Download a copy of our privacy notice (PDF 189KB)
Privacy notice
1. OUR COMMITMENT TO DATA PROTECTION
Freshfields Bruckhaus Deringer, (the “firm”, “we”, “us”, or “our”) takes its data protection and information security responsibilities very seriously. The effective management of all personal data, including its security and confidentiality, lies at the heart of our business and underpins our practices and processes. This is not only conditioned by Data Protection Legislation, but is also driven by our commitment to our clients and to meet their expectations of having in place robust compliance and risk management practices and protocols.
Through this privacy notice (the “Notice”), we would like to inform you about the processing of your personal data in the context of your visit to and use of this website and in the course of our business.
As a firm with a global presence, we are subject to the varying requirements of Data Protection Legislation in the jurisdictions where we operate. Although our approach to data protection across our business aims to be as consistent as possible and to accord with all Applicable Laws, the specific requirements, rights and obligations relating to personal data and/or our data processing activities can be different. The following descriptions of data processing, rights and obligations, and in particular the limitations to data processing apply within the scope of applicability of the GDPR. Where we operate in jurisdictions with Data Protection Legislation which is substantially different to the GDPR (such as in the United States of America), these descriptions, rights and obligations, and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Data Protection Legislation.
This Notice is in addition to, and does not relieve, remove or replace, our rights and responsibilities under Applicable Laws. In case of a conflict between a provision or requirement of Applicable Laws and a provision of this Notice, the former shall take precedence.
In this section, we inform you about the processing of personal data in the context of your visit to, and use of, our website. Unless stated otherwise, Freshfields Bruckhaus Deringer LLP controls the processing of the personal data in this regard.
|
Description and purposes of the processing |
When visiting our website, your browser will contact our webserver to retrieve the sites you wish to visit. In this context, personal data such as your IP address is transferred by your browser (i.e. by HTTP/S requests) to us. This connection data is processed by our webserver to enable access to and the display of our website. Our webserver automatically saves a record of the pages you visited (so-called ‘logfiles’ or ‘session records’). We use these logfiles to ensure the security of our website, in particular to prevent unauthorised interference with it, and to enable us to exercise our legal rights and obligations in regard to such unauthorised interference. Furthermore, we analyse session records to optimise our website. The results cannot be linked to your person. |
|
Legal basis for the processing and legitimate interests for the processing |
Generally, the processing activities in the context of your visit to and use of our website are based on our legitimate interests to operate an internet website for general information and communication purposes, to optimise our website and to protect it from attacks. Exceptionally, we may process personal data to fulfil our legal obligations, in particular with regard to the relevant authorities in cases of unauthorised interference with our website. |
|
Recipients |
Our IT department has access to logfiles and will pass them on to other internal or external recipients including to the relevant authorities if necessary to exercise our legal rights regarding any unauthorised interference with our website. Our website is hosted on our behalf by the hosting services provider Episerver Inc. (542 Amherst Street, Route 101A, Nashua, NH 03063, USA). |
|
Retention period |
Logfiles are normally erased after 90 days. They may be stored for a longer period if necessary for the above-mentioned purposes, including for the exercise of our legal rights. All other data is erased immediately after processing the HTTP/S request. |
|
Possible consequences of failure to provide personal data |
Without processing the above mentioned personal data, you cannot display and visit our website. |
|
Description and purposes of the processing |
Our information hubs offer a wide range of additional information resources, primarily to our clients in the course of our business relationship with them but also to other registered parties. These are part of our business development endeavours. If you register to use our information hubs, we will process the registration data you provide, such as name and e-mail, to administer access to these non-public areas of our website. In order to further optimise the user experience and in particular to tailor the information provided to you, we also process information on your specified preferences, if any, and in some instances follow your consumption of material on our website (usage data). We also use registration data for business development purposes. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interests to provide you with certain know-how and information, and in doing so to develop our business and promote client relationships. It serves the legitimate interests of users to access the know-how and information provided to them through the information hubs. When you register to access our information hubs or apps, and accept their terms of use, we will (also) process your personal data as necessary in relation to those terms of use (performance of a contract). |
|
Recipients |
Our internal business development and IT departments have access to and process registration and usage data for the optimisation of our information resources and business development initiatives. |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share your data within Freshfields Bruckhaus Deringer. Appropriate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses . Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
Without processing the above mentioned personal data, you cannot access the restricted areas for our website that are designated information hubs. |
|
Controller |
Data processing in the context of seminars and webinars is ordinarily controlled by the relevant Freshfields Entity offering the seminar or webinar. |
|
Description and purposes of the processing |
We offer seminars and webinars on a wide range of topics primarily to our clients in the course of our business relationship with them, but also to other registered parties. Seminars and webinars are part of our business development endeavours. When you sign up for a seminar or webinar, we will process the registration data you provide, such as your name and e-mail, to administer access to and present the respective seminar or webinar. Occasionally, we also use registration data for purposes of business development. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interests to develop our business and promote client relationships. It also serves the legitimate interests of users and attendees to receive training in legal matters and know-how. |
|
Recipients |
Registration data is processed by the relevant departments of the respective Freshfields Entity hosting and/or performing the seminar or webinar. It may also be processed by the internal business development departments of other Freshfields Entities. Lists of attendees may be provided to other attendees. |
|
Transfer of personal data to third countries or international organisations |
As an organisation with a global presence, we share registration and usage data with Freshfields Entities in third countries. Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
Without us processing the above mentioned personal data, you cannot participate in our seminars or webinars. |
|
Data Controller |
We do not control the processing of personal data in the context of social media plug-ins. We do not have any access to the data collected and transferred by the social media plug-in to the social network provider. Any data processing is determined solely by the network service provider. In the interest of transparency, we would like to inform you about the processing of your personal data in this context. |
|
Description and purposes of the processing |
To improve your user experience, our website includes social media plug-ins of the large social media networks Twitter, LinkedIn Google+. These plug-ins allow you to directly post links to and other content from our websites on the relevant network. Upon you opening a website on which a social media plug-in is embedded, the respective social network provider
will collect and process information on your visit to our website for its own business purposes. This processing is not initiated or controlled by us, but is a built-in feature of the respective social media plug-in. For further information on the processing of personal data, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Legal basis for the processing and legitimate interests for the processing |
The processing of personal data in this context by us, if any, is based on our legitimate interests to: (i) improve our website’s user experience thereby making it more attractive and thus increasing user traffic; and (ii) make our content more visible and thereby promote our business. For information on the legal basis of processing by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Recipients |
We do not have access to, nor share, any personal data in this context. For sharing of personal data by the social media provider, please contact the respective social media provider. |
|
Transfer of personal data to third countries or international organisations |
We do not transfer personal data to third countries. However, the social media plug-in will connect to the webserver of the social media network in the United States of America. For further information on transfers and relevant safeguards regarding them, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Retention period |
We do not store any personal data in this context. For storage of personal data by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Possible consequences of failure to provide personal data |
Without processing the above mentioned personal data, you will not be able to post links to and other content from our website. |
What are cookies?
Our website uses cookies. Cookies are usually small text files that are stored on your computer's browser directory or program data subfolders. Cookies are created when you use your browser to visit a website that uses cookies to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customisation functions. Our website stores a corresponding file (with same ID tag) to the one we set in your browser and in this file we can track and keep information on your movements within the site and information you may have voluntarily given while visiting the website.
Cookies allow us to distinguish you from other users of our website. This helps us optimise your access to and use of our website and enables the correct functioning of those parts of our site that you access. You can find out more about our cookies on www.allaboutcookies.org.
Consent, withdrawal of consent and management of cookie preferences
By using our website, you are, unless you have used one of the options below to deactivate cookies, consenting to our use of non-essential cookies. Processing of personal data associated with the use of these cookies occurs based on legitimate interests as described in sections 2.5.2-2.5.3.
You may set your browser’s setting to deactivate cookies. If you use that option, some functions of this website (e.g. login, memory of preferences etc.) may not be available. Detailed guidance on how to control cookies preferences for the most common browsers can be found at:
- Google Chrome
- Mozilla Firefox
- MacOS Safari
- Microsoft Internet Explorer
- For other browsers please see www.allaboutcookies.org.
You also have the option to install the Google Analytics opt-out browser add-on and thereby deactivate the use of Google analytics cookies and the associated data processing (cf. the Google Analytics privacy notice and/or 2.5.3 for details).
Even if you have originally accepted the use of cookies and the associated processing of personal data, you may withdraw your consent to the use of cookies at any time for the future by deactivating cookies as described above. This will also limit the associated processing of personal data for the future.
|
Description and purposes of the processing |
We use certain cookies (we refer to these as ‘essential cookies’) that are necessary for users to visit and display our website that are either set by our own systems or provided by
These cookies are essential in order to enable you to move around the website and use its features. Without these cookies services you have asked for (e.g. login) cannot be provided. We collect essential cookie data, such as your unique session ID, authentication data and the time of your login (time stamp). This data allows us to relate the visitor's unique session to server-side data. The cookies act as a reference to the session created. Whenever an activity is performed on our website, our server recognises your session ID and validates that activity. |
|
Legal basis for the processing and legitimate interests for the processing |
Processing of essential cookies data is based on your legitimate interest to view our website and our legitimate interests to enable users to visit our website and to promote our business. |
|
Recipients |
Essential cookie data is processed by our own servers as well as Episerver Inc. and Cloudflare, Inc. as data processor on our behalf on the basis of data processing agreements between Episerver Inc. / Cloudflare, Inc. and us. |
|
Transfer of personal data to third countries or international organisations |
Essential cookie data may be processed by Episerver Inc. and Cloudflare, Inc. on servers in the United States of America. These cookie providers are certified under the so-called EU-US Privacy Shield. |
|
Possible consequences of failure to provide personal data |
Disabling these essential cookies will hinder our website’s performance and may make certain of its functions and features unavailable. |
We use the following essential cookies:
|
Tool / Provider |
Cookie Name |
Type |
Purpose |
Expiry after |
|
|
ASP (our system) |
ASP.Net_SessionId |
Session |
This is the default ASP.net cookie which uniquely identifies each user session. This is necessary to differentiate various users behind a shared IP address (e.g. of a public wifi network) and deliver the correct content to each. It also allows users to log-in and/or stores user input to avoid having to rekey information when navigating between pages. |
When you close your browser |
|
|
Ektron |
Ecm |
Session |
This cookie provides user data directly to our internal systems as part of the log-in process. |
When you close your browser |
|
|
Cloudflare |
__cfduid |
Permanent |
This cookie is used to identify trusted web traffic, in particular to identify individual clients behind a shared IP address and apply security settings on a per-client basis. |
1 year |
|
|
Cloudflare |
_biz_flagsA, _biz_nA, _biz_pendingA, _biz_uid |
Permanent |
Used to remember user settings for authentication and analytics. |
1 year |
|
|
Episerver |
.EPiForm_BID |
Permanent |
This cookie is used to distinguish browsers. |
10 months |
|
|
Episerver |
.EPiForm_VisitorIdentifier |
Permanent |
This cookie is used to distinguish users. |
10 months |
|
|
Technically necessary? |
Yes. |
||||
|
Withdrawal of consent |
Does not apply as these are essential cookies required to deliver the functions requested by you. |
||||
|
Description and purposes of the processing |
We use functions of our system as well as the services of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) to enhance our users’ experience by accelerate display of our website (e.g. through load balancing). We also improve the appearance of our website by experience enhancing cookies. |
|
Legal basis for the processing and legitimate interests for the processing |
The use of performance enhancing cookies (i.e. setting of and gaining access to) as such is based on your consent which you may withdraw at any time (cf. 2.5 for details). The associated processing of performance enhancing cookie data by our systems is based on our and your legitimate interests to enable users to visit our website and our legitimate interest to promote our business. |
|
Recipients |
Performance enhancing cookie data is processed by our systems and Cloudflare, Inc. as data processor on our behalf on the basis of data processing agreements between Cloudflare, Inc. and us. |
|
Transfer of personal data to third countries or international organisations |
Performance enhancing cookie data may be processed by Cloudflare, Inc. on servers in the United States of America. Cloudflare, Inc. is certified under the so-called EU-US Privacy Shield. |
|
Possible consequences of failure to provide personal data |
Disabling these cookies will hinder our website’s performance and may affect the full experience of our website. |
We use the following performance enhancing cookies:
|
Tool / Provider |
Cookie Name |
Type |
Purpose |
Expiry after |
|
Windows Azure (our system) |
ARRAffinity |
Temporary |
This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. |
When you close your browser |
|
Cloudflare |
optimizelyBuckets, optimizelyEndUserId, optimizelySegments |
Permanent |
The main purpose of this cookie is performance of the user’s experience and the appearance of the site. |
10 years |
|
Technically necessary |
No. |
|||
|
Withdrawal of consent |
You may withdraw your consent to the use of these cookies at any time as described under 2.5. |
|||
|
Description and purposes of the processing |
We use the web analytics functions of our ASP server systems as well as the services of
for statistical analysis purposes and the optimisation of our website. This helps us to tailor our website to our users’ needs by, for example, placing the most sought-after sites where they are most easily found. It also allows us to gauge how attractive our website is, how many of our users are regulars and how we can improve the reach of our website, e.g. by optimising search engine ranking. For this purpose,
(together referred to as ‘cookie suppliers’) collect and store on our behalf certain usage data (e.g. which sites you navigate to, how long you spend on these sites, how often you return to our website) attributed to an anonymous identifier. This usage data is then used to generate non-personalised analyses of website usage for us. Show Details: When you visit a site on our website that uses Google Analytics, Ektron or NmStat, certain information on this “pageview hit” (incl. the URL of the site visited by you as well as your IP address, information on the operating system, browser and language setting used by you and potentially some information stored in the cookies described below) will be transmitted to our cookie supplier´s server by code embedded in the respective site. The IP address is only used for the technical purposes of transmission and is anonymised by deleting the last digits immediately after reception. The other usage data will be attributed to an anonymous / pseudonymous identifier that is automatically generated and stored in a cookie on your device (cf. below). This identifier cannot and will not be traced back to you. Its sole purpose is to allow us to analyse typical website usage by obtaining information on relevant usage cycles.
Google Analytics also includes a retargeting technology function. This is necessary part of the program package and cannot be deactivated selectively. However, the retargeting functions are not actively used by us. Show Details: By incorporating codes or so-called tracking pixels, we collect certain usage data while user browse on our website (for example, which sites are visited). This data will be processed by our provider and associated with a pseudonymous, non-personal profile. When browsing on another website, the cookie data stored in this cookie are also processed by the provider of the respective website and possibly further user data may be added to this cookie. For example, if a user visits website A and then website B, personalized ads based on browsing / usage behaviour regarding website A may be displayed on website B. |
|
Legal basis for the processing and legitimate interests for the processing |
The use of web analytic and retargeting cookies (i.e. setting of and gaining access to) as such is based on your consent which you may withdraw at any time (cf. 2.5 for details). The associated processing of usage data by our systems is based on our legitimate interests to optimise our web presence and improve its reach, usability and content and thereby ultimately promote our business. |
|
Recipients |
Usage data is processed by our cookie supplier as a data processor on our behalf. Analyses of website traffic provided by our cookie suppliers are used by our internal departments, in particular the IT and business development departments, for the abovementioned purposes. |
|
Transfer of personal data to third countries or international organisations |
Usage data may be processed by our cookie suppliers on servers in the United States of America. Google LLC, Episerver Inc. and ShareThis, Inc. are certified under the so-called EU-US Privacy Shield. |
|
Possible consequences of failure to provide personal data |
None. You may prevent the processing of your personal data by activating the “do-not-track”-option of your browser. For Google analytics cookies, you can opt-out by installing the Google Analytics opt-out browser add-on. |
|
Further information |
Please see the privacy notices of Google and Episerver. |
The following cookies are used for the purposes of web analytics:
|
Tool |
Cookie Name |
Type |
Purpose |
Expiry after |
|
Google Analytics |
_utma |
Permanent |
This tracks the number of times a visitor has been to our site, when their first visit was, and when their last visit occurred. Google Analytics uses the information to calculate visitor statistics |
2 years |
|
Google Analytics |
_utmb _utmc |
Session |
These cookies work together to calculate how long a visit takes. _utmb takes a timestamp of the exact moment when a visitor enters a site, while_utmc takes a timestamp of the exact moment when a visitor leaves a site. _utmb expires at the end of the session. _utmc waits 30 minutes, and then expires. _utmc waits 30 minutes for another page view to happen, and if it doesn't, it expires. |
30 min |
|
Google Analytics |
_utmz |
Permanent |
This cookie tracks where visitors came from. What search engine was used. What links were clicked on. What keywords were used. Where they were in the world when they accessed the website. It expires in 6 months. |
6 months |
|
Google Analytics |
_utmv |
Permanent |
This cookie stores custom variables for each visitor and allows us to use segmentation to better understand our visitors. It expires 2 years after last visit. |
2 years after last visit |
|
Google Analytics |
__utmt |
Permanent |
Used to throttle request rate |
10 minutes |
|
Google Analytics |
_ga |
Permanent |
This cookie is used to distinguish between site visitors. It expires 2 years after last visit. |
2 years after last visit |
|
Google Analytics |
_gat_UA-506736-1 |
Temporary |
Tracking cookie. Used to throttle request rate. |
1 minute |
|
Google Analytics |
_gid |
Permanent |
Used to distinguish users. |
24 hours |
|
Google Analytics |
1P_JAR |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
1 month |
|
Google Analytics |
AID |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
6 months |
|
Google Analytics |
CONSENT |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
20 years |
|
Google Analytics |
NID |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
6 months |
|
Ektron |
EkAnalytics EktGUID |
Permanent |
These cookies provide alternative web analytics to Google which are used by our Content Management System (the platform on which our website is built). |
1 year after last visit |
|
ShareThis |
_unam |
Permanent |
This cookie monitors “click-stream” activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc. Personal identification only occurs if you have separately signed up with ShareThis for a ShareThis account. |
9 months |
|
Google Analytics |
Doubleclick.net |
Permanent |
Retargeting |
1 year |
|
ASP (our systems) |
.ASPXANONYMOUS |
Temporary |
This cookie is used by sites using the .NET technology platform from Microsoft. It enables the site to maintain an anonymous user-id to track unique users within a session without them logging in or otherwise identifying themselves. |
39 days |
|
ASP (our systems) |
Nmstat |
Permanent |
This is an ASP.net cookie which is used to track the sequence of pages a visitor looks at during a visit. |
1000 days |
|
Technically necessary? |
No. |
|||
|
Withdrawal of consent |
You may withdraw your consent to the use of these cookies at any time as described under 2.5. |
|||
We partner with third parties to provide you with connections to certain social networks, such as Google, Twitter and LinkedIn (cf. 2.4.). By engaging with third-party plug-ins and widgets on our website, such third parties may place session or persistent cookies or similar technologies on your browser. These technologies may provide to the third parties information about your visit so that they can present you with advertisements and services which may be of interest to you. As we are not responsible for the use of such cookies and do not gather any information in that regard, the use of these cookies is subject to third party’s own cookie policies:
- Google: policies.google.com/privacy
- Twitter: twitter.com/privacy
- LinkedIn: linkedin.com/legal/privacy-policy
|
In this section of our Notice, we inform you about the processing of personal data in relation to providing our legal advice and services on a Matter and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions with Data Protection Legislation which is substantially different to the GDPR (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Data Protection Legislation. |
|
|
Data Controller |
The data processing in the context of providing legal advice on a given Matter will ordinarily be controlled by the Freshfields Entity that is instructed and provides its services on that Matter. Where several Freshfields Entities work together on a Matter, they normally act as individual controllers for the respective work done on that Matter by them, as they will ordinarily be providing their advice in respect of the relevant jurisdiction where they are based. If they should however act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. (A) You can see here the Freshfields Entities through which we practise law in the relevant jurisdiction. |
|
Description and purposes of the processing, categories of personal data processed |
We process personal data in relation to a Matter (“Matter Data”) for certain specific purposes, including:
Whose personal data do we process in the course of handling a Matter? Depending on the nature of the Matter, we may process personal data of various categories of data subjects, including:
What types of personal data are processed as Matter Data? The Matter Data can include various types of personal data, depending on the nature of the Matter and the information that is provided to, or obtained by, us in the course of that Matter. The types of personal that we typically process in relation to a Matter include client contact and communication data. Depending on the Matter, we also process “special categories of personal data” according to Art. 9(1) GDPR (e.g. health data) and personal data relating to criminal convictions and offences or related security measures according to Art. 10 GDPR. We of course limit the processing of personal data and in particular sensitive personal data to the necessary minimum.
|
|
Legal basis for the processing and legitimate interests for the processing |
We process special categories of personal data (as necessary): for the establishment, exercise or defence of legal claims; based on your consent; for employment and social security law purposes; in relation to personal data which has been made public by a data subject; and/or for reasons of public interest in connection with a statutory provision. |
|
Sources of personal data |
In the context of a Matter, our clients ordinarily provide us with the personal data that we need to handle the Matter in our capacity as their legal advisors. However, we may also obtain certain personal data from other sources (for example for KYC purposes) such as public registers and databases, court and public records, and our communication with third parties and other advisors involved in the Matter. |
|
Recipients |
In the course of our work on a Matter, as a global law firm we may, where necessary and subject to appropriate terms regarding confidentiality and data protection, share Matter Data:
|
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we share Matter Data within Freshfields Bruckhaus Deringer (e.g. where multiple Freshfields Bruckhaus Deringer offices are involved in a Matter). Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer (and where necessary with other third parties working with or for us on a Matter) will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Data Protection Legislation. Additionally, within Freshfields Bruckhaus Deringer we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
In this section of our Notice, we inform you about the processing of personal data in relation to promoting our services and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions with Data Protection Legislation which is substantially different to the GDPR (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Data Protection Legislation.
|
Controller |
Data processing activities in the context of global business development initiatives are generally controlled by Freshfields Bruckhaus Deringer LLP. Data processing activities in the context of local business development initiatives are ordinarily controlled by the respective Freshfields Entity. If different Freshfields Entities act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. |
|
Description and purposes of the processing |
In the conduct of our business we engage in different business development activities with current and potential clients and other relevant third parties. For these purposes, we process certain “business development data” such as:
This data is either provided directly by the relevant data subject or by other business contacts and sources (e.g. business information services, public registers). |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interest to pursue business development initiatives, or, as the case may be, in order to take steps at the request of a data subject prior to entering into a contract. |
|
Recipients |
As a global firm in the conduct of our business, we share certain business development data within Freshfields Bruckhaus Deringer. On a case-by-case basis, we may also share certain business development data with our business partners (for example law firms from our “StrongerTogether” network) and certain other parties that assist us with our business development activities in the ordinary course of our business (e.g. marketing services providers). |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share business development data within Freshfields Bruckhaus Deringer and with certain third parties supporting us with the administration of our activities in the ordinary course of our business. Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer (and where necessary with certain other third parties) will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Data Protection Legislation. Additionally, within Freshfields Bruckhaus Deringer we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities.
|
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
Where we collect business development data directly from you, you continue to retain full discretion over how and what you disclose to us. There are no negative consequences if you do not provide us business development data. |
|
Controller |
Generally, data processing activities in the context of newsletters and update services (e.g. RSS news feeds and social media news feeds) are controlled by Freshfields Bruckhaus Deringer LLP. Data processing in the context of local newsletters or other update services are ordinarily controlled by the respective Freshfields Entity. If different Freshfields Entities act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. |
|
Description and purposes of the processing |
If you have signed up or otherwise agreed to receive newsletters or other update services, we will process your contact data (e.g. name, e-mail) to provide those services to you. To further optimise the user experience and in particular to tailor the information provided to you, we process information on your specified preferences, if any, and in some instances, follow your consumption of material (user statistics). All newsletter activities and other update services serve marketing purposes and business development. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interests to pursue business development activities, or, as the case may be, for the performance of a contract according. In other cases, we may ask you for your explicit consent for the processing. |
|
Recipients |
As a global firm in the conduct of our business, we share certain business development data within Freshfields Bruckhaus Deringer. On a case-by-case basis, we may also share certain business development data with our business partners (for example law firms from our “StrongerTogether” network) and certain other parties that assist us with our business development activities in the ordinary course of our business (e.g. marketing services providers). |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we share data within Freshfields Bruckhaus Deringer. Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Data Protection Legislation. Additionally, within Freshfields Bruckhaus Deringer we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities.
|
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
There are no negative consequences if you do not provide us the above mentioned personal data. However, without providing your personal data, you cannot receive our newsletter or other update services. |
In this section of our Notice, we inform you about the processing of personal data in relation to our career portal and recruitment and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions with Data Protection Legislation which is substantially different to the GDPR (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Data Protection Legislation.
|
Controller |
Generally, data processing activities in the context of our career portal are controlled by Freshfields Bruckhaus Deringer LLP. Other processing activities regarding the assessment of your application are controlled by the relevant Freshfields Entity to which your job application is submitted through the online career portal. If different Freshfields Entities act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. |
|
Description and purposes of the processing |
You may apply for a vacancy via our online application portal.
Browsing without registration We keep our portal up to date. You will find current job opportunities on this page. You can browse through them without registration. The section of our Notice regarding the use of our website applies (please see section 2.1).
Register with the online application portal The first step to submit an online application is to register with our online recruitment system. This will give you the opportunity to (for example) save job offers that may be of interest to you in the section “My Jobpage”. At this point we only ask you for your basic contact data, e.g. name and e-mail address.
Completing and submitting your application To complete and submit an application, we ask you to provide us with certain “applicant data” e.g.:
We use that applicant data:
We may carry out pre-employment vetting, including but not limited to credit reference and criminal record checks, address verification, confirmation of academic qualifications, and requesting employer or other references. We may also use your information for reporting purposes when required to do so by law and for statistical purposes. We only use this data if you approve the submission of the application. |
|
Sources of data (if not obtained directly from you) |
Generally, all applicant data is obtained directly from you. When carrying out pre-employment vetting, we also obtain data from third parties (e.g. former employers or other references, academic institutions) or public registers (e.g. criminal records). |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is generally based on us taking steps at your request as the data subject prior to entering into a contract with you. Some applicant data collected directly from you or through public registers, is processed to ensure compliance with certain of our legal / regulatory obligations (e.g. criminal record checks). If we need to process special categories of personal data, we will ask for your consent if necessary. |
|
Recipients |
Internally, your personal data will only be processed by the Freshfields Entity or office which posted the job offer (and to which you have applied) and by the human resources/ personnel department of that Freshfields Entity. Your application and any other information that you provide to us will be held on systems operated on our behalf by the Oracle Corporation (500 Oracle Parkway, Redwood Shores, CA, 94065, USA), and will be stored in the UK and other countries inside Europe. The Oracle Corporation is under contract with us to ensure that your information is protected to standards required by us in accordance with applicable Data Protection Legislation and is only processed in accordance with our instructions. |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share data within Freshfields Bruckhaus Deringer. Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer (and where necessary with other third parties) will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Data Protection Legislation. Additionally, within Freshfields Bruckhaus Deringer we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these reasons legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. Your basic contact data will be erased if you cancel your user account. Your applicant data will be stored for a period sufficient to enable us to review your application. If your application is not successful or if you withdraw your application, your application data will be erased, unless further retention can be based on other legal grounds (e.g. for the exercise of our legal rights, or compliance with Applicable Laws). If you, at your discretion, give us your specific consent, we will store your application information in our e-recruitment system for a period of 18 months counting from your last visit. If you do not log into your profile in the 18-month period, your application information will be automatically removed. If you withdraw your consent prior to the expiration of the 18-month period, we will erase your personal data immediately. If your application is successful, any data provided through this recruitment system may be further processed for (or in relation to) your future employment with us, and to allow us to carry out the monitoring activities required of us as an equal opportunities employer. For further information on the processing of your personal data in the employment context, you will be able to refer to the internal privacy notice accessible to our staff via our intranet (our “Wiki”). Applicants should note that they have the right to access, modify or erase any information concerning their personal profile in compliance with applicable Data Protection Legislation. You may access or modify your personal details via the online portal through which you submitted your application. |
|
Possible consequences of failure to provide data |
There are no negative consequences if you do not provide us the above mentioned personal data. However, incomplete or incorrectly completed applications cannot be considered. Without providing your personal data it will not be possible to progress the application and the application will be closed. |
In this section of our Notice, we inform you about the processing of personal data in relation to our alumni network and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions with Data Protection Legislation which is substantially different to the GDPR (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Data Protection Legislation.
|
Controller |
All processing of personal data in the context of our social media tool for alumni (the “Freshfields Alumni Network”) on our website is controlled by Freshfields Bruckhaus Deringer LLP. |
|
Description and purposes of the processing |
You can sign up to our Freshfields Alumni Network to keep in contact with us and your former colleagues. When filling out the registration form, we ask you for contact data (name, private address and e-mail), current employment data (such as current company name, job title, business contact details) and information regarding your time at Freshfields (such as office and department at departure, role title). We use this social media tool and the data you provide to us when filling out the registration form to create a network of valuable business contacts. The Freshfields Alumni Network also serves recruiting purposes. The registration form also provides the possibility to subscribe to different newsletters and updates. For further information on data processing activities in the context of these newsletters and updates, please see above under 4.2. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing in the context of our Freshfields Alumni Network is based on our legitimate interests to pursue our business interest of developing and maintaining a network of business contacts and to recruit highly skilled employees. |
|
Recipients |
We share the above-mentioned personal data, in particular contact data, with other Freshfields Entities. |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share your data within Freshfields Bruckhaus Deringer. Appropriate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Possible consequences of failure to provide personal data |
There are no negative consequences if you do not provide us the above mentioned personal data. However, without processing the above mentioned personal data, you cannot use our social media tool for alumni. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. Generally, we erase your personal data in regard to our Freshfields Alumni Network as soon as possible after your withdrawal from this network. |
In this section of our Notice, we inform you about the processing of personal data in relation to communications between you and us and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions with Data Protection Legislation which is substantially different to the GDPR (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Data Protection Legislation.
|
Controller |
If you use the contact options on our website, the respective data processing is controlled by Freshfields Bruckhaus Deringer LLP (cf. 2.1). Single Freshfields Entities may be controller if you contact them directly. If different Freshfields Entities act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. |
|
Description and purposes of the processing
|
We offer you the possibility to contact us via e-mail or our contact form. We will process your personal data (such as your name, address, telephone number) to respond to you request and save them for potential further inquiries. Also, the content of the communication will be processed by us for the purpose of responding to your request. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing of your data in the context of our communications with you (e.g. via a contact form or by e-mail) is based on our legitimate interests to respond to your requests or queries, or otherwise to communicate with you. |
|
Recipients |
We share the above-mentioned personal data, in particular contact data, with those Freshfields Entities, offices or departments your request is aimed at. |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share your data within Freshfields Bruckhaus Deringer. Appropriate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Possible consequences of failure to provide data |
You are not obliged to provide us with your personal data. However, we need the relevant data to contact you and respond to your request or query. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
If you are an individual whose personal data, and the processing of that personal data by the relevant Freshfields Entity, are subject to the application of the GDPR, you have certain rights. These rights are identified below together with a brief, non-exhaustive explanation. Where your personal data and the processing of your personal data are not subject to the GDPR these rights do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Data Protection Legislation. If you have any questions in relation to this Notice, or wish to assert any of your rights, please contact us using the contact details included below. To protect your rights and your privacy and to validate communications received in relation to this Notice, we may request a confirmation and proof of your identity. |
|
|
Your rights |
What do they mean for you? |
|
The right to object to the processing |
You have the right to object to the processing of your personal data in certain situations. |
|
The right to information |
You have the right to be informed whether and to what extent we process your data. |
|
The right of access |
Subject to certain exceptions you have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data. |
|
The right to rectification |
If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time. |
|
The right to deletion
|
Subject to certain exceptions if you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example where retention is required to meet legal or regulatory obligations). |
|
The right to restrict the processing
|
You have the right to request that we restrict the processing of your personal data in certain situations:
|
|
The right to data portability
|
Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format. |
|
Rights in relation to automated decision making and profiling
|
You have the right to object to decisions based exclusively on the automated processing of your personal data. |
|
The right to withdraw your consent |
If your personal data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. |
|
|
|
The Data Protection Officer (Legal Department) Freshfields Bruckhaus Deringer LLP 65 Fleet Street, London EC4Y 1HS Telephone: +44 20 7716 4000 Email: dataprivacy@freshfields.com
|
|
|
|
|
Term |
Definition |
|
Applicable Laws |
Means all applicable laws, rules, orders, ordinances, regulations, statutes, requirements, codes and executive orders of any governmental or judicial authorities, each as amended, extended or re-enacted from time-to-time. |
|
Cookies |
A ‘cookie’ is a small file of letters and numbers that is stored on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. |
|
Controller |
Means the entity which alone, or jointly with others, determines the purposes and means of the processing of personal data. |
|
Data Protection Legislation |
Refers to the applicable laws, rules and regulations relating to the processing of personal data, including, where applicable, the GDPR (and any laws, rules and regulations implementing the foregoing). |
|
Freshfields Bruckhaus Deringer LLP |
Refers to Freshfields Bruckhaus Deringer LLP, a limited liability partnership registered in England and Wales with registered number OC334789, and registered office at 65 Fleet Street, London EC4Y 1HS. |
|
Freshfields Bruckhaus Deringer
|
Refers to the international legal practice operating through Freshfields Bruckhaus Deringer LLP, and its associated undertakings in the USA (Freshfields Bruckhaus Deringer US LLP), in Hong Kong (Freshfields Bruckhaus Deringer Hong Kong Partnership), in Japan (Freshfields Bruckhaus Deringer Law Office and Freshfields Bruckhaus Deringer Foreign Law Office), in Singapore (Freshfields Bruckhaus Deringer Singapore Pte. Limited), in Italy (Studio Legale associato a Freshfields Bruckhaus Deringer) and by means of a number of other associated entities (each a “Freshfields Entity”). |
|
Freshfields Entity |
Refers to Freshfields Bruckhaus Deringer LLP and each other entity associated with Freshfields Bruckhaus Deringer LLP. The identity of the Freshfields Entities which together make up Freshfields Bruckhaus Deringer may change from time-to-time. You may access here the most up-to-date information regarding our various offices. |
|
GDPR |
Means the EU-General Data Protection Regulation (Regulation (EU) 2016/679) including its implementing national legislation. |
|
Matter
|
Means a matter in respect of which we agree to provide our advice or services to a client. |
|
Matter Data |
Has the meaning given to this concept in section 3 of this Notice (Advising our clients). |
|
Personal data |
Means any information relating to an identified or identifiable living person. |
|
Processing |
Means anything that is done to, or with, personal data (including obtaining, recording, holding, disclosing, transmitting, making available, using or deleting those data). |
|
Special categories of personal data |
Means (as per Art. 9 GDPR) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. |
|
Standard contractual clauses
|
Are a set of contractual provisions that are recognised and approved by the European Commission (decision 2004/915/EC) as offering appropriate safeguards for transfers of personal data outside the European Economic Area. |
|
Supervisory authority |
Means an independent public authority which is established pursuant to Art. 51 GDPR. |
|
Third country |
Means a country which is not a member of the European Union or the European Economic Area, or which does not benefit from an “adequacy decision” by the European Commission. |