Updated: May 22, 2018

This Privacy Notice explains how Covington collects, uses, shares and otherwise processes your personal data collected on our website, mobile apps and in connection with our blogs, client alerts and other communication services (the “Services”). The processing of personal data in connection with client relationships are addressed in engagement agreements between Covington and our clients.

We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal data about you. Those supplemental notices should be read together with this Privacy Notice.

Information we collect about you

You may choose to provide information directly to us through various sections of our Services, including:

  • Contact details for news, publications and marketing communications and events
  • Career information, such as contact details, employment history, and qualifications.
  • Contact details for alumni communications

Our systems may also collect information about your browser or mobile device automatically. We may use cookies, web beacons, and similar devices to help us understand your activity on our Services, as well as email communications. Data we collect automatically includes the type of web browser or mobile device you you’re your operating system, your IP address, and general geographical location.

How and why we use your information

We will use your personal data for the following purposes:

  • To inform you about our services, new legal and policy developments, relevant information in the industries we serve, and our marketing events.
  • To evaluate you as a candidate for employment with our firm.
  • To provide alumni communications.
  • For analysis to improve this website, our services and for market research.
  • For other reasons, with your consent.

Please note that we may use or disclose personal data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

Sharing your information

We may share your information in the following circumstance:

  • Other Covington Offices: For users residing in the EU, these offices may be in countries that offer a lower level of privacy protection than your home country. We have put into place contractual safeguards approved by the European Commission to protect your information.
  • Service Providers: We may share your information with entities that provide services to us, including companies that provide web analytics, advertising, email distribution, and other services. These entities are limited in their ability to use your information for purposes other than providing services for us.
  • Other Parties When Required by Law or as Necessary to Protect Our Services: There may be instances when we disclose your information to legal advisors and public authorities, such as court and law enforcement agencies.
  • Other Parties in Connection With a Transfer of Assets: If we make a sale or transfer of assets, or are otherwise involved in a merger or transfer, we may transfer your information to one or more third parties as part of that transaction.
  • Other Parties With Your Consent: In addition to the sharing described in this privacy notice, we may share information about you with other third parties when you consent to such sharing.

Third-Party Content, Functionality, and Services

Some of the content, functionality, and services on the Services may be provided by third parties that are not affiliated with Covington. For example, on our blogs we enable you to share certain materials on the Website with others through services such as Facebook and Twitter. These third parties may collect or receive certain information about your use of the Services, including through the use of cookies, web beacons, and similar technologies. These entities may collect this information over time and combined with information collected from different websites and online services. We are not responsible for the privacy practices of these entities.

Children’s Information

We do not knowingly collect or store personally identifiable information about children under the age of 16, unless permitted by law. If we learn that we have collected personally identifiable information from a child under age 16, we will delete that information from our database.

Privacy Rights of European Visitors

Legal Grounds. We will process your personal data only (1) with your consent; (2) to perform a contract between you and us; (3) to comply with a legal obligation; or (4) where we have a legitimate interest to do so, balancing this interest against your interests and fundamental rights. These legitimate interests are administrative functions within Covington, marketing activities, and complying with your requests for information.

Access, Correction and Deletion. If you reside in the EU, you may exercise your Personal Data rights under GDPR through the contact information shared below. Specifically you have the following rights subject to the exceptions allowed by law:

  • To access your information
  • To rectify or update your information
  • To erase your information, subject to our need to retain certain information for legal or other purposes
  • To receive a copy of your information
  • To object to or restrict its processing

How we protect your information

We use physical, technical and administrative measures to protect your information against loss, theft and unauthorized use, disclosure or modification. While we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us since no method of data transmission or storage is 100% secure.

How long will we retain your information?

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your it and whether we can achieve those purposes through other means, and the applicable legal requirements

In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case it is no longer personal data.

Upon expiration of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.

Changes to this privacy notice

We may update this Privacy Notice at any time, and we will make an updated copy of any such Privacy Notice available on our website.

Further information

Should you have any questions about this Privacy Notice or inquiries regarding your personal data rights you can contact us at privacy@cov.com or at the address below.

Privacy Officer
Covington & Burling LLP
850 10th St NW
Washington, DC 20001

Users residing in the European Economic Area have a right to lodge a complaint to the supervisory authority for data protection in their country.

Cookies, Web Beacons, and Similar Technologies

We — as well as certain third parties that provide content, functionality, or services on the Website — use a variety of technologies to learn more about how people use the Website. This section provides more information about some of those technologies and how they work. Please find below a list of the cookies we use:

NECESSARY COOKIES

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

__cfduid

Provider: covingtonburlingblogs.com
Expiry: 1 year
Type: HTTP Cookie

Used by the content network, Cloudflare, to identify trusted web traffic.

CookieConsent

Provider: insideprivacy.com
Expiry: 1 year
Type: HTTP Cookie

Stores the user’s cookie consent state for the current domain.

wordpress_test_cookie

Provider: insideprivacy.com
Expiry: Session
Type: HTTP Cookie

Used to check if the user’s browser supports cookies.

JSESSIONID

Provider: linkedin.com
Expiry: Session
Type: HTTP Cookie

Preserves users states across page requests.

PREFERENCE COOKIES

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

lang

Provider: linkedin.com
Expiry: Session
Type: HTTP Cookie

Set by LinkedIn when a web page contains an embedded “Follow us” panel.

STATISTIC COOKIES

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga

Provider: insideprivacy.com
Expiry: 2 years
Type: HTTP Cookie

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gid

Provider: insideprivacy.com
Expiry: Session
Type: HTTP Cookie

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gat

Provider: insideprivacy.com
Expiry: Session
Type: HTTP Cookie

Used by Google Analytics to throttle request rate.

_dc_gtm_UA-#

Provider: insideprivacy.com

Expiry: Session

Type: HTTP Cookie

Used by Google Tag Manager to control the loading of a Google Analytics script tag.

MARKETING COOKIES

Marketing cookies are used to track visitors across websites. The intention is to display content that is relevant and engaging for the individual user.

cov.vuture.net_VxSessionId

Provider: cov.vuture.net
Expiry: Session
Type: HTTP Cookie

Used by Vuture (email marketing communications) to track responses to marketing campaigns and track the visitor’s website journey.

intEmailHistoryId

Provider: cov.vuture.net
Expiry: 1 year
Type: HTTP Cookie

Used by Vuture (email marketing communications) to track responses to marketing campaigns and track the visitor’s website journey.

security/tracker.gif

Provider: cov.vuture.net
Expiry: Session
Type: Pixel Tracker

Used by Vuture (email marketing communications) to track responses to marketing campaigns and track the visitor’s website journey.

r/collect

Provider: doubleclick.net
Expiry: Session
Type: Pixel Tracker

Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.

form/displays.htm

Provider: forms.aweber.com
Expiry: Session
Type: Pixel Tracker

Used by AWeber for its email signup form.

collect

Provider: google-analytics.com
Expiry: Session
Type: Pixel Tracker

Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.

leo_auth_token

Provider: linkedin.com
Expiry: Session
Type: HTTP Cookie

Used by the social networking service, LinkedIn, for tracking the use of embedded services.

visit

Provider: linkedin.com
Expiry: 2 years
Type: HTTP Cookie

Used by the social networking service, LinkedIn, for tracking the use of embedded services.

bcookie

Provider: linkedin.com
Expiry: 2 years
Type: HTTP Cookie

Used by the social networking service, LinkedIn, for tracking the use of embedded services.

bscookie

Provider: linkedin.com
Expiry: 2 years
Type: HTTP Cookie

Used by the social networking service, LinkedIn, for tracking the use of embedded services.

lidc

Provider: linkedin.com
Expiry: Session
Type: HTTP Cookie

Used by the social networking service, LinkedIn, for tracking the use of embedded services.

UID

Provider: scorecardresearch.com
Expiry: 2 years
Type: HTTP Cookie

Collects information of the user and his/her movement, such as timestamp for visits, most recently loaded pages and IP address. The data is used by the marketing research network, Scorecard Research, to analyse traffic patterns and carry out surveys to help their clients better understand the customer’s preferences.

UIDR

Provider: scorecardresearch.com
Expiry: 2 years
Type: HTTP Cookie

Collects information of the user and his/her movement, such as timestamp for visits, most recently loaded pages and IP address. The data is used by the marketing research network, Scorecard Research, to analyse traffic patterns and carry out surveys to help their clients better understand the customer’s preferences.

_twitter_sess

Provider: twitter.com
Expiry: Session
Type: HTTP Cookie

Collects anonymous data related to the user’s visits to the website, such as the number of visits, average time spent on the website and which pages have been loaded, with the purpose of personalising and improving the Twitter service.

personalization_id

Provider: twitter.com
Expiry: 2 years
Type: HTTP Cookie

Collects anonymous data related to the user’s visits to the website, such as the number of visits, average time spent on the website and which pages have been loaded, with the purpose of personalising and improving the Twitter service.

guest_id

Provider: twitter.com
Expiry: 2 years
Type: HTTP Cookie

Collects anonymous data related to the user’s visits to the website, such as the number of visits, average time spent on the website and which pages have been loaded, with the purpose of personalising and improving the Twitter service.

external_referer

Provider: twitter.com
Expiry: 6 days
Type: HTTP Cookie

Collects anonymous data related to the user’s visits to the website, such as the number of visits, average time spent on the website and which pages have been loaded, with the purpose of personalising and improving the Twitter service.

ct0

Provider: twitter.com
Expiry: Session
Type: HTTP Cookie

Collects anonymous data related to the user’s visits to the website, such as the number of visits, average time spent on the website and which pages have been loaded, with the purpose of personalising and improving the Twitter service.

VISITOR_INFO1_LIVE

Provider: youtube.com
Expiry: 179 days
Tries to estimate the users’ bandwidth on pages with integrated YouTube videos.

YSC

Provider: youtube.com
Expiry: Session
Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

GPS

Provider: youtube.com
Expiry: Session
Type: HTTP Cookie

Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

PREF

Provider: youtube.com
Expiry: 8 months
Type: HTTP Cookie

Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites.

Cookies. Cookies are small text files that websites and other online services use to store information about users on the users’ own computers. Cookies may be used to store a unique identification number tied to your computer so that a website can recognize you as the same user across different visits to the website. You can configure your Internet browser to warn you each time a cookie is being sent or to refuse cookies completely.

We and the third parties that provide content, functionality, or business services on the Website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the Website, and help us understand your interests and improve the Website.

Web beacons. We, along with our third-party partners, may also use technologies called web beacons that communicate information from your Internet browser to a web server. Web beacons can be embedded in web pages, videos, or emails, and can allow a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed the web beacon, the IP address of your computer, and the URL of the web page from which the web beacon was viewed. We and our partners use web beacons for a variety of purposes, including to analyze the use of the Website and in conjunction with cookies to improve the Website and to provide you with more relevant promotion materials.