Area, Switzerland, and the United Kingdom
If you are a resident of the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), this section applies with respect to personal data collected through your use of the Site.
Purposes of processing and legal basis for processing. As outlined above, we process personal data in various ways. Such processing relies on the following legal bases: (1) with your consent; (2) as necessary to provide services; and (3) as necessary for our legitimate interests in providing services, including your use of the Site, where those interests do not override your fundamental rights and freedom related to data privacy.
Transfers. Pitta & Baione is located in the United States. By providing any information to this Site, all users, including without limitation users in the member states of the EEA, Switzerland, and the UK, consent to the collection, storage, forward transfer, and processing of such information in the United States of America.
Your rights. With respect to the processing of your personal data, you are entitled to rights under the data protection laws applicable in Europe, including (1) the General Data Protection Regulation (“GDPR”), Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, and (2) the applicable data protection laws of Switzerland and the UK. If you wish to exercise any such right, including the right to access, rectify, or request erasure of personal data, please contact us using the contact information provided below. In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.
If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority, such as la Commission Nationale de l’Informatique et des Libertés (“CNIL”) in France, if you believe that we have not complied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authorities in the EEA countries. If you are in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office, who can be contacted here.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
Under the CCPA, you have the following rights:
- Right to Know: You have the right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices;
- Right to Request Deletion: You have the right to request that we delete your Personal Information that we have collected from you;
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. To exercise your rights, including your “right to know” or “right to request deletion,” contact us via the contact information below.
We have implemented technical and organizational security measures in an effort to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to staff and authorized service providers on a need-to-know basis for the purposes described in this Privacy Statement, as well as other administrative, technical, and physical safeguards.
We endeavor to take all reasonable steps to protect your personal information, but cannot guarantee the security of any data you disclose online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default.
Children under the Age of 18
This Site is not directed to children under 18. We do not knowingly collect information from children. If you believe we have collected information from a child under the age of 18, please contact us.
When you interact with our Site, certain information about your use of our Site is automatically collected. Much of this information is collected through tags, text files, web beacons and other tracking technologies, known as “cookies,” as well as through your web browser or device (e.g., IP address, MAC address, browser version, etc.). We may place cookies in the browser files of your computer when you visit. Cookies may be stored on your computer’s hard drive. The information we collect using cookies allows us to recognize you as a user when you access the Site. If you decline our cookies, you may not be able to access the Site.
Do Not Track
Please note that we do not support “Do Not Track” browser settings at this time.
If you have any questions or concerns about this Policy, or would like to exercise any of the rights pursuant to this Policy or relevant laws or regulations, please contact us using the contact information below:
Representative Name: Victoria Clark
Pitta & Baione LLP
New York, NY 10271
Last update: January 1, 2023