Skip to Main Content.

Frost Brown Todd LLP European Union and United Kingdom GDPR Privacy


Last updated October 17, 2023

Frost Brown Todd LLP is a U.S. based law firm that serves U.S. clients as well as clients located in the European Union (EU), United Kingdom (UK), and other countries. In substantially all cases, our clients located in the European Union or the United Kingdom are legal entities and not natural persons. This European Union and United Kingdom Privacy Notice explains how we collect, store, use and delete personal data in connection with the services we provide to our EU and UK clients. This personal data may be from individuals who do business with our clients or individuals employed by our clients, or our business associates, or our service providers.

We may update this European Union Privacy Notice from time to time.

For information on our practices concerning non-EU or non-UK personal data, please see our Website Privacy Policy.


Our Contact Details

If you wish to contact us about this Privacy Notice please use the information below.


Telephone: 1.800.793.6482

Website address:

Postal address:

Privacy Officer
Frost Brown Todd LLP
3300 Great American Tower
301 E. 4th Street
Cincinnati, Ohio 45202


Who We Are

Frost Brown Todd is a full-service law firm that provides legal and other client services (“Services”). We collect your personal data when you use our Website or when individuals or businesses engage with us or use our Services. We also collect personal data about individuals as a result of providing the Services to third parties.


What Information Do We Collect?

We collect data you give us when your request our Services, such as:

  • Name
  • Home address
  • Telephone numbers
  • Email address
  • Other contact details; and
  • Any information you provide to us.

In the case of some services, such as advice and counsel on estate planning and taxation, or assistance with patent prosecution, we will ask you to provide us with:

  • Your date of birth,
  • Social services or health insurance number, or
  • Other government-issued identification number, documents about your identification such as passport or driver’s license, and financial account or credit card data.

If we are providing you with immigration services, we also collect your sensitive data, such as health data, race, and national origin.  We collect data about your preferences when you complete survey responses or otherwise communicate with us about your attendance at our functions or information such as legal updates that we provide to you. We collect technical data about you, including the type of device (and its unique device identifier) that you use to access our website, your IP address, browser type, time zone setting, and operating systems.


Other Sources of Your Data

We sometimes obtain your personal data from third parties, such as your employer in relation to our provision of Immigration Services, third parties we work closely with, including family members, referral sources, or parties to a transaction in which you or your employer or family member is a party or is otherwise involved. Technical data is provided to us by service providers of technology, payment and delivery services, website analytics providers, and consumer reporting companies.


Why We Collect Your Information

We collect your data because:

  • You are a client or a prospective client of our firm or you are a supplier or referral source
  • You otherwise use our Services
  • You are an employee or otherwise work for a client or a supplier of ours, or for someone who otherwise uses our Services
  • You are an employee or otherwise work for a party to a transaction in which our firm is involved.
  • You are related to a client, or
  • You are someone (or work for someone) to whom we would like to advertise or market our services or events.


What is the Legal Basis and Purpose for Holding Your personal data?
Purpose of Processing Legal Basis for Processing
As part of new client onboarding procedures, we process your personal data to verify your identity, to perform conflict of interest searches.


To prevent misconduct, abuse and misuse particularly as regards illegal activities and suspected fraud

To perform a contract for our Services to which you are a party (an engagement).



For compliance with legal obligations to which we are subject, such as professional ethics obligations, US and EU governmental regulations, and to enforce or defend our legal rights

To carry out your requests for our Services, to comply with our legal obligations, to enforce our agreements with you, to perform the Services, to respond to RFPs, and to identify business opportunities Legitimate interests:

to develop and grow our business and Services and promote FBT, to respond to an RFP or a specific request in anticipation of a contract for our Services (an engagement)

To investigate or settle inquiries or disputes, to obtain payment in accordance with our agreement with you To perform a contract to which you are a party.



For compliance with legal obligations to which we are subject, such as professional ethics obligations, US and EU governmental regulations, and to enforce or defend our legal rights

To enable us to perform the Services, to process business transaction data such as in connection with a merger or acquisition To perform a contract to which you are a party.




To perform certain services such as Immigration Legal Services With your consent
To send you legal updates and news, or to otherwise contact you about those of our Services we think may interest you, by email Legitimate interest – to develop and grow our business and Services and promote FBT
To better understand how you and others use our Services, so that we can improve our Site and Services, and for other research and analytical purposes. Legitimate interest – to ensure that we provide the best services and to develop and grow our business and Services and promote FBT

When we rely upon our legitimate interests for processing your data, we will balance those interests against your privacy rights and will not use your personal data where the impact on you would override your rights, unless we are otherwise permitted by law to process your personal data, e.g., where you consent.


How long do we keep your personal data?

We will keep your personal data on an ongoing basis in accordance with the table below, or as otherwise required by applicable laws and regulations.

Additionally, we will retain your personal data according to the following schedule:

Type of Data Retention Period
Contact Information So long as we have a legitimate interest to inform you of our services
Client Files Depending on the state where we provided the Services we keep your files for a minimum of 10 years following termination of our contractual relationship or closure of the matter, and longer periods for environmental and intellectual property matters. We need to keep records for this period for regulatory compliance and to ensure our records are adequate for the purposes of obtaining insurance to protect our clients and other parties.
Employment Applications and Resumes, Human Resources files 6 years after employment relationship has terminated, or 30 days from the date of conclusion of the application for non-successful non-attorney candidates and 4 years for attorney candidates.
Website Data 26 months
On-client Health Records, Race, National Origin, and other sensitive data Until our contractual relationship has terminated.

We are required to retain certain client confidential and personal data in accordance with the law, such as data needed for income tax and audit purposes. How long certain kinds of personal data should be kept is also governed by specific business-sector requirements and agreed practices. We generally retain files and data regarding client engagements and matters for which we have been retained for at least 10 years from the date of our last interaction with the relevant client or the date the matter was closed in our systems, in compliance with our obligations under applicable laws, professional ethical obligations, or for longer where required to protect our legal rights and interests or those of others.


Your Data Privacy Rights

You have important rights that you may exercise to protect your personal data. You may access those rights at any time by contacting us at

You have the following rights concerning your personal data that we hold and process that you can exercise at any time:

  • Right of access – you have the right to request a copy of the data that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organization.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to judicial review: if FBT refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the process below.

Please note: we will not be able to delete data that is required to maintain our business purpose or that is required to facilitate your contract with us. All the above requests will be forwarded on to other parties holding and processing your data where appropriate.

We may require that you verify your identity by a process we will communicate to you at that time.


Under what circumstances will FBT contact me?

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the data you provide will be subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.


For certain types of sensitive data, we may ask for your consent to use the data for certain described purposes at the time you provide it. You may withdraw your consent at any time.

When you give us your consent, you are giving us permission to process your personal data specifically for the purpose identified in the consent request. Where we ask you for additional personal data, we will obtain your consent to our proposed use of that data where required, and always tell you why and how the data will be used.

You may withdraw consent at any time by sending an email or letter to our Privacy Offices.


Sharing with Third Parties

We may pass your personal data on to trusted third-party service providers contracted by FBT to perform certain services for us, or to collaborate directly with you.  

Any third parties that we may share your data with are obliged to keep your details securely, and to use them only for the purposes and to complete the tasks identified by FBT. When they no longer need your data to fulfill this service, they are required to dispose of the details in line with FBT’s procedures.


International transfer of personal data

FBT may transfer your personal data within FBT and/or to other third parties, such as our third-party service providers. Your personal data may be transferred to, stored, and processed in a country other than the one in which it was collected. This may include the United States. When we do so, we transfer the data in compliance with applicable data protection laws. In particular, we have implemented safeguards in the form of an Information Sharing Agreement that uses the standard contractual clauses adopted by the European Commission.  You can obtain a copy of the standard contractual clauses by contacting our Privacy Officer.


Safeguarding personal data

We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse and alteration of the data under our control.  In addition, we limit access to your personal data where appropriate to those persons within FBT and third parties who have a business need to access your data. They will only process your data in accordance with our instructions and are subject to a duty of confidentiality. In certain cases, we have given you access to your personal data by means of a login and password. You are responsible for keeping this password safe and secure.

Unfortunately, we cannot and do not guarantee or warrant the security of any data you disclose or transmit to us online and we are not responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable data.


Questions and Problems

If you wish to raise a complaint on how we handle your personal data, you can contact our Privacy Officer as follows:

By Email:

By Postal Mail:

Privacy Officer
Frost Brown Todd LLP
3300 Great American Tower
301 E. 4th Street
Cincinnati, Ohio 45202

If you are not satisfied with our response you can complain to the data supervisory authority for the country in which you reside.