Global Website Privacy Notice
Effective from: 14 May 2020
This privacy notice (“notice”) applies to the processing of personal data by Linklaters in connection with the processing of personal data on the Linklaters website www.linklaters.com, including any personal data you may provide though the use of the Website when you sign up to receive newsletters, blog posts, register for events or use our contact forms (“Website”).
This Website is not intended for children and we do not knowingly collect personal data relating to children.
References in this notice to “you” or “your” are references to individuals who use the Website.
References in this notice to “Linklaters”, “we”, “us” or “our” are references to Linklaters LLP and the other “Linklaters BCR Group Entities” (as defined in and listed in schedule 2 of our Binding Corporate Rules (“BCRs”), which can be found on our Website here. Linklaters LLP is a limited liability partnership established under English law whose registered office is at One Silk Street, London EC2Y 8HQ, England.
We recognise that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process. Most of our offices operate in countries which regulate the use, and impose restrictions on overseas transfers, of personal data. To ensure that we handle personal data properly, we have adopted a global approach to privacy compliance, as evidenced by our BCRs. A copy of our BCRs is available on our Website at the address provided above. Alternatively, you can request a copy of our BCRs at any time by contacting us at email@example.com.
A copy of this notice can be downloaded from the privacy section of our Website here. Alternatively, you can request a copy of this notice at any time by contacting us at firstname.lastname@example.org.
This notice aims to give you information about how Linklaters collects and processes your personal data when you use our Website. It is important that you read this notice together with our Cookie Notice and any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of Linklaters LLP as controller. Unless we notify you otherwise Linklaters LLP is the controller for your personal data.
Our Global Head of Regulatory Compliance oversees compliance with data protection within Linklaters. If you have any questions about this notice, including any requests to exercise your rights, please contact our Global Head of Regulatory Compliance using the contact details set out below:
Global Head of Regulatory Compliance
Linklaters LLP, One Silk Street, London EC2Y 8HQ
Telephone: (+44) 20 7456 2000
If you have any concerns or would like to make a complaint about our processing of your personal data, please refer to our Global Data Protection Complaints Procedure, which is available on the privacy section of our Website here. You may raise your concerns with your local data protection authority directly, without going through our Global Data Protection Complaints Procedure. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Linklaters’ processing of your personal data.
The first version of this notice was issued in May 2018 and this notice was last updated on the “effective from” date (if any) on the cover page of this notice. Any prior versions of this notice can be obtained by contacting us at email@example.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact your relationship partner or email us at firstname.lastname@example.org.
This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.
Personal data includes any information about an individual from which that person can be identified. This does not include any information that does not, and cannot be used to, identify an individual.
We may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this notice.
We do not collect any special categories of personal data about you through our Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this notice:
- “Contact Data”: including your work address, email address and telephone numbers;
- “Identity Data”: including your first name, last name, username or similar identifier, title;
- “Marketing and Communications Data”: including your marketing and communication preferences. We also track when you receive and read marketing communications from us, which information we use to improve our marketing services, provide you with more relevant information and improve the quality of our marketing materials. Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you;
- “Profile Data”: including information collected progressively when you visit our site including your referral website, pages you visit, actions you take, patterns of page visits and information from forms you fill in;
- “Technical Data”: includes information collected when you access our Website or client knowledge portal, your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using; and
- “Usage Data”: information about how you use our Website.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
10. How your personal data is collected
We use different methods to collect personal data from and about you, including through the channels set out below.
Direct interactions: You give us your Contact Data, Identity Data and Profile Data directly, for example, when you:
- register for a seminar, webinar or event;
- submit a contact form on our Website or our client knowledge portal;
- subscribe to receive our publications;
- request marketing to be sent to you;
- enter a survey; or
- give us some feedback (for example, by completing a survey).
Automated technologies or interactions: We receive Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Notice for further details of the information collected.
Third parties or publicly available sources: We receive Technical Data from analytics providers such as Google based outside the EU.
11. How we use your personal data
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. Section 13 (Purposes and legal basis for which we will use your personal data) below sets out further information about the legal bases that we rely on to process your personal data.
When you use our Website we will use your personal data in the following circumstances:
- “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
- “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
- “legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or client portals to ensure that the security of our Website or client portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
- “consent”: Generally we do not rely on consent as a legal basis for processing your personal data except where we may be required in relation to sending third party direct marketing communications to you via email or text message and in using cookies on our website. Please see Section 15 (Marketing and exercising your right to opt-out of marketing) for more information about how we use your personal data for marketing purposes and your rights and our Cookie Notice for more information about cookies.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at email@example.com.
We set out below, in a table format, a description of the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate, we have also identified our legitimate interests in processing your personal data.
We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data. Please contact us at firstname.lastname@example.org if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose and/or activity||Type of data||Legal basis for processing|
|To notify you about changes to our Website terms or privacy notice; and asking you to leave feedback||
|To manage and protect our business and this Website, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting||
|To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you||
|To make suggestions and recommendations to you about services or content that may be of interest to you||
|To use data analytics to improve our website, our services, marketing, customer relationships and experiences||
14. Change of purpose
We will only use your personal data for the purposes for which we collected it as detailed in Section 11 (How we use your personal data) and Section 13 (Purposes and legal basis for which we will use your personal data) and our Cookie Notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing. We will not use your personal data to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes.
We would encourage you to make such requests via the forms and links provided for that purpose in the marketing materials we send you or by contacting our Marketing team at firstname.lastname@example.org. You may alternatively make any such request to your usual contact at the firm or to the Global Head of Compliance (using the contact details set out in Section 4). In any event, such request can be made at any time free of charge.
We do not share your personal data with any organisations outside of Linklaters for marketing purposes.
We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data, as detailed in Section 11 (How we use your personal data) and Section 12 (Purposes and legal basis for which we will use your personal data).
- Your personal data will be shared within Linklaters between the Linklaters BCR Group Entities (which are listed in schedule 2 of our BCRs, accessible on our Website here. As an international firm, we share your personal data between Linklaters offices to ensure the efficient operation of our firm (for instance, by sourcing our shared services in the most cost-effective way) and to provide the highest quality of client services. Your personal data is shared in accordance with our BCRs.
- Where required, we will (subject to our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
- (i) any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body (for example, the Solicitors Regulation Authority or the Law Society in the United Kingdom);
- (ii) our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us; and
- (iii) service providers who provide information technology and system administration services to us.
- We may share your personal data with persons or entities outside of Linklaters to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this notice. If applicable, we will update our BCRs to reflect any such changes to the Linklaters BCR Group Entities.
We require any person or entity to whom we disclose personal data pursuant to this Section 17 to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations.
When we share your personal data within Linklaters LLP, this involves transferring your personal data outside the European Economic Area (“EEA”). The personal data is shared in accordance with our BCRs, which require all Linklaters entities to follow the same rules when processing your personal data. A copy of our BCRs is accessible on our Website here. Alternatively, you can request a copy of our BCRs at any time by contacting us at email@example.com.
In some cases, the parties who we use to process personal data on our behalf are based outside the EEA, therefore their processing of your personal data will involve a transfer of such data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use certain service providers, we may use specific contracts approved by the European Commission which gives personal data the same protection it has within the EEA; and
- where we use providers based in the US, we may transfer personal data to them if they are certified under the EU-US Privacy Shield which requires certified providers to have in place and maintain a similar level of protection to the personal data as if it was processed within the EEA.
Please contact us at firstname.lastname@example.org if you would like further information about the specific mechanism used by us when transferring your personal data out of the EEA.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:
- in some circumstances the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for cookies on this Website are set out in our Cookie Notice. If you would like to know more about the retention periods we apply to your personal data, please contact us at email@example.com.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is Linklaters policy to respect your rights and Linklaters will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights are set out below:
- right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
- right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
- right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
- right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
- right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
- right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a Website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
- right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
- right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
You may exercise any of your rights at any time using the contact details set out in Section 4. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.