Global Privacy Notice
Last updated: July 2024
2. Importance of personal data protection
4. Who is the controller for the personal data processed?
5. How to make a complaint about the use of your personal data by us
6. Changes to the notice or to your personal data
7. The personal data we collect about you
8. If you fail to provide personal data to us
9. How your personal data is collected
10. How we use your personal data
11. Purposes and legal basis for which we will use your personal data
13. How we use personal data relating to other individuals collected from you
14. Processing your personal data if you are not our client
15. Processing your personal data for preliminary recruitment activities
16. Marketing and exercising your right to opt-out of marketing
19. Disclosures of your personal data
1. Introduction
This privacy notice (“notice”) applies to the processing of personal data by Linklaters in connection with any:
- “client services”: provision of products and services by Linklaters to actual and prospective clients and in connection with managing the relationship, including by using relationship management and relationship intelligence software and other bespoke legal and commercially available software products;
- “supplier services”: provision of products and services to Linklaters by suppliers or service providers;
- “visitor services”: provision by Linklaters of facilities, including conference rooms, local area networking (for instance, WiFi) and other relevant facilities and services to visitors to any Linklaters’ offices;
- “recruitment activities”: provision of the personal data of a candidate or individual (whether by such candidate or individual or by a third party, such as a recruitment agency) for a position at Linklaters other than through Linklaters’ usual recruitment process;
- “use of our Website”: the processing of personal data by Linklaters in connection with the processing of personal data on the Linklaters website www.linklaters.com, including any personal data that website visitors may provide through the use of the Website when they sign up to receive newsletters, blog posts, register for events or use our contact forms (“Website”); and
- "use of our electronic portals and platforms": the processing of personal data by Linklaters in connection with provision of services via our knowledge portal, Linklaters Live platform and/or other electronic portals and platforms which we offer or which we have agreed with you to use .
References in this notice to “you” or “your” are references to individuals whose personal data Linklaters processes in connection with the items listed above. For the avoidance of doubt:
- any reference in this policy to our “clients” or “suppliers” includes their employees or other staff whose personal data we process;
- this privacy notice also applies to Linklaters’ processing of personal data of individuals who could be (or could be the employees or staff of) transaction or services counterparties or rival bidders to, or litigants in legal proceedings involving, our actual or prospective clients; and
- if you have provided your personal data to Linklaters for recruitment activities (whether directly or through a third party) this notice is only designed to provide you with information about how we will process your personal data up to the point that you apply for a position or placement with Linklaters. Details of the processing undertaken for recruitment activities are set out in Section 15 (Processing your personal data for preliminary recruitment activities). If you have any questions about the processing of your personal data for recruitment purposes, please contact data.protection@linklaters.com and we will direct you to our recruitment privacy notice.
References in this notice to “Linklaters”, the "firm", “we”, “us” or “our” are references to Linklaters LLP and the other “Linklaters BCR Group Entities” (as defined in and listed in schedule 2 of our Global Binding Corporate Rules (“Global BCRs”) and Schedule 2 of our UK Binding Corporate Rules (“UK BCRs”)), which can be found on our Website. Linklaters LLP is a limited liability partnership established under English law whose registered office is at One Silk Street, London EC2Y 8HQ, England.
2. Importance of personal data protection
We recognise that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process. Most of our offices operate in countries which regulate the use, and impose restrictions on overseas transfers, of personal data. To ensure that we handle personal data properly, we have adopted a global approach to privacy compliance, as evidenced by our Global BCRs and our UK BCRs. Copies of our Global BCRs and our UK BCRs are available on our website. Alternatively, you can request a copy of the Global BCRs and/or the UK BCRs at any time by contacting us at data.protection@linklaters.com.
This notice is available on our Website. You can request a copy of this notice at any time by contacting us at data.protection@linklaters.com.
3. Purpose of this notice
This notice aims to give you information about how Linklaters collects and processes your personal data. It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.
This notice can be accessed on our website but is not our Cookie Notice. Our Cookie Notice is accessible from the privacy section of our Website.
4. Who is the controller for the personal data processed?
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of Linklaters LLP as controller. Unless we notify you otherwise Linklaters LLP is the controller for your personal data.
Our Director, Global Regulatory Compliance oversees compliance with data protection within Linklaters. If you have any questions about this notice, including any requests to exercise your rights, please contact our Director, Global Regulatory Compliance using the contact details set out below:
Director, Global Regulatory Compliance
Linklaters LLP, One Silk Street, London EC2Y 8HQ
Email: data.protection@linklaters.com
Telephone: (+44) 20 7456 2000
5. How to make a complaint about the use of your personal data by us
If you have any concerns or would like to make a complaint about our processing of your personal data, please refer to our Global Data Protection Complaints Procedure, which is available on the privacy section of our Website.
You may raise your concerns with your local data protection authority directly, without going through our Global Data Protection Complaints Procedure. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Linklaters’ processing of your personal data.
6. Changes to the notice or to your personal data
The first version of this notice was issued in May 2018 and this notice was last updated on the “as amended on” date (if any) on the 'Last updated' date at the top of the page. Any prior versions of this notice can be obtained by contacting us at data.protection@linklaters.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact your relationship partner or our Regulatory Compliance team at data.protection@linklaters.com.
7. The personal data we collect about you
Personal data includes any information relating to an identified or identifiable natural person. It does not include data that cannot be linked in an individual (anonymous data).
Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances, we collect special categories of personal data about you. Please see below in this Section 7 (The personal data we collect about you) for details of these circumstances and Section 10 (How we use your personal data) for further details.
In limited circumstances, we will collect information about your criminal convictions and offences. This happens where we are required to do so for legal or regulatory purposes (for example, where required pursuant to anti-money laundering laws) or where you have provided us with such information as it is necessary for a specific service we are providing.
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this notice:
- “Identity Data”: including your first name, middle names, maiden name, last name, marital status, title, date of birth, passport number or other official identity number, photographs, likeness, image and gender;
- “Contact Data”: including your billing address, delivery address, email address and telephone number;
- “Financial Data”*: including your bank account and payment card details;
- “Services Data”: including details about payments* to and from you and other details of services you have purchased from us or we have purchased from you;
- “Marketing and Communications Data”: including information on when you receive and read marketing communications from us, which of our events you attend and marketing and communication preferences (unless you provide such preferences in your profile on our electronic portals and platforms in which case they constitute Profile Data). Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you;
- "Profile Data”: includes information about you, provided by you on our electronic portals and platforms including your usernames and passwords, purchases or orders made by you, your interests, biography, profile settings, marketing and communication preferences such as your preferred language of communication and content, alert and display preferences, content type and frequency of email alerts, content that interests you (including sectors, topics and jurisdictions), date of registration and current stage of registration, account status and level of access, and information from forms you fill in including responses to surveys and feedback provided;
- “Usage Data”: includes information about your use of our Website, our electronic portals and platforms, as well as our local area networking facilities (including WiFi) and similar electronic services, such as interactions with our mobile applications, information collected progressively when you visit our Website, electronic portals and platforms, including your referral website, pages you visit, actions you take, information on last viewed/visited site and details of the content viewed including when and how many times the content was viewed, patterns of page visits, time details per visits (e.g. visit duration, number of visits, time spent on each page, frequency of visits), details about the path followed with special reference to the sequence of pages visited, interactions, functionalities and modules used, chat messages;
- “Technical Data”: includes technical information collected when you access our Website, our electronic portals and platforms which we offer or which we have agreed with you to use, including your internet protocol (IP) address or domain names of the devices utilised, your login data, browser type and version, uniform resource identifier (URI) address, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using;
- “Professional Information”: including your job title, email address, phone number and addresses;
- “Professional History”: including your previous positions and professional experience;
- “Special Categories of Personal Data”*: includes personal data listed above in this Section 7 (The personal data we collect about you), which we process in limited circumstances, for example, where required to do so for legal or regulatory purposes or where you have provided us with such information as it is necessary for a specific service we are providing to you. We will process this personal data for the following reasons:
(i) for legal and regulatory purposes, for example, we may need to verify whether you are a politically exposed person;
(ii) we may need to know about your trade union membership to assist you with an employment law matter; or
(iii) we may ask you for your dietary requirements if we are arranging catering for you. - "CCTV and physical security data": including CCTV footage and other information relating to access of our facilities obtained through electronic means, such as swipe card records, or visitor logbook.
- "Recorded Data" including any images or voice records captured of you during recorded events, meetings and voice calls.
Our services are neither aimed at nor intended for children. However, we may process children’s personal data when we act for you in relation to certain private matters (for instance, when we are advising you regarding your inheritance taxes). We process such personal data only where necessary for the specific client services we are providing. In such cases, we act on behalf of the parent or guardian. If the specific client service for which we need children’s personal data is not entirely clear, please contact your relationship partner, who will be able to explain further.
For individuals based in mainland China: References to “special categories of personal data” shall be understood to refer to “sensitive personal information” (as shown with an “*” in the list of categories of personal data above) under Chinese laws. We only process sensitive personal information if and to the extent permitted or required by applicable laws, including after obtaining your separate consent if required. We will seek to protect such information rigorously using the security measures further described below and, therefore, your sensitive personal information should not be processed in a way that will result in negative implications to your personal rights, e.g. harm to your reputation, physical or mental health, personal or property security.
8. If you fail to provide personal data to us
Where we need to collect personal data by law (for instance, in relation to anti-money laundering or other “know your customer” checks) or under the terms of a contract we have with you and you fail to provide the personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to decline to provide or receive the relevant services, but we will notify you if this is the case at the time the personal data is collected.
9. How your personal data is collected
We use different methods to collect personal data from and about you, including through the channels set out below.
Direct interactions: You give us your personal data in your direct interactions with us. Such personal data includes Identity Data, Contact Data, Financial Data, Services Data, Profile Data, Usage Data, Technical Data, Marketing and Communications Data, Professional Information, Recorded Data and/or Professional History which you give us from time to time (i) by filling in forms on our Website; (ii) through our electronic portals and platforms, (iii) by corresponding with us by email or post, (iv) by speaking to us in person or over video conference calls or the telephone, or (v) whilst visiting our facilities.
Such direct interactions include, for example, instances when you:
- enquire about or apply for our client services;
- market or provide your supplier services to us;
- give us personal data necessary for a specific client service we are performing for you, or for the purposes of our “know your customer” processes and other background checks. In the certain limited circumstances, for example to enable us to comply with anti-money laundering and terrorism purpose we may also collect this information about suppliers;
- give us your business card at an event or a meeting, or otherwise personally give us your personal data (for example, by leaving your contact details at the reception of one of our facilities or with our switchboard);
- give us your personal data via electronic portals and platforms which we make available or which we have agreed with you to use, for example, in connection with our client services (for instance, any e-billing system which you require us to use), in connection with your supplier services (for example, an electronic platform that you supply to us);
- subscribe to our publications or otherwise ask for our marketing;
- register to or participate in our marketing, recruitment or other promotional events;
- register to or participate in our client seminars and similar events; or
- give us feedback (for example, by completing a survey).
Website, electronic portals and platforms, and marketing: You give us your personal data, which includes Profile Data, Usage Data, Technical Data, Professional Information and/or Marketing and Communications Data, when you use our Website, electronic portals and platforms which we offer or which we have agreed with you to use, or when you review the publications or marketing we send you. We also collect your personal data by using cookies, server logs and other similar technologies. Please see our Cookie Notice for further details.
Third-party sources: We receive Identity Data, Contact Data, Financial Data, Professional Information and Special Categories of Personal Data about you from third parties, when:
- we provide our client services or other parties send us your personal data to enable the provision of those service;
- we conduct our “know your customer” and other background checks;
- you provide your personal data to a third party for the purpose of sharing it with us, for instance recruitment agencies and consultants may provide your personal data to us for recruitment activities; or
- we interact with governmental or regulatory bodies or other authorities (for instance, HM Revenue and Customs in the United Kingdom) in relation to you or on your behalf.
In relation to the use our Website, we may also receive Technical Data from analytics providers such as Google based outside the EU.
Publicly available sources: We collect Identity Data, Contact Data, Financial Data, Professional Information, Professional History from publicly availably sources, including from:
- public registers of individuals (for instance, electoral registers);
- public registers of companies, charities, law firms, chartered accountants, stock or commodities exchange participants, mutuals and other entities (for instance, Companies House in the United Kingdom);
- public registers of sanctioned persons and entities (such as, HM Treasury in the United Kingdom or the Office of Foreign Assets Control of the United States department of the Treasury); and
- other public or semi-public sources including any services accessible on the Internet which you are using for professional networking purposes for example LinkedIn.
Automated technologies or interactions: We collect Technical Data and Usage Data about your equipment and behaviour (e.g. browsing actions and patterns). We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Notice for further details.
10. How we use your personal data
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. Section 11 (Purposes and legal basis for which we will use your personal data) below sets out further information about the legal bases that we rely on to process your personal data.
Subject to applicable laws, we use your personal data in the following circumstances:
- “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
- “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
- “legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or any other electronic portals and platforms or access to systems to ensure that the security of our Website or other electronic portals and platforms or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
- “consent”: where you have provided your consent to processing your personal data.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at data.protection@linklaters.com.
With limited exceptions (for instance, in relation to some of our electronic marketing), generally we do not rely on consent as the legal basis for processing your personal data. When we do, you have the right to withdraw consent at any time. Please refer to Section 16 (Marketing and exercising your right to opt-out of marketing) for more information about how we use your personal data for marketing purposes and your rights.
11. Purposes and legal basis for which we will use your personal data
We set out below, in a table format, a description of the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate (and to the extent relevant under applicable law), we have also identified our legitimate interests in processing your personal data.
We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data. Please contact us at data.protection@linklaters.com if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out in the table below.
In relation to our client services or visitor services:
Purpose and/or activity | Type of data | Legal basis for processing |
If you are our (actual or prospective) client, or could be a transaction or services counterparty or rival bidder to, or a litigant in proceedings involving our (actual or prospective) client, to check whether we would have a conflict of interest in acting for such client |
|
|
To take you on as a new client or to open a new matter for you, including performing anti-money laundering, anti-terrorism, sanction screening, fraud and other background checks |
|
|
If you are a transaction or services counterparty or rival bidder to, or a litigant in proceedings involving our (actual or prospective) client, to conduct anti-money laundering, anti-terrorism, sanction screen, fraud and other background checks |
|
|
To deliver client services and visitor services to you, including (among others) to provide you client services, technology solutions, and conference facilities |
|
|
To manage payments, fees and charges and to collect and recover money owed to us |
|
|
To verify the source of any funding or funds in a matter we are acting on |
|
|
To manage our relationship with you which will include notifying you about changes to our terms of business. This purpose may also include the use of relationship management and relationship management and relationship intelligence software for the purposes of improving our relationship with you and to identify opportunities. |
|
|
To interact with governmental or regulatory bodies or other authorities in relation to you, subject to applicable laws |
|
|
To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities |
|
|
To invite you to take part in marketing or other promotional events, or client seminars or similar events, and to manage your participation in them |
|
|
To identify services or products which might interest you, and to send you marketing (including paper and electronic marketing communications) or to contact you by other means to offer you our client services or visitor services |
|
|
To ask you for feedback (for instance, in a survey) about our client services or visitor services, and to manage, review and act on the feedback we are getting |
|
|
In relation to supplier services:
Purpose and/or activity | Type of data | Legal basis for processing |
To check whether we would have a conflict of interest in appointing you as a supplier |
|
|
To take you on as a new supplier including performing anti-money laundering, anti-terrorism, sanctions, fraud and other background checks |
|
|
To manage payments, fees and charges and to collect and recover money owed to us |
|
|
Where we provide you access to our systems or our offices we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities |
|
|
In relation to use of our Website:
Purpose and/or activity | Type of data | Legal basis for processing |
To manage and protect our business and our Website, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting |
|
|
To deliver relevant Website content to you and measure or understand the effectiveness of the content we serve to you |
|
|
To use data analytics to improve our Website, our services, marketing, customer relationships and experiences |
|
|
In relation to use of our electronic portals and platforms (including the Knowledge Portal):
Purpose and/or activity | Type of data | Legal basis for processing |
To provide you with access to our electronic portals and platforms and enable you to use specific features or parts of our electronic portals and platforms, including to enable you to communicate and interact with others by sending and receiving chat messages and video calls |
|
|
To manage and protect our electronic portals and platforms, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting, providing user support where requested |
|
|
To investigate and address violations of our terms of use and policies as well as detect, prevent and combat harmful or unlawful behaviour. |
|
|
To invite you to take part in our events and client seminars (including on-line events), host these events and manage your registration and participation in them |
|
|
To help us to identify the success of our promotion campaigns |
|
|
To deliver optimised and relevant content and improve the overall approach and experience (e.g. by analysing your stated preferences and tracking patterns on how you interact and engage with our electronic portals and platforms) |
|
|
To identify areas of interest, services or products which might interest you and to help us have better informed conversations with you on our services and support we can offer (e.g. by tracking and analysing how you interact with our electronic portals and platforms) |
|
|
To ask you for feedback (for instance, in a survey) about our electronic portals and platforms as well as marketing or other events, or client seminars or similar events, and to manage, review and act on the feedback we are getting |
|
|
CCTV and physical security data will be used for the following purposes (if permitted under applicable laws): detection and prevention of crime; detection and prevention of safety incidents; detection and prevention of unauthorised access to Linklaters’ premises and restricted areas; detection and prevention of gross misconduct; supporting safety, security and internal investigations; supporting criminal investigations; and for reviewing security & safety incidents, including security training exercises. On rare occasions, covert CCTV may be used to meet these purposes. Processing CCTV and physical security data for the aforementioned purposes is necessary for the purposes of Linklaters’ legitimate interests.
12. Change of purpose
We will only use your personal data for the purposes for which we collected it as detailed in Section 10 (How we use your personal data) and Section 11 (Purposes and legal basis for which we will use your personal data), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at data.protection@linklaters.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
13. How we use personal data relating to other individuals collected from you
On certain occasions, in the course of our client services, you may provide us with personal data of individuals who are not aware of our involvement or of our processing of their personal data (for instance, personal data of employees of the target in a corporate acquisition in which you are the purchaser). In such situations, we are likely to not have direct contact with individuals whose personal data we are processing, or it may for other reasons (for instance, to maintain confidentiality) not be appropriate for us to provide them with a privacy notice setting out how we process their personal data. Before you pass any such personal data to us, you must therefore ensure that the relevant individuals have received any requisite privacy notices and there is an applicable legal basis to pass us such personal data in connection with the performance of our client services.
14. Processing your personal data if you are not our client
If you are not our client, we may need to process your personal data in order to provide client services to our client, including the provision of legal advice. This personal data may be provided to us through the course of the matter for example, provided to us as part of a disclosure process or provided by another third party. Where this is the case your personal data may be used in legal proceedings on behalf of our client.
We will process your personal data in these circumstances, subject to applicable law, as:
- this is in our legitimate interests, our client’s legitimate interests or those of another third party; and/or
- we may be required to process that personal data to comply with our legal or regulatory obligations.
If you have any questions about how we will process your personal data please contact us at data.protection@linklaters.com or using the contact details in Section 4 (Who is the controller for the personal data processed?).
15. Processing your personal data for preliminary recruitment activities
18. Use of Website
19. Disclosures of your personal data
- Your personal data will be shared within Linklaters between the Linklaters BCR Group Entities (which are listed in schedule 2 of our Global BCRs and in Schedule 2 of our UK BCRs, accessible on our Website). As an international firm, we share your personal data between Linklaters offices and entities to ensure the efficient operation of our firm (for instance, by sourcing our shared services in the most cost-effective way) and to provide the highest quality of client services. Your personal data is shared in accordance with our Global BCRs and our UK BCRs.
- Where required, we will (subject to applicable laws, our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
- any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body (for example, the Solicitors Regulation Authority or the Law Society in the United Kingdom);
-
our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us;
-
any financial institutions providing finance to us;
-
service providers who provide information technology and system administration services to us; and
-
any external auditors who may carry out independent checks of your file as part of our accreditations.
- If you ask us to do so in relation to the client services or visitor services we are providing or the supplier services you are providing, we may disclose your personal data to other persons or entities as instructed (for example, if we are acting for you in litigation proceedings, we will share your personal data with barristers or external counsel or advisors in order to provide advice to you).
- We may share your personal data with persons or entities outside of Linklaters to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this notice. If applicable, we will update our Global BCRs and our UK BCRs to reflect any such changes to the Linklaters BCR Group Entities.
- Where we run an event in collaboration with a partner organisation, we may need to share your personal information with the partner organisation and act as joint controllers. If we do so, we will provide you with additional information about the personal data we process as joint controllers in the event related communications we send to you.
- We may share your personal data with persons or entities outside of Linklaters for the purposes of obtaining feedback or references in relation to client services provided to you. For example, we may share your corporate contact details with legal directories for the purpose of obtaining a reference in relation to client services provided to you. Where appropriate, we will confirm with you that you are willing to be contacted for this purpose.
We require any person or entity to whom we disclose personal data pursuant to this Section 18 to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your personal data to use it for their own purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
For individuals based in mainland China: In due course, we will publish a list of the recipients to provide notice of the parties that can independently determine processing purposes and methods when processing your personal data, including their contact details and details on what, how and why such recipients process your personal data. Should you require such information in the meantime, please contact us at data.protection@linklaters.com or use the contact details in Section 4.
20. International transfers
When we share your personal data within Linklaters LLP, this involves transferring your personal data outside the European Economic Area (“EEA”) and the United Kingdom. The personal data is shared in accordance with our Global BCRs and our UK BCRs, which require all Linklaters entities to follow the same rules when processing your personal data. Copies of our Global BCRs and UK BCRs are accessible on our Website. Alternatively, you can request copies at any time by contacting us at data.protection@linklaters.com.
In some cases, the parties which we use to process personal data on our behalf are based outside the EEA and/or the United Kingdom, therefore their processing of your personal data will involve a transfer of such data outside the EEA and/or the United Kingdom. Similarly, in the course of advising clients based outside of the EEA and/or the United Kingdom, we may be required to share matter-relevant personal data with them. Where this is the case we will only share the minimal amount of personal data necessary for the purpose of processing and, where possible, we will share the personal data in an anonymised form.
Whenever we transfer your personal data out of the EEA and/or the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (in the case of transfers out of the EEA) or the United Kingdom Government (in the case of transfers out of the United Kingdom); and/or
- where we use certain service providers, we may use specific contracts approved by the European Commission (in the case of transfers out of the EEA) and/or the United Kingdom Government (in the case of transfers out of the United Kingdom), in both cases which give personal data the same protection it has within the EEA and/or United Kingdom as applicable.
Please contact us at data.protection@linkaters.com if you would like further information about the specific mechanism used by us when transferring your personal data out of the EEA and/or the United Kingdom.
For individuals based in mainland China: In due course, we will publish a list of the recipients to whom we may transfer personal data outside of mainland China, their contact details and details on what, how and why such recipients process your personal data. Should you require such information in the meantime, please contact us.
21. Data security
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
22. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you would like to know more about the retention periods we apply to your personal data, please contact us at data.protection@linkaters.com.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
23. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is Linklaters' policy to respect your rights and Linklaters will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights are set out below:
- right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
- right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
- right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
- right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
- right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
- right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
- right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
- right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
You may exercise any of your rights at any using the contact details set out in Section 4. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month (or earlier in accordance with applicable laws). Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.