Scharf Banks Marmor Privacy Policy

Scharf Banks Marmor is committed to protecting your privacy.  This notice describes how we collect, use, and protect your personal data. It also describes the rights you have and control you can exercise in relation to it.  This notice is intended to be consistent with (and supplement) our obligations under applicable laws, including the Gramm-Leach-Bliley Act, a 1999 US federal financial law (hereinafter referred to as “the GLB Act”), and the EU General Data Protection Regulation (“GDPR”). This Privacy Notice was last updated on June 6, 2018.  The policy may change at any time, and you may review our current policy on our website at, or contact us at 312-726-6000.

Who we are and why we have a privacy/data protection policy

Scharf Banks Marmor (SBM) is a law firm based in Chicago, Illinois, providing client services to clients predominantly in the US or with a connection to the US.  For our international practice, we follow best practices with regard to data privacy and protection. If you have any questions about SBM’s use of your personal data, please contact the attorney with whom you customarily work, or any one of the 312-726-6000.

Data collection and usage

We may collect personal data from a variety of sources when you, your organization, or a third party that holds your personal information retains SBM to provide legal advice or other services; when you, your company, or a third party that holds your personal information makes inquiries regarding our services; when you use the SBM website or provide personal information during SBM events and webinars; when you provide us with your personal information at professional events or other events; when you or a person who holds your personal information provides information to us for the purpose of recruitment; and when you or your organization provides or offers services to us.  The types of personal data we collect would include the following:

  • Contact information: your name, position, role, company or organization, telephone (including mobile phone number where provided) as well as email and postal address;
  • Business information: data identifying you in relation to matters on which you engage us or in which you are involved;
  • General client information: SBM may also collect information that you choose to provide. Please do not send confidential information until we have confirmed in writing that we represent or act for you or your organization.  Unsolicited emails from non-clients do not establish a lawyer-client relationship.  They may not be privileged and, therefore, may be disclosed to others;
  • Your logon ID and password: for access to SBM’s extranets and other client services or platforms;
  • Information from public sources: e.g. Linked in and similar professional networks, directories or internet publications;
  • Information in connection with investigations or proceedings: where this is necessary to conduct the investigation or proceedings;
  • Attendance records: to record your attendance at our offices for security purposes;
  • Subscriptions/preferences: when you subscribe to receive legal briefings, updates or newsletters as well as consent preferences to help us identify which materials you are interested in receiving;
  • Events data: attendance at and provision of feedback forms in relation to our events;
  • Supplier data: contact details and other information about you or your company or organization where you provide services to SBM;
  • Social media: posts, Likes, tweets and other interactions with our social media presence;
  • Technical information: about your visit when you access this website and our technology services, however, SBM does not collect personal data about your online activities across third party websites or online services;
  • Special categories of personal data: such as dietary, disability or similar requirements you provide us for events and meetings;
  • Criminal record data: where permitted by national and local law and appropriate to do so, such as existence of prior criminal offences (or confirmation of clean criminal record).  This data is to assist us in complying with our professional and legal obligations, and with specific legal obligations as they may arise under anti-money laundering, sanctions screening, and regulatory checks.

How we use your personal data

We may use your personal data for the following purposes:

  • Service provision: providing legal advice and services including extranets and other technology tools;
  • Business relationship: managing and administering our relationship with you, your company or organization including keeping records about business contacts, services and payments so we can customize our offering for you, develop our relationship and target our marketing and promotional campaigns;
  • Communication: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services;
  • Events: running legal briefings, roundtables and other events;
  • Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
  • Client legal compliance: to evaluate prospective clients in accordance with our professional and legal obligations;
  • Technology monitoring: to verify that all technology services are being used appropriately and to optimize their functionality;
  • Site security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
  • Regulatory: compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements;
  • Meeting our ethical obligations under applicable Rules of Professional Responsibility
  • Managing suppliers: who deliver services to us;
  • Legitimate interest: to pursue the legitimate business interests in connection with providing legal services.

Our reasons for using your personal data

We may process your personal data if:

  • You have given us consent: for example, where you share details for particular purposes;
  • It is necessary to comply with legal, ethical, or regulatory obligations: for example, anti-money laundering and mandatory client screening checks or disclosure to law enforcement;
  • It is necessary to deal with legal claims: and to enable us to provide legal advice;
  • It is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual or as a client.

Our reasons for using special category data

Special category data in the EU and certain other jurisdictions refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data. We may also collect data about criminal convictions. We may process this data where:

  • We have your explicit consent;
  • It is necessary to protect your vital interests or those of another person;
  • It is necessary to deal with legal claims;
  • It is necessary for substantial public interest;
  • It is permitted by applicable law.

With whom do we share your data?

We may share your information as with others as follows:

  • Suppliers who support our business, and only to the extent necessary for such support and under establish standards of data security;
  • Other law firms and lawyers as needed for a specific matter, expert witnesses and arbitrators/mediators;
  • Law enforcement bodies or other government authorities;
  • Appropriate parties in the event of emergencies;
  • Your company or organization;
  • Screening service providers so that we can comply with legal and ethical obligations in relation to the prevention or protection of crime, anti-money laundering, sanctions screening and other required checks;
  • Advertising networks and analytics service providers: to support and display ads on our website, apps and other social media tools;
  • Third parties: in the context of the acquisition or transfer of any part of our business or in connection with the business reorganization;
  • Other delegates: where your name will appear on the attendee list for events where you have told us you plan to attend.

Personal data about others

In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.


We will hold your information securely in line with physical, technical and administrative security measures. However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk.

Where will your information be held?

It is possible that your information may be transferred out of your local jurisdiction or region.

We keep personal information obtained during the course of

How long do we keep your data?

client representations for a period of time that is consistent with our professional responsibilities and that is reasonably necessary for the purpose for which the data was collected and to protect and defend SBM against legal claims.

For other types of personal information, we will retain the data until no longer reasonably necessary for the purposes for which it was collected or until consent to hold the data is revoked, provided that there is no other basis for us to hold the information and the deletion of the personal information is legal and consistent with our professional responsibilities

Your Rights

You may request access to, correction or deletion of your personal information held by SBM. We will consider any such request seriously, although we may choose not to delete information where it is necessary for compliance with our professional obligations or provision of services to others, or we otherwise have a substantial need to retain the data. You may also have rights (including under GDPR, where applicable, and subject to conditions) to restrict or to object to processing of your data and to portability of your data to other service providers. You may exercise any of these rights by contacting us.

Direct Marketing 

You can opt-out of receiving direct marketing from us at any time. You can do this by changing your marketing preferences on your online accounts settings page, clicking on the “unsubscribe” link included at the end of any marketing email we send to you.

We may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services including events that we think may interest you.


We do not knowingly collect information from children or other persons who are under 18 years old. If you are under 18 years old, you may not submit any personal data to us.

Changes to this policy

This policy may be changed from time to time.