Privacy Policy

Museum Plaza, 200 South Andrews Avenue
Suite 100, Fort Lauderdale, Florida 33301
Tel: 954.351.7474
www.500law.com

WEBSITE PRIVACY POLICY AND COOKIE STATEMENT

Effective Date: March 24, 2026
Last Amended: March 24, 2026

500law is committed to protecting the privacy and confidentiality of personal information. As a law firm, we are subject to professional responsibility rules that impose heightened duties of confidentiality with respect to client information. This Privacy Policy describes our practices regarding information we collect through our website and, separately, information processed in connection with the provision of legal services.

I. INTRODUCTION AND SCOPE OF THIS POLICY

This Privacy Policy and Cookie Statement (“Policy”) is published by 500law (“the Firm,” “we,” “us,” or “our”). It explains how we collect, use, disclose, protect, and retain Personal Information in connection with: (a) your use of our website at www.500law.com and all related subdomains, microsites, and digital properties (collectively, the “Site”); (b) your subscription to our newsletters, legal publications, client alerts, and event invitations; (c) your submission of inquiries, contact forms, or job applications; and (d) the provision of legal services to our clients, to the extent not otherwise governed by applicable rules of professional conduct or engagement letter terms.

This Policy does not apply to information collected in the context of a formal attorney-client engagement to the extent such information is protected by the attorney-client privilege, the work-product doctrine, or any other applicable legal protection. Such information is governed by the terms of the applicable engagement letter and applicable professional conduct rules.

By using the Site, you acknowledge that you have read this Policy and consent to the collection, use, and disclosure of your Personal Information as described herein. If you do not agree to the practices described in this Policy, please do not use the Site.

II. KEY DEFINITIONS

“Personal Information” means any information that alone, or in combination with other information, directly or indirectly identifies or is reasonably capable of identifying a natural person. This includes, but is not limited to, name, email address, telephone number, postal address, IP address, professional title, and employer.

“Sensitive Personal Information” means a subset of Personal Information that receives heightened protection under applicable law, including Social Security numbers, financial account information, health or medical information, racial or ethnic origin, religious beliefs, and biometric data.

“Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, storage, use, disclosure, transmission, restriction, or deletion.

“Data Controller” means the entity that determines the purposes and means of the Processing of Personal Information. For the purposes of this Policy, 500law is the Data Controller of Personal Information collected through the Site.

“Data Processor” means a third party that Processes Personal Information on behalf of and at the direction of 500law.

III. PERSONAL INFORMATION WE COLLECT

A. Information You Provide to Us Directly. We collect Personal Information that you voluntarily provide to us when you interact with the Site. The specific categories of information depend on the nature of your interaction:

Contact and Inquiry Submissions: When you submit a contact or inquiry form, we collect your name, email address, telephone number, company or organization name, jurisdiction of residence, and the substance of your legal inquiry. Please note that submitting an inquiry does not create an attorney-client relationship and does not obligate 500law to undertake any representation.

Newsletter and Publication Subscriptions: When you subscribe to our publications, client alerts, or event notifications, we collect your name, email address, professional title, company or organization name, and practice area or topic interests.

Event Registration: When you register for a webinar, seminar, continuing legal education (CLE) program, or other event, we collect your name, email address, company name, bar admission information (where required for CLE credit), and payment information, which is processed through secure third-party payment processors.

Career Applications: When you submit a job application, clerkship application, or summer associate application, we collect your name, contact information, educational background, work history, writing samples, references, professional credentials, bar admissions, and such other information as may be requested in our application process.

Client Intake: When prospective clients submit a legal matter inquiry, we collect information necessary to perform a conflicts-of-interest analysis, including the nature of the matter, the identities of parties involved, and contact information. This intake information is treated with the highest degree of confidentiality and is not used for marketing purposes.

B. Information Collected Automatically. When you access and use the Site, certain technical information is collected automatically from your browser and device through the use of cookies, web beacons, pixel tags, log files, and similar tracking technologies. This automatically collected information may include: Internet Protocol (IP) address and approximate geographic location derived therefrom; browser type, version, language, and plug-in information; operating system and device type; referring URL; pages visited on our Site, time spent on each page, and navigation paths; search terms entered on the Site; date and time of access; crash reports and performance data; and unique device identifiers and advertising identifiers. This information is generally used in aggregated or anonymized form and does not, on its own, identify you personally.

C. Information from Third Parties. We may receive Personal Information about you from third parties in the following contexts: from co-counsel, clients, or opposing parties in the context of a legal matter; from third-party recruitment platforms and candidate-referral sources in connection with job applications; from conference or event co-organizers who share attendee information with participating firms; from analytics providers and social media platforms in accordance with your settings on those platforms; and from publicly available sources, including court records, regulatory filings, and professional directories.

IV. COOKIE POLICY

A. What Are Cookies? A cookie is a small text file that a web server sends to and stores on your browser or device when you visit a website. Cookies serve various functions, including keeping you logged in, remembering your preferences, and collecting analytics data. Cookies may be “session cookies” (deleted automatically when you close your browser) or “persistent cookies” (which remain on your device until they expire or are deleted).

B. Categories of Cookies We Use.

Strictly Necessary Cookies: These cookies are essential for the Site to function and cannot be disabled. They include cookies that manage your session, ensure security, and enable core navigation features. No consent is required for these cookies.
Performance and Analytics Cookies: These cookies collect information about how visitors use our Site, including which pages are visited most often and whether users encounter error messages. We use services such as Google Analytics to collect this data in an anonymized or aggregated form.
Functional Cookies: These cookies allow the Site to remember choices you make (such as your language preference or region setting) and provide enhanced, more personalized features.
Targeting and Advertising Cookies: These cookies record your visit to our Site, the pages you have visited, and the links you have followed. We may use this information to make advertising delivered to you more relevant to your interests.

C. Managing Cookies. You may control and manage cookie settings through your browser preferences. Most browsers allow you to view, block, or delete cookies. Please note that disabling cookies may affect the functionality of certain features of our Site. You may also opt out of interest-based advertising by visiting the Network Advertising Initiative opt-out tool at https://optout.networkadvertising.org and the Digital Advertising Alliance opt-out tool at https://optout.aboutads.info.

D. Do Not Track Signals. Some browsers transmit “Do Not Track” (DNT) signals to websites visited. Because there is no uniform standard for interpreting DNT signals, the Site does not currently alter its data collection or use practices in response to DNT signals. Our Site does not permit third parties to collect Personal Information about your online activities across other websites for their own independent purposes.

V. HOW WE USE YOUR PERSONAL INFORMATION

We Process Personal Information for the following purposes and on the following legal bases:

Responding to Inquiries: To respond to your contact form submissions, questions, requests for information, and intake inquiries, and to determine whether we are in a position to assist you. Legal basis: legitimate interests; pre-contractual steps.

Client Intake and Conflict Checks: To conduct conflicts-of-interest analyses as required by professional conduct rules before accepting a new matter. Legal basis: legal obligation; legitimate interests.

Provision of Legal Services: Subject to the terms of our formal engagement, to provide legal advice, representation, and related professional services to our clients. Legal basis: performance of a contract; legal obligation.

Marketing and Thought Leadership: To send you newsletters, client alerts, event invitations, and other informational content that we believe may be of interest to you based on your professional role or stated interests. You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any email we send. Legal basis: legitimate interests; consent.

Site Analytics and Improvement: To analyze Site traffic, monitor usage patterns, troubleshoot technical problems, and improve the functionality, content, and design of the Site. Legal basis: legitimate interests.

Recruitment and Human Resources: To evaluate job applications, conduct background checks where permitted by law, make hiring decisions, and administer employment relationships. Legal basis: pre-contractual steps; legitimate interests; legal obligation.

Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, impersonation attempts, unauthorized access, and other malicious activities. Legal basis: legitimate interests; legal obligation.

Legal and Regulatory Compliance: To comply with applicable laws, regulations, court orders, subpoenas, and professional responsibility rules, including anti-money laundering (AML) and know-your-client (KYC) requirements. As a law firm, 500law is subject to applicable anti-money laundering laws and regulations. In certain representations, we are required to verify the identity of our clients and collect and retain documentation related to the source of funds. Failure to provide required identification documentation may result in our inability to undertake or continue a representation. Legal basis: legal obligation.

VI. DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION

500law does not sell, rent, trade, or otherwise disclose Personal Information to unrelated third parties for their independent commercial or marketing purposes. We may disclose Personal Information in the following limited circumstances:

A. Service Providers and Data Processors. We engage trusted third-party service providers to perform functions on our behalf, including IT infrastructure and cloud hosting, cybersecurity and incident response, document management and e-discovery platforms, email delivery and marketing automation services, analytics and advertising technology platforms, event registration and CLE administration, legal practice management software, and background screening for recruitment purposes. These service providers access Personal Information only to the extent necessary to perform their contracted services and are bound by confidentiality obligations and data processing agreements requiring them to protect your Personal Information consistently with this Policy and applicable law.

B. Legal and Professional Obligations. We may disclose Personal Information when required or permitted by applicable law, including in response to a valid subpoena, court order, or other legal process; to comply with regulatory investigations, inquiries, or audits; to comply with professional conduct rules imposed by state bar associations or other licensing authorities; or to establish, exercise, or defend our legal rights. Where practicable and legally permissible, we will notify affected individuals prior to making such disclosures.

C. Provision of Legal Services. Subject to applicable professional conduct rules, we may share Personal Information with co-counsel, local counsel, and foreign correspondent counsel engaged to assist on a matter; expert witnesses, consultants, and investigators retained in connection with a matter; and courts, arbitration tribunals, and regulatory bodies before which we appear on your behalf. All such sharing is conducted in accordance with applicable attorney-client privilege and professional confidentiality obligations.

D. Business Transactions. In the event of a merger, acquisition, restructuring, dissolution, or other business transaction involving 500law, Personal Information held by the Firm may be transferred to the successor or acquiring entity, subject to applicable bar association rules governing the transfer of client files and confidential information.

E. With Your Consent. We may disclose Personal Information to third parties for purposes not described in this Policy where we have obtained your prior express consent.

F. International Transfers. 500law operates primarily in the United States. If you are located outside the United States, Personal Information you provide to us may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home jurisdiction. Where Personal Information originating in the European Economic Area, the United Kingdom, or other jurisdictions with cross-border transfer restrictions is transferred internationally, we implement appropriate safeguards, including standard contractual clauses approved by the European Commission or other transfer mechanisms compliant with applicable law.

VII. DATA SECURITY

500law maintains a comprehensive information security program that includes reasonable and appropriate administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, loss, theft, and destruction. Our security measures include, among others:

encryption of Personal Information in transit using TLS/SSL protocols and at rest using industry-standard encryption technologies;
multi-factor authentication for access to Firm systems and applications;
role-based access controls limiting access to Personal Information to personnel who require it to perform their job functions;
regular penetration testing, vulnerability assessments, and security audits;
employee training programs on data security, phishing awareness, and incident response;
vendor due-diligence procedures and contractual requirements for Data Processors; and
incident response and data breach notification procedures.

Despite the Firm’s reasonable security measures, no method of transmission over the Internet or electronic storage system is completely secure. 500law cannot guarantee that Personal Information will never be accessed, disclosed, altered, or destroyed by a security breach. In the event of a security breach affecting your Personal Information, we will notify you and the relevant regulatory authorities as required by applicable law. If you believe that your Personal Information has been compromised, please contact us immediately using the information provided in Section XII below.

VIII. DATA RETENTION

We retain Personal Information for no longer than is necessary for the purposes for which it was collected:

Client Matter Files: Retained for a minimum period consistent with applicable bar association guidelines, typically seven (7) to ten (10) years following the conclusion of the matter, subject to applicable statutes of limitations and any litigation hold obligations.
Conflict-Check Records: Retained indefinitely or for the minimum period required by applicable professional conduct rules.
Marketing and Communications Data: Retained until you opt out of communications or until the information is no longer accurate or relevant, whichever is sooner.
Job Application Data: Retained for two (2) years following the conclusion of a recruitment process, or for longer periods where required by applicable employment law.
Site Analytics Data: Retained in aggregated or anonymized form for up to twenty-six (26) months.
Fraud Prevention Records: Retained for up to seven (7) years or as required by applicable law.

At the conclusion of the applicable retention period, Personal Information is securely deleted or anonymized in accordance with our data disposal procedures.

IX. YOUR PRIVACY RIGHTS

A. General Rights (All Jurisdictions). Subject to applicable law and our legal and professional obligations, you may have the right to: access and receive a copy of the Personal Information we hold about you; request correction of inaccurate or incomplete Personal Information; request deletion of your Personal Information, subject to our legal and professional obligations to retain certain records; request that we restrict Processing of your Personal Information in certain circumstances; receive your Personal Information in a structured, machine-readable format and transmit it to another controller where technically feasible; object to Processing based on our legitimate interests or direct marketing purposes; withdraw consent at any time where Processing is based on your consent; and lodge a complaint with the relevant data protection supervisory authority.

B. California Residents — CCPA and CPRA. If you are a resident of California, the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA) provides you with additional privacy rights. Subject to certain exceptions, California residents have the following rights:

Right to Know: The right to request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we have shared your Personal Information.
Right to Delete: The right to request that we delete Personal Information we have collected about you, subject to exceptions where retention is required by law or for specific business purposes.
Right to Correct: The right to request correction of inaccurate Personal Information.
Right to Opt Out of Sale/Sharing: The right to opt out of the “sale” or “sharing” of your Personal Information. 500law does not sell or share Personal Information as those terms are defined under California law.
Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of Sensitive Personal Information to purposes specified by the CPRA.
Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

The following categories of Personal Information, as defined under Cal. Civ. Code § 1798.140, may be collected by 500law: identifiers (name, email address, postal address, IP address); personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (name, address, telephone number, employment history); protected classification characteristics under California or federal law (age, race, national origin, disability status, in the recruitment context only); commercial information (records of services provided or considered); internet or electronic network activity (browsing history on our Site, search queries, interaction data, cookie data); geolocation data (approximate location derived from IP address); professional and employment information (employer, title, professional credentials, for job applicants and business contacts); and inferences drawn from personal information (profiles reflecting preferences or interests derived from usage data).

To submit a California privacy rights request, please contact us using the information in Section XII. We will verify your identity and respond to your request within forty-five (45) days, extendable by an additional forty-five (45) days where necessary, as permitted by law. You may designate an authorized agent to make requests on your behalf.

C. Other Jurisdictions. Residents of other jurisdictions with applicable data protection laws may have additional or different rights. Please contact us at the address provided in Section XII to exercise any rights you believe you have under your local privacy laws. We will consider all requests and respond in accordance with applicable law.

X. CHILDREN’S PRIVACY

The Site is not directed to children under the age of thirteen (13), and 500law does not knowingly collect Personal Information from children under the age of thirteen (13) through the Site. If we become aware that we have inadvertently collected Personal Information from a child under the applicable minimum age, we will take prompt steps to delete such information from our records. If you are a parent or legal guardian and believe that your child has provided us with Personal Information without your consent, please contact us immediately using the information provided in Section XII. In connection with the provision of legal services, we may process information about minors in matters involving guardianship, family law, personal injury, or trusts and estates, consistent with the terms of the applicable engagement and applicable law.

XI. THIRD-PARTY WEBSITES AND SOCIAL MEDIA PLATFORMS

This Policy does not apply to any third-party websites, mobile applications, or services, including those accessible through links on our Site. 500law exercises no control over, and is not responsible for, the content, privacy policies, or data security practices of any third-party websites. We encourage you to review the privacy policies of every website you visit.

When you interact with 500law on social media platforms such as LinkedIn, X (formerly Twitter), Instagram, Facebook, or YouTube, any information you share on those platforms is subject to those platforms’ respective terms of service and privacy policies, which may differ significantly from ours. We do not control the privacy settings of such platforms or the data practices of their operators.

XII. UPDATES TO THIS PRIVACY POLICY

We reserve the right to revise this Policy at any time, and any changes will be effective upon posting of the revised Policy to the Site. The “Last Amended” date at the top of this Policy will reflect the date of any changes. Where changes are material, we will endeavor to provide notice through a prominent notice on the Site or, where we hold your email address, by direct communication. Any Personal Information collected under the previous version of this Policy will be subject to the terms of the revised Policy. We encourage you to review this Policy periodically to stay informed of our data practices.

XIII. HOW TO CONTACT US

500law maintains a Privacy Program with a designated Privacy Officer. To exercise any of your rights described in this Policy, to ask questions about our data practices, or to report a potential privacy concern, please contact:

500law

Museum Plaza,

200 South Andrews Avenue Suite 100,

Fort Lauderdale, Florida 33301

Tel: 954.351.7474

administration@500law.com

We will acknowledge receipt of your request promptly and respond within the time period required by applicable law. In some cases, we may be required to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.