Privacy Policy

Privacy Notice

Last Updated: February 27, 2026

Duane Morris LLP, a limited liability partnership organized under the laws of Delaware, and its affiliated entities (“Duane Morris”, “we”, “our”, or “us”) are committed to protecting Personal Data and respecting your privacy. This Privacy Notice (the “Notice”) describes how we may collect, use, and disclose your Personal Data in connection with our digital or online properties that link to this Privacy Notice (collectively, “Website”), the operation of our business (including our marketing and business development activities), our hosted events, the services we may provide to you, and any online or offline interactions you may have with us. This Notice also details how we protect your Personal Data and the rights you may have with respect to your Personal Data.

This Notice together with our Website Disclaimer, our relevant terms of business or other contract between us (each as they may be applicable) and any other privacy notice we may supply at the time we collect Personal Data, set out the basis on which Duane Morris processes your Personal Data. As to Duane Morris personnel, this Notice is supplemented by other Duane Morris notices and policies applicable to its personnel.

Reference in this Notice to “Personal Data” means any information that identifies, relates to, describes, or could reasonably be used to identify, associate, or link, directly or indirectly, a particular living individual or household, either on its own or together with other information. When used in reference to a specific legal requirement, “Personal Data” excludes information that is not covered by that legal requirement.

This Notice Describes:

• Types of Personal Data We Collect
• How and From Whom We Collect Your Personal Data
• How We Use Your Personal Data
• How We Disclose Your Personal Data
• Cookies and Tracking Technologies
• Data Retention
• Third-Party Websites and Features
• Data Security
• Children’s Privacy
• Your Privacy Rights and Choices
• Changes to this Notice
• Questions About this Notice
• U.S. State Supplement
• EEA and UK Supplement

Types of Personal Data We Collect

We may collect different categories of Personal Data about you, including:

• Contact data, such as name, postal address, email address, telephone number, fax, and other contact details;
• Professional and educational information, such as company name, job title/function, department, website, previous positions/employers, professional and educational experience, and qualifications;
• Verification information, such as passport information or other government-issued identification, background information, results of sanctions or conflicts checks, anti-money laundering/know your customer (AML/KYC) information, or other information provided by you or collected by us as part of our business acceptance processes;
• Financial information, such as billing information, payment and bank account details;
• Account information, such as your username and passwords if you maintain an account on our Website;
• Marketing data, such as your preferences for receiving our newsletters, promotional materials, and marketing communications, your communications patterns and preferences with our personnel (including via email or other means), your legal practice areas of interest, business industry sector interests and information from marketing activities to which you may have responded or in which you may have participated;
• Research data, such as information you may provide when you participate in our surveys or questionnaires;
• Online identifiers, device data and usage information, such as your internet protocol (IP) address, device ID, browser type, operating system or other information pertaining to the device through which you interact with our Website, including details of your visits and interactions with our Website (e.g., clickstream data and browsing patterns, including how long you use our Website, the pages or content you click during your visit, any search terms you may enter) and information pertaining to the device through which you interact with our electronic communications (such as our newsletters, legal updates, marketing or other promotional materials, event invitations or other email correspondence) (please refer to the “Cookies and Other Tracking Technologies” section below for further detail);
• General location information, such as an approximate location of the device you are using to interact with us (based on your IP address);
• Legal services information, such as information provided to us by or on behalf of our clients, your employer or other relevant organizations, or generated by us in the course of, or relating to, providing our services;
• Audio, electronic, and visual information, such as photographs of you at our hosted events, email communications you may send to us, voicemails you may leave our offices, and images captured by our offices’ CCTV cameras, if any;
• Dietary information, such as dietary restrictions or food preferences you may provide us when you attend any of our hosted events or meetings;
• Publicly available information, such as information from public registers, media search results and other public sources;
• Any other information you choose to provide, such as information about your hobbies or interests or other information you may provide us in your communications with us.

Where necessary for the provision of our services to you and legally permitted or volunteered by you, we may also collect certain sensitive data, such as demographic data (e.g., race/ethnicity), health data, and details of offences and related proceedings.

How and From Whom We Collect Your Personal Data

The categories of Personal Data above may be collected by us from the sources below in a number of ways, including:

Directly from you or in connection with our relationship with you: We collect Personal Data that you provide to us and during the course of your relationship with us, such as:

• when you request a proposal or information from us in relation to our services;
• as part of our business intake and compliance procedures;
• through our provision of our services or information to you or your organization;
• during the course of our dealings with you for or on behalf of Duane Morris, our clients or otherwise;
• when you apply to a position at Duane Morris (either directly or through a recruitment consultant);
• when you or your organization offer or provide services to us;
• when you provide information to us by filling in forms on our Website (such as subscribing to our newsletter or other legal updates, registering for or participating in our webinars);
• when you provide us information in relation to your attendance at any of our seminars, webinars, or other hosted events;
• when you complete surveys or questionnaires that we administer for research purposes;
• when you contact or otherwise communicate with us (including, without limitation, via email communications and other means);

Automatically collected: We and our service providers may automatically collect certain Personal Data about you and your device(s) by using cookies and other tracking technologies, such as:

• when you browse or interact with our Website (including when you use or interact with our Website in connection with your account on our Website);
• when you communicate with us by email or interact with our email communications (including our newsletters or event invitations);

Third-party sources: We may receive Personal Data about you from third parties, such as:

• from our clients, our professional advisors on clients matters, or those involved in a transaction, litigation or other matter;
• during the course of our dealings with the other party on behalf of you as a client or through the provision of our services to you;
• from our service providers, such as service providers that provide background check services;
• when you interact with us on third‑party social media platforms or access our social media pages (subject to your privacy settings on the respective social media platforms);
• when we or our service provider obtain Personal Data about you from publicly available sources, such as government agencies, public records, and publicly available social media profiles (subject to your privacy settings);
• when we receive Personal Data from our partner organizations, such as pro bono groups or nonprofit organizations and event co‑sponsors.

How We Use Your Personal Data

We may process the categories of Personal Data above for the following purposes:

• to provide you or a client with our services, including conducting new business intake and compliance processes;
• to maintain and/or administer our Website and any accounts you may maintain on our Website;
• to contact or otherwise communicate with you in the course of conducting our business or providing services to you or a client;
• to respond to your inquiries, questions, or requests, including to provide you with information related to our services, events, and other similar information;
• to consider your application for a position at Duane Morris and for other related talent management and human resources administration purposes;
• to manage our relationship with you or your organization in connection with the potential or actual provision of or procurement of goods and services (including to prepare for and/or enter into a contract with you, to improve our provision of services, and to better understand our client and potential client relationships);
• to process payments, perform accounting, auditing, billing and collection, and other related supported services;
• to manage and secure the access to our offices and to operate, manage, monitor and ensure the security and integrity of our systems, networks, and online platforms (including to secure our Website and any relevant accounts you may maintain on our Website), and to monitor and analyze communications over our systems, networks and online platforms;
• to comply with our legal and regulatory obligations and professional responsibilities (including with respect to anti-money laundering, antiterrorist financing and sanctions checks, professional responsibility matters, and new business intake compliance processes);
• to organize and host corporate events and meetings and to provide hospitality services to you;
• to send you promotional materials, such as our newsletters, legal updates, alerts and/or other marketing communications, to invite you to our events, to develop and engage in other marketing communications and activities;
• to operate our business, including supporting our internal business functions;

• to analyze the usage of our Services, such as analyze the traffic, user navigation and user engagement of our Services;
• to personalize your digital experience, serve you tailored advertising content (including advertising on third party sites) that we think may be of interest to you (e.g., content based on your interests and interactions with our Services), and determine and manage the effectiveness of our advertising campaigns;

• to protect our interests, rights and/or property, including to take precautions against liabilities, investigate and/or defend ourselves against any claims, allegations, fraud, crime and/or corruption, as well as enforce our policies and contracts;
• to seek your thoughts, opinions, and feedback (via questionnaires and/or surveys) on our services to make improvements to such services; and
• for purposes described at the point of collection and/or other purposes with your consent.

How We Disclose Your Personal Data

We may disclose the categories of Personal Data above as described below:

• Affiliates – we may share your Personal Data with our affiliates and among our offices within Duane Morris, in connection with any of the uses set out in this Notice.
• Service providers – we may share your Personal Data with third-party service providers to carry out certain business functions for us, or on our behalf, or service providers that we engage on our clients’ behalf (e.g., IT and data storage services, word processing, duplication and other administration services, marketing services, and banking services). Where we engage third-party service providers, we will have in place an agreement with such providers where required, which will restrict how they are able to process your Personal Data and impose appropriate security standards are on them.
• Professional advisors – we may share your Personal Data with our professional advisors or other third parties who we engage on our clients’ behalf for professional advisory services (such as attorneys, auditors, insurers, accountants, expert consultants), in connection with our internal business operations and/or the services we provide.
• Clients and other parties – subject to applicable law and to the extent such disclosure is appropriate, we may share your Personal Data with our clients and/or other parties involved in the matter in the course of providing our services.
• Governmental authorities – subject to applicable law, we may disclose your Personal Data (i) if we are required to do so by law, regulation or legal process, such as a subpoena; (ii) in response to requests by government entities, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss; or (iv) in connection with an investigation of suspected or actual unlawful activity. For example, we may disclose your Personal Data with the relevant courts or other judicial or official bodies in the context of providing our services or where we are asked to respond to an order or other binding request. We also may disclose your Personal Data to protect our rights or property or those of our clients or others for the purpose of fraud prevention, compliance with professional responsibility, and other regulatory requirements, including compliance with anti-money laundering, antiterrorist financing, Know Your Customer requirements, and credit risk reduction.
• Third Party Partners – we may disclose your Personal Data with our third-party partners, such as:
• Business partners – we may disclose your Personal Data with our business partners, such as our pro bono partners or other non‑profit organizations, in the provision of our pro bono services, co‑sponsors of events we may host or other strategic partners.
• Analytics, Advertising and Social Media partners – we may disclose your Personal Data to our third-party analytics, advertising and social media partners, where some of these partners may use such information for their own purposes, including to market products or services to you or tailor ads displayed to you (including ads displayed on third-party websites) to your interests and interactions with our Services.
• Mergers and acquisitions – we may disclose your Personal Data to third parties in the event we sell or transfer (or contemplate the sale or transfer of) all or portions of our business or assets or in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation of our business (“Business Transactions”). In the event of such Business Transactions, such third parties may use your Personal Data in the same way as set out in this Notice.
• Other third parties – we also may disclose your Personal Data to other third parties at your direction.
• Deidentified and aggregated information – We may aggregate and/or de‑identify your Personal Data such that it is no longer able to be linked to you or your device(s). This Notice does not limit our ability to use or disclose such aggregated or de‑identified information, which we may disclose in our sole discretion. To the extent we process any aggregated and/or de‑identified information, we will maintain and use such information in aggregated and/or de‑identified form and will not attempt to re‑identify the information, unless permitted by applicable law.

Cookies and Other Tracking Technologies

When you interact with our Website or our email communications (such as our newsletters, legal updates, marketing or other promotional materials, event invitations or other email correspondence), we and third party providers of tracking technologies may collect certain Personal Data about you by automated means, using cookies and other tracking technologies. Cookies are small data files that websites send to your computer or device to uniquely identify your browser or to store information or settings in your browser. Some tracking technologies are necessary for our Website’s basic features and technical functions, such as cookies used for website security (e.g., user authentication) or website technical statistics (e.g., page and video load times, site crashes). We also may use tracking technologies to (i) analyze the usage of our Website (e.g., count the number of unique visitors and their interactions with our Website) and help us improve our Website and services to you; (ii) enhance and customize your experience (e.g., storing your username so you can log in easily or keeping you logged in after you provided your password); and (iii) serve you tailored advertising content, including advertising content on third-party sites.

You can accept or reject tracking technologies (unless they are strictly necessary for our Website to function properly) by clicking Your Privacy Choices. Rejecting some types of tracking technologies may impact your experience on our Website, as certain features may be unavailable. You can also adjust your browser settings to turn off or block the use of cookies, although this may result in some parts of our Website not being available to you. You can also adjust your browser settings to notify you when you are receiving a cookie, giving you the choice to reject it or not. You can use your browser settings to determine which type of cookies you have allowed, and you can delete existing cookies (usually within your browser’s tools, options, or privacy settings). Subject to your cookie settings, we may use Google Analytics to monitor usage levels of our Website. For more information on Google Analytics, visit https://support.google.com/analytics. You can reject Google Analytics’ cookies by rejecting these cookies via our cookie preference tool or changing your browser settings as described above. Google also provides a Google Analytics Opt‑out Add‑on for web browsers, which prevents Google Analytics from collecting information about website visits.

Please review the U.S. State Supplement and EEA/UK Supplement for more information about choices individuals residing in certain U.S. states, the EEA, and UK have with respect to information collected via these technologies.

Data Retention

We retain your Personal Data as long as it is reasonably necessary to fulfill the purpose for which it was collected and to comply with applicable laws and regulations. We consider the following criteria when determining how long to retain Personal Data: (i) why we collected the Personal Data; (ii) the nature of the Personal Data; (iii) the sensitivity of the Personal Data; (iv) our legal obligations related to the Personal Data (including any applicable statutes of limitations and records retention requirements); and (v) the risks associated with retaining the Personal Data. Subject to the criteria above, we will delete, de‑identify and/or aggregate your Personal Data, such that it is no longer able to be linked to you or your device(s).

Third-Party Websites and Features

Duane Morris may include links to other websites, widgets, or other third-party features on our Website, (“Third-Party Sites”). Duane Morris does not control any Third-Party Sites and is not responsible for any information (including any Personal Data) they may collect. The information collection practices of a Third-Party Site are governed by its privacy policy. It is your choice to enter any Third-Party Site. We recommend that you read its privacy policy if you choose to do so.

Data Security

We have put in place and maintain commercially reasonable and appropriate administrative, technical, and physical safeguards to help protect your Personal Data from accidental or unauthorized use, access, disclosure, loss, or alteration. While we seek to protect your Personal Data to ensure that it is kept confidential, transmission of information via the Internet is never completely secure, and we accordingly cannot guarantee that your information during transmission through the Internet to our Website or while stored in our system or otherwise in our care will be absolutely safe from intrusion by others, such as hackers.

If you create an account on our Website, you need to help us prevent unauthorized access to your account by protecting your password appropriately and limiting access to your account. You will be solely responsible for keeping your password confidential and for all use of your password and your account, including any unauthorized use.

Children’s Privacy

We do not knowingly collect Personal Data from individuals who are under 16 years old. If you are under 16 years old, you should only view the Website and/or submit Personal Data to us with your parent or guardian’s permission. If you are a parent or guardian and you believe we have collected your child’s information, please contact us at privacy@duanemorris.com.

Your Privacy Rights and Choices

Marketing Communications

When we collect your contact information (for example, when you provide us with your business card or communications with us via email or other means), subject to applicable law, we may add your details to our contacts database and to our mailing lists and use such information to understand and analyze your communications with us. In other cases, and where required by law, we seek your permission to use such information for marketing purposes. You may opt out of receiving Duane Morris marketing communications (including our newsletters, event invitations, legal updates, marketing emails, and other promotional materials) at any time by clicking on the “unsubscribe” link at the bottom of such communication. You also may change your preferences for receiving our marketing communications, such as opting out of receiving certain communications and not others, by clicking on the “update my subscriptions” link in any such Duane Morris email you may receive containing such information.

You also may tell us that you do not want to receive our marketing communications and/or ask us not to process your personal information for marketing purposes by sending us an email at privacy@duanemorris.com or by writing to us at the following address: Duane Morris LLP, FAO Data Privacy Manager, 30 South 17th Street, Philadelphia, PA 19103‑4196, USA. Please understand that it may take us a few days to process any opt‑out request and that even if you opt out of receiving marketing communications from us, we may still contact you in connection with your account, activities, transactions, and communications with us.

Browser Settings

When you interact with our Website or our email communications (such as our email newsletters, legal updates, marketing or other promotional materials, event invitations or other email correspondence), we and third party providers of tracking technologies may collect certain Personal Data about you and your device(s) by automated means, using cookies and other tracking technologies.You can accept or reject tracking technologies (unless they are strictly necessary for our Website to function properly) by clicking Your Privacy Choices. Rejecting some types of tracking technologies may impact your experience on our Website, as certain features may be unavailable. For more information about how you may accept or reject certain tracking technologies, please refer to the Cookies and Other Tracking Technologies above.

Individual Rights

Depending on your country (or in the United States, your U.S. state) of residence, you may be afforded, in accordance with applicable law, certain other rights with respect to your Personal Data, such as the right to:

• obtain information about the Personal Data we have collected about you and to request a copy of it;
• delete certain Personal Data we have about you;
• request correction of inaccurate Personal Data we have about you;
• object to or request the restriction of processing of your Personal Data;
• request that your Personal Data be transferred to another organization; or
• withdraw your consent with respect to any processing of Personal Data which is based on your consent.

For more information about what rights may be available to you depending on your country or state of residence, please see the U.S. State Supplement (if you reside in the United States) or the EEA/UK Supplement (if you reside in the EEA or UK).

Once we receive your request, we may verify it by requesting information sufficient to confirm your identity and eligibility to exercise the requested right. We reserve the right to deny requests as allowed by applicable law, such as where we have a reasonable belief that the request is fraudulent, where your identity cannot be confirmed, or where we must retain your Personal Data consistent with applicable law. Our goal is to respond to a verifiable request from an individual within 45 days (for U.S. residents), or 30 days (for UK and EEA residents) of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the initial response period. We will deliver our written response electronically.

Changes to this Notice

We reserve the right to amend this Notice from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on our Website and will be effective upon posting. In some cases, such as when we make material changes, we may also tell you about changes by additional means, such as by sending an e‑mail to the e‑mail address we have on file for you. We encourage you to regularly check this page to review any changes we may make to the terms of this Notice.

Questions About this Notice

If you have any requests or queries concerning your Personal Data or any queries with regard to our privacy practices, please contact us at privacy@duanemorris.com or write to us at the following address: Duane Morris LLP, FAO Data Privacy Manager, 30 South 17th Street, Philadelphia PA 19103‑4196, U.S.A.

 

U.S. State Supplement

Last Updated: February 27, 2026

This U.S. State Supplement provides information for U.S. residents. Certain state laws provide residents rights to their Personal Data, subject to certain legally permitted exceptions, which can be exercised as set forth below. Our Privacy Notice explains what Personal Data we collect about you, how we collect that Personal Data, and why and how we use and disclose that information. This Supplement should be read together with our Privacy Notice to fully understand our collection, use, and disclosure of your Personal Data. Any capitalized terms we do not define in this Supplement are defined in our Privacy Notice.

This Supplement does not apply to Duane Morris personnel or job applicants. If you are a Duane Morris personnel or job applicant and you are a California resident, please refer to our California Employee Privacy Notice (available on our intranet) and California Job Applicant Privacy Notice

Your Rights

Depending on your state of residence (and subject to applicable law and certain legally permissible exceptions), your rights may include the following:

• Access Right. Right to receive certain information regarding our processing of your Personal Data, such as:
  • the categories of Personal Data we collect;
  • the categories of sources from which we collect Personal Data;
  • the categories of Personal Data disclosed to third parties, categories of third parties and/or specific third parties to whom such Personal Data is disclosed;
  • business or commercial purpose(s) for collecting or disclosing your Personal Data; and/or
  • access to specific pieces of Personal Data we have collected about you.

You may also have the right to ask us to confirm whether we process your Personal Data and/or obtain a copy of the Personal Data that we have collected about you.

• Correction Right. Right to request that we correct any inaccuracies in the Personal Data we have collected about you.
• Deletion Right. Right to request that we delete the Personal Data we have collected about you.
• Right to Opt Out of “Sale” or “Share”/Targeted Advertising. If applicable, right to request that we refrain from “selling” your Personal Data or “sharing” your Personal Data with third parties for targeted advertising.
• Withdrawal of Consent Right. If you provided your consent to Duane Morris to use your Personal Data and such consent is required by law, you have the right to withdraw such consent.
• Appeal Right. Right to appeal a decision we make relating to requests to exercise your rights above.

If you are a California resident, additional information about your rights is provided in the Section for California Residents below.

How to Exercise Your Rights

Requests to access, correct or delete your Personal Data can be submitted by calling our toll‑free number at (844) 951‑2348, emailing us at privacy@duanemorris.com, or completing a request form. Requests to withdraw your consent may be made pursuant to the details provided at the collection of consent or you may submit a request by calling our toll‑free number at (844) 951‑2348, emailing us at privacy@duanemorris.com, or completing a request form. Please refer to the “Sale” or “Sharing” of Personal Data section below for information on how to exercise your rights related to “selling” or “sharing” your Personal Data for targeted advertising purposes.

Only you or subject to applicable law, an authorized agent (a person authorized to act on your behalf), may make a request related to your Personal Data. Except where you have provided your agent with a power of attorney, you must: (1) provide the agent with signed permission clearly describing their authority to make a request on your behalf; (2) verify your own identity with Duane Morris; and (3) directly confirm that you have provided the authorized agent permission to submit the request. That agent must also be able to verify their identity with us and provide us with their authority to act on your behalf.

The request initiated by you or your authorized agent must: (1) include your full legal name, email, and phone number, which we will need to contact you in order to verify that you are the person about whom we collected Personal Data or an authorized representative; and (2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable request does not require you to create an account with us. One of our representatives will contact you in order to verify your identity. You may need to provide additional information in order to verify your request. Depending on the nature of the request, we may require additional verification actions be taken, including, but not limited to, providing a signed declaration under penalty of perjury that you are the person whose Personal Data is the subject of the request. We will only use this information to verify the requestor’s identity or authority to make the request. Once we receive your request and confirm your identity, we will review your request to see if an exception applies. For example, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to comply with any legal obligation(s). We endeavor to respond to a verifiable request within forty‑five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

If we deny your request or cannot fulfill it, you may appeal our decision by contacting us via privacy@duanemorris.com to ask us to review your request again. Your email should include “Appeal” in the subject line. You have the right not to receive discriminatory treatment if you exercise any of the rights explained in this U.S. State Supplement.

“Sale” or “Sharing” of Personal Data

We do not sell Personal Data in the traditional sense (i.e., for monetary compensation). However, like many businesses, we may use third-party advertising, analytics and social media services that involve the collection, use and disclosure to third parties (i.e., our analytics, advertising and social media partners) of certain Personal Data (such as online identifiers, IP address, browsing activity, and interactions with our Website) for the purposes of analytics and to serve you tailored advertising content, including advertising content on third-party sites. Some of these activities may constitute a “sale” or “sharing” of Personal Data as those terms are broadly defined under California or other state laws.

Our practice is to obtain your permission before using tracking technologies on our Website in a manner that may constitute a “sale” or “share” of Personal Data or use of Personal Data for cross-site “targeted advertising” purposes under these laws. You may grant or deny this permission by accepting or rejecting tracking technologies through our cookie preference tool. If you grant us permission, you may revoke your permission for our continued use of such tracking technologies by clicking Your Privacy Choices. Although our Website does not respond to do-not-track (DNT) signals, our Website does recognize the global privacy control (GPC) signal. You may deny us permission to use tracking technologies on our Website in a manner that may constitute a “sale” or “share” of Personal Data by activating the GPC signal in your browser settings. You may refer to the Cookies and Other Tracking Technologies section of our Privacy Notice for more details on our practices and how to adjust your preferences with respect to such practices.

We do not have actual knowledge that we “sell” or “share” (each as they are defined under applicable law) Personal Data of individuals under 16 years of age.

Section for California Residents

California residents should review the below California‑specific disclosures provided in accordance with California law. References to the “CCPA” mean the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., as amended and the regulations promogulated thereunder.

We may collect (and in the preceding 12 months we may have collected) the following categories of personal information:

• Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, tax-ID number, driver’s license number, passport number, or other similar identifiers.
• Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as bank account number, credit card number, etc.
• Characteristics of protected classifications under California or federal law, such as information revealing race, ethnic origin, immigration status, or information concerning an individual’s health.
• Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing histories or tendencies.
• Internet or other electronic network activity information, such as browsing history, search history, and information regarding your interaction with our Website or email communications (such as our newsletters, legal updates, marketing or other promotional materials, event invitations or other email correspondence).
• Geolocation data, such as the approximate (non‑precise) location of the device you are using to interact with us online.
• Sensory Information, such as audio, electronic, visual, or similar information, including photographs for identification or security purposes, email communications, voicemails, and/or security camera footage.
• Professional or employment‑related information, such as job title, job history, professional experience and qualifications, and background check information.
• Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Certain categories of personal information listed above may be considered “Sensitive Personal Information” under the CCPA, such as driver’s license, passport, or other government issued identification card, race or ethnic origin, and information concerning an individual’s health. Duane Morris does not collect or use Sensitive Personal Information for the purpose of inferring characteristics about you. We do not use or disclose (and have not used or disclosed in the past twelve (12) months) Sensitive Personal Information for any purposes other than the purposes permitted under the CCPA.

We may collect (and in the preceding 12 months, we may have collected) the categories of personal information above from you and from various sources, including the following categories of partners and services, for the purposes described in the “How We Use Your Personal Data” section of our Privacy Notice:

• our affiliates;
• certain business partners, such as our pro bono or other strategic partners or our event co‑sponsors;
• our service providers performing services for us or on our behalf;
• our analytics, advertising, and social media partners (if you grant us permission and direct us to do so);
• government entities; and
• data brokers, such as background check services.

We may disclose (and in the preceding 12 months, we may have disclosed) the categories of personal information above to the following categories of third parties for the purposes described in the “How We Use Your Personal Data” section of our Privacy Notice:

• our affiliates;
• certain business partners, such as our pro bono or other strategic partners or our event co‑sponsors;
• our service providers performing services for us or on our behalf;
• our analytics, advertising, and social media partners (if you grant us permission and direct us to do so);
• government entities; and
• data brokers, such as background check services.

Changes to this Supplement

We reserve the right to amend this Supplement from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on our Website and will be effective upon posting. In some cases, such as when we make material changes, we may also tell you about changes by additional means, such as by sending an e‑mail to the e‑mail address we have on file for you. We encourage you to regularly check this page to review any changes we may make to the terms of this Notice.

Questions About this Supplement

If you have any requests or queries concerning your Personal Data or any queries with regard to our privacy practices, please contact us at privacy@duanemorris.com or write to us at the following address: Duane Morris LLP, FAO Data Privacy Manager, 30 South 17th Street, Philadelphia PA 19103‑4196, U.S.A.

 

EEA and UK Supplement

Last Updated: February 27, 2026

This EEA and UK Supplement provides information for residents of the European Economic Area (EEA) and UK. Certain laws such as the EU and UK GDPR provide residents rights to their Personal Data, subject to certain legally permitted exceptions, which can be exercised as set forth below. Our Privacy Notice explains what Personal Data we collect about you, how we collect that Personal Data, and why and how we use and disclose that information. This Supplement should be read together with our Privacy Notice to fully understand our collection, use, and disclosure of your Personal Data. Any capitalized terms we do not define in this Supplement are defined in our Privacy Notice.

If you are an EEA or UK resident and have any queries or questions regarding this Privacy Notice or wish to exercise your rights in relation to Personal Data (see below for details on your rights) we may have collected about you please contact us at privacy@duanemorris.com or write to the UK Appointed Representative of Duane Morris, FAO UK Data Privacy Manager, 16th Floor, Citypoint, 1 Ropemaker Street, London EC2Y 9AW. Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Your Rights

Under certain circumstance, in addition to the rights set out in the Privacy Notice, you may have the right to:

• access your personal data and to be provided with certain information in relation to it;
• require us to correct any inaccuracies in your personal data without undue delay;
• require us to erase your personal data;
• require us to restrict processing of your personal data;
• receive the personal data you may have provided to us, in machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated;
• withdraw content on any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note if you withdraw your consent, we may not be able to provide certain services to you;
• object to a decision we make which is based on automated processing of your personal data; and
• submit a complaint to the relevant data protection supervisory authority.

How We Share Personal Data

If you are a EEA or UK resident please note that when you provide information to us (or a third party on our behalf) it may accordingly be accessed and used in countries outside of the EEA or the UK respectively. In relation to such transfers, you acknowledge that you have been made aware that: (i) some countries outside the EEA and the UK provide levels of protection of personal data which are substantially less robust than those of countries within the EEA and the UK and (ii) in respect of such countries it is possible that this personal data might be intercepted and accessed by governmental and other authorities/agencies in those countries.

By submitting your personal data to us, you consent to this transfer, storing or processing.

Where your personal data is processed outside the EEA and UK without your express consent (for example to provide services to you or where we are mandated to do so by law), we are required to ensure a level of data protection at least as protective as those mandated by the EEA or the UK (as applicable). If you would like to know more about the safeguards used by us to protect the transfer of your personal data, please contact us at privacy@duanemorris.com or write to the UK Appointed Representative of Duane Morris LLP at the following address: Duane Morris, FAO UK Data Privacy Manager, 16th Floor, Citypoint, 1 Ropemaker Street, London EC2Y 9AW, United Kingdom.

General Permitted Purposes for Processing

EEA and UK data privacy laws require us to share with you the purposes for which we process your personal data (the “Permitted Purposes”), together with the corresponding ‘Legal Basis’. We have summarized these in the tables below.

When we refer to the processing of your personal data this may include, for example, obtaining, holding or carrying out any operation or set of operations on the data, such as organizing, copying, analyzing, amending, retrieving, using, disclosing, transferring, retaining, archiving, anonymizing, erasing or destroying it.

We process your personal data (including the types of data listed below in "Types of Personal Data" sections of this Privacy Notice) for one or more of the following general Permitted Purposes. Our processing can sometimes involve sensitive information. Please see the second table under the heading ‘Sensitive Information’ below in this regard.

Legal Basis	Permitted Purpose
Where it is necessary to perform our contract with you or your organization or to take steps at your request to enter into the contract	For example: (a) to respond to your enquiries; (b) to deliver our legal or related services to you or our clients; (c) to manage and administer our relationship with you or our clients (including but not limited to human resources administration, communicating with you, file opening and management, producing reports and narratives to capture how we have spent our time in relation to client matters, billing and billing follow-up); (d) to facilitate our internal business operations such as record keeping and accounting practices; (e) to employ/engage you if you are applying for a position and have been successful with such application; (f) to enter into or perform our agreement with you if you are a supplier or external adviser (including supplier account management, administration and payment of your invoices); or (g) to enter into or perform any other kind of contract/agreement we may have with you.
Where it is necessary for compliance with a legal, regulatory or professional obligation	For example: (a) to carry out internal new business intake, conflicts and other regulatory checks on new clients, new client matters and ongoing matters and to undertake appropriate client due diligence in accordance with anti-money laundering, anti-terrorist financing, trade regulation and other law; (b) to perform appropriate pre-hiring checks of employees and partners in accordance with our professional obligations; (c) to undertake appropriate checks of suppliers and external advisers (for example, to comply with our obligations under applicable privacy, tax payment and tax evasion, modern slavery, anti-bribery and corruption and confidentiality rules); (d) to keep secure our systems and processes and to identify, record and prevent fraudulent, criminal and/or otherwise illegal activities; (e) for health and safety and workplace accident prevention compliance; (f) to comply with instructions, orders and requests from courts and/or law enforcement agencies; (g) to co-operate with our regulators and other public authorities (including by responding to their lawful requests for information; undertaking internal investigations; and complying with our reporting and other professional obligations); (h) to protect our and our clients’ personal data, and other information, property and assets; (i) for equal opportunities monitoring and reporting purposes; and (j) to comply with any other obligation to which we are subject under applicable rules and law.
Where it is necessary for the purposes of our or another party’s legitimate interests, except where these are overridden by your interests, rights or freedoms	For example: (a) to host you at our offices and providing hospitality services; (b) for general security and business continuity purposes; (c) for business management and financial planning (including management of suppliers; business process improvement and quality purposes; management reporting and reviewing records; accounting and auditing; and corporate due diligence); (d) for managing insurances, complaints and potential and/or actual claims; (e) to obtain legal advice, establish, defend and enforce our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings); (f) to ensure the application, audit and enforcement of our internal policies; (g) to ensure the effective provision of legal services to clients; (h) for the improvement of our recruitment and other business processes; (i) for training and continuing professional development purposes; (j) for marketing and public relations purposes, including preparing client pitches and other business development material; contacting you with legal blogs, legal updates, news and industry updates, reports, events and other information; (k) to organize corporate events; (l) to complete any requests you may make in relation to your marketing preferences and other preferences concerning our communications with you; (l) to manage, protect and improve our website, newsletters, blogs and other online services (including: (i) to make sure our website functions as it should; (ii) to recognize you when you return to the website; and (iii) to analyze how our website and online services are performing) (m) to continuously review and improve our services (including by seeking and obtaining your feedback) and developing new ones; and (n) to manage the proposed merger, restructuring, transfer or merging of any or all part(s) of our business, including to respond to any queries from the prospective buyer or merging organization; We consider that such legitimate interests and these uses are proportionate, and compatible with your interests, legal rights and freedoms.
Where you provide your consent	For example: (a) to deal with your enquiries and requests for information about our firm and services; (b) to respond to feedback from you and your recruitment agent; (c) where we extend an offer for employment to you and you ask us to apply for or to renew, your practicing certificate, foreign lawyer registration, work visa or other regulatory registration/authorization on your behalf; (d) to the extent applicable laws require your consent for advertising, marketing and public relations purposes; and (e) where you otherwise provide us with your valid consent.
Where it is necessary to protect your vital interests or that of another person	For example the disclosure of your personal data to medical staff in the event of medical emergencies.

 

Sensitive Information

Where we are legally permitted to do so and one of the general Permitted Purposes apply, we will process sensitive information (see "Types of Personal Data" of this Privacy Notice) for one or more of the following additional Permitted Purposes:

Legal Basis	Permitted Purpose
Where it is necessary for reasons of substantial public interest, on the basis of applicable law	For example: (a) where this is legally permitted, processing details of criminal and regulatory offences, allegations and other sensitive information: (i) for the prevention or detection of fraud and other unlawful acts; (ii) to comply with our money laundering and terrorist financing reporting requirements; and/or (iii) to protect the public against dishonesty, malpractice or other seriously improper conduct; unfitness or incompetence; mismanagement or failures in services. (b) in the jurisdictions where this is legally permitted, processing of data concerning your health, diversity data and other sensitive information for equal opportunities monitoring and reporting purposes. (c) Processing which is necessary for any other valid public interest reason.
Where the processing is necessary for the establishment, exercise or defense of legal or regulatory claims	For example, where this is legally permitted, where the processing of details of criminal and regulatory offences, allegations and proceedings and other sensitive information is necessary: (a) to make or defend a claim, complaint or regulatory allegation on your behalf if you are a client; (b) to exercise our legal rights against third parties; (c) to defend claims, complaints or regulatory allegations made by you or other persons against us; and/or (d) for the establishment, exercise or defense of any other claim.
Where the processing relates to sensitive information manifestly made public by you	For example, sensitive information included in the press, your LinkedIn profile or otherwise online and/or in public, which is processed for one or more of the general Permitted Purposes.
Where it is necessary to protect your vital interests or that of another person where you/they are physically or legally incapable of giving consent	For example, the disclosure of your sensitive information to medical staff in the event of medical emergencies in circumstances where consent cannot be provided.
Where you provide your explicit consent, except where applicable law prevents it	For example: (a) you provide us with your dietary or health requirements so that we can host you at our offices and provide you with hospitality services; (b) where you ask us to apply for or to renew, your practicing certificate, foreign lawyer registration, work visa or other regulatory registration/authorization on your behalf which requires the disclosure of details of criminal and regulatory offences, allegations and proceedings and other sensitive information; (c) you provide us with information about your racial or ethnic origin or sexual orientation to support our diversity and inclusion programs; (d) you consent to us using your witness statement to investigate a health and safety incident or workplace accident; and/or (e) you otherwise provide your valid explicit consent.