Privacy Notice
1. OUR COMMITMENT TO DATA PROTECTION
Freshfields Bruckhaus Deringer, (the “firm”, “we”, “us”, or “our”) takes its data protection and information security responsibilities very seriously. The effective management of all personal data, including its security and confidentiality, lies at the heart of our business and underpins our practices and processes. This is not only conditioned by Applicable Data Protection Laws, but is also driven by our commitment to our clients and to meet their expectations of having in place robust compliance and risk management practices and protocols.
Through this privacy notice (the “Notice”), we would like to inform you about the processing of your personal data in the context of your visit to and use of this website and in the course of our business. Information about how we process personal data in the context of recruitment is covered by separate notices on our recruitment portal.
As a firm with a global presence, we are subject to the varying requirements of Applicable Data Protection Laws in the jurisdictions where we operate. Although our approach to data protection across our business aims to be as consistent as possible and to accord with all Applicable Laws, the specific requirements, rights and obligations relating to personal data and/or our data processing activities can be different. The following descriptions of data processing, rights and obligations, and in particular the limitations to data processing apply within the scope of applicability of the GDPR. Where we operate in jurisdictions outside of the European Union or where GDPR does not apply (such as in the United States of America or People’s Republic of China), these descriptions, rights and obligations, and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Applicable Data Protection Laws.
In the United States of America, residents of the State of California may review our California Privacy Notice for additional information about our practices and rights applicable to residents of that state. Where we operate within Mainland China and where the Personal Information Protection Law applies, please refer to our Mainland China Privacy Notice.
This Notice is in addition to, and does not relieve, remove or replace, our rights and responsibilities under Applicable Laws. In case of a conflict between a provision or requirement of Applicable Laws and a provision of this Notice, the former shall take precedence.
2. OUR WEBSITE AND ONLINE SERVICES
In this section, we inform you about the processing of personal data in the context of your visit to, and use of, our website. Unless stated otherwise, Freshfields Bruckhaus Deringer LLP generally controls (or jointly controls) the processing of the personal data in this regard.
2.1 OUR WEBSITE
|
Description and purposes of the processing |
When visiting our website, your browser will contact our webserver to retrieve the sites you wish to visit. In this context, personal data such as your IP address is transferred by your browser (i.e. by HTTP/S requests) to us. This connection data is processed by our webserver to enable access to and the display of our website. Our webserver automatically saves a record of the pages you visited (so-called ‘logfiles’ or ‘session records’). We use these logfiles to ensure the security of our website, in particular to prevent unauthorised interference with it, and to enable us to exercise our legal rights and obligations in regard to such unauthorised interference. Furthermore, we analyse session records to optimise our website. The results cannot be linked to your person. |
|
Legal basis for the processing and legitimate interests for the processing |
Generally, the processing activities in the context of your visit to and use of our website are based on our legitimate interests to operate an internet website for general information and communication purposes, to optimise our website and to protect it from attacks. Exceptionally, we may process personal data to fulfil our legal obligations, in particular with regard to the relevant authorities in cases of unauthorised interference with our website. |
|
Recipients |
Our IT department has access to logfiles and will pass them on to other internal or external recipients including to the relevant authorities if necessary to exercise our legal rights regarding any unauthorised interference with our website. Our website is hosted on our behalf by the hosting services provider Episerver Inc. (542 Amherst Street, Route 101A, Nashua, NH 03063, USA). |
|
Retention period |
Logfiles are normally erased after 90 days. They may be stored for a longer period if necessary for the above-mentioned purposes, including for the exercise of our legal rights. All other data is erased immediately after processing the HTTP/S request. |
|
Possible consequences of failure to provide personal data |
Without processing the above mentioned personal data, you cannot display and visit our website. |
2.2 OUR INFORMATION HUBS, COLLABORATIVE PLATFORMS AND LEGAL TECHNOLOGY
|
Description and purposes of the processing |
Our information hubs, collaborative platforms, legal technology solutions and third party applications (“Solutions”) offer a wide range of resources, and alternative ways to deliver our services on a particular Matter, primarily to our clients in the course of our business relationship with them but also to other parties. As a part of our delivery of legal services, we may use AI, where appropriate, including to support with document review, legal research and data analysis. We will process personal data such as names and e-mail addresses to administer and monitor access to (and use of) these Solutions. In order to tailor and further optimise the user experience, the functionalities and operation of these Solutions, and the information provided to you, we may also process information regarding your specified preferences, if any, and in some instances information regarding your use of our Solutions. We may also process this data for business development purposes and to troubleshoot, develop and improve our Solutions. When you share information with us using certain Solutions in relation to a Matter, we will process that data, including Matter Data, for the purposes set out in section 3 of this Notice below. We also use registration data for business development purposes and to troubleshoot, develop and improve our Solutions. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interests to provide you with certain resources, know-how and information in context of (or related to) our services and business initiatives, and generally to offer our clients an alternative, modern and efficient way to deliver or support our services, and in doing so to develop our business and promote client relationships. It serves the legitimate interests of users to access the know-how, resources, information and support provided to them (or the client) through the Solutions. When you register to access our Solutions, and accept their terms of use, we will (also) process your personal data as necessary in relation to those terms of use (performance of a contract). |
|
Recipients |
Our internal business development and IT departments have access to and process registration and usage data for the provision and maintenance of your user account, for authentication purposes, for the optimisation of our information resources and business development initiatives and to enable the provision of Solutions to you. |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share your data within Freshfields Bruckhaus Deringer. Appropriate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. Solutions can be hosted in third-party managed IT environments (primarily cloud-based). Appropriate safeguards for personal data transfers to such third parties will be ensured: through standard contractual clauses; with your consent or on the basis that the transfer is otherwise compliant with Applicable Data Protection Laws. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
Without our processing the above-mentioned personal data, you will not be able to access and use the Solutions or certain restricted areas of our website. |
2.3 WE USE SOCIAL PLUG-INS
|
Data Controller |
We do not control the processing of personal data in the context of social media plug-ins. We do not have any access to the data collected and transferred by the social media plug-in to the social network provider. Any data processing is determined solely by the network service provider. In the interest of transparency, we would like to inform you about the processing of your personal data in this context. |
|
Description and purposes of the processing |
To improve your user experience, our website includes social media plug-ins of the large social media networks Twitter, LinkedIn Google+. These plug-ins allow you to directly post links to and other content from our websites on the relevant network. Upon you opening a website on which a social media plug-in is embedded, the respective social network provider
will collect and process information on your visit to our website for its own business purposes. This processing is not initiated or controlled by us, but is a built-in feature of the respective social media plug-in. For further information on the processing of personal data, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Legal basis for the processing and legitimate interests for the processing |
The processing of personal data in this context by us, if any, is based on our legitimate interests to: (i) improve our website’s user experience thereby making it more attractive and thus increasing user traffic; and (ii) make our content more visible and thereby promote our business. For information on the legal basis of processing by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Recipients |
We do not have access to, nor share, any personal data in this context. For sharing of personal data by the social media provider, please contact the respective social media provider. |
|
Transfer of personal data to third countries or international organisations |
We do not transfer personal data to third countries. However, the social media plug-in will connect to the webserver of the social media network in the United States of America. For further information on transfers and relevant safeguards regarding them, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Retention period |
We do not store any personal data in this context. For storage of personal data by the social media provider, please contact the respective social media provider or refer to their respective privacy policy:
|
|
Possible consequences of failure to provide personal data |
Without processing the above mentioned personal data, you will not be able to post links to and other content from our website. |
Our website uses cookies to enable, optimise and analyse site operations, as well as to provide personalised content and allow you to connect to social media.
Cookies are usually small text files that are stored on your computer's browser directory or program data subfolders when you visit our website and stored on your computer for the duration of your visit or for when you re-visit our website at a later time. Cookies allow our website to access or store information from your browser about you, your settings or your device. They are mainly used to ensure the website’s expected functionality. As a rule, cookies do not contain any information that could identify you directly. They do, however, make it possible to offer you a more personalised web experience. You can find out more about our cookies on www.allaboutcookies.org.
We distinguish the following categories of cookies and associated data processing:
- Strictly necessary
- Functionality and performance
- Analytics
- Marketing
With the following information, we want you to be in a position to make an informed decision for or against the use of cookies and the associated data processing which are not strictly necessary for the website’s technical features, i.e. categories (2), (3) and (4) listed above.
You can adjust your cookie and associated data processing preferences any time in our Cookie Preference Manager.
Strictly Necessary Cookies
To manage your cookies via our preference centre please use the button below:
| Description and purposes of cookies and the associated data processing | We use certain cookies which are necessary for the website to function and which cannot be switched off in our systems. They are usually only set and used in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Without these cookies services you have asked for (e.g. login) cannot be provided. By the help of strictly necessary cookies we process data, such as your unique session ID, authentication data and the time of your login (time stamp). This data allows us to relate the visitor's unique session to server-side data. The cookies act as a reference to the session created. Whenever an activity is performed on our website, our server recognises your session ID and validates that activity. |
| Legal basis for the processing of personal and legitimate interests for the processing | Processing of data related to the use of strictly necessary cookies is based on your legitimate interest to view our website and our legitimate interests to enable users to visit our website and to promote our business. |
| Legal basis for the use of cookies | As these are technically necessary cookies, no separate legal basis is required. |
| Recipients | Data related to the use of strictly necessary cookies is processed by our own servers as well as by
|
| Transfer of personal data to third countries or international organisations | Data related to the use of strictly necessary cookies may be processed by Episerver Inc. and Cloudflare Inc. |
| Possible consequences of failure to provide personal data | Disabling these essential cookies will hinder our website’s performance and may make certain of its functions and features unavailable. |
We use the following essential cookies:
|
Tool / Provider |
Cookie Name |
Type |
Purpose |
Expiry after |
|
ASP (our system) |
ASP.Net_SessionId |
Session |
This is the default ASP.net cookie which uniquely identifies each user session. This is necessary to differentiate various users behind a shared IP address (e.g. of a public wifi network) and deliver the correct content to each. It also allows users to log-in and/or stores user input to avoid having to rekey information when navigating between pages. |
When you close your browser |
|
Ektron |
Ecm |
Session |
This cookie provides user data directly to our internal systems as part of the log-in process. |
When you close your browser |
|
Cloudflare |
__cfduid |
Permanent |
This cookie is used to identify trusted web traffic, in particular to identify individual clients behind a shared IP address and apply security settings on a per-client basis. |
1 year |
|
Cloudflare |
_biz_flagsA, _biz_nA, _biz_pendingA, _biz_uid |
Permanent |
Used to remember user settings for authentication and analytics. |
1 year |
|
Cloudflare |
cf_ob_info |
Session |
Used by CloudFlare content delivery network to display a notice in case the website is temporarily inaccessible. |
When you close your browser |
|
Cloudflare |
cf_use_ob |
Permanent |
Used by CloudFlare content delivery network to display a notice in case the website is temporarily inaccessible. |
Session |
|
Episerver |
.EPiForm_BID |
Permanent |
This cookie is used to distinguish browsers. |
10 months |
|
Episerver |
.EPiForm_VisitorIdentifier |
Permanent |
This cookie is used to distinguish users. |
10 months |
Functionality and performance
To manage your cookies via our preference centre please use the button below:
| Description and purposes of cookies and the associated data processing | Functionality and performance cookies are set to provide enhanced functionality and make our website easier to use (e.g. by remembering your login details, accelerating display of our website through load balancing). Currently, we cookies of this categories are used by functions of our system as well as the services of Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA) and Embed.ly (A Medium Corporation, 799 Market Street, 5th floor, San Francisco, CA 94103, USA) to enhance our users’ experience by accelerate display of our website (e.g. through load balancing) and improve the appearance of our website. |
| Legal basis for the processing of personal data / use of cookies | The use of functionality and performance cookies and the associated processing of cookie data is based on your consent which you may withdraw at any time. |
| Withdrawal of your consent / changing your cookie preferences | To withdraw your consent and prevent the processing of your data associated with the use of performance enhancing cookies you can change your cookie preferences and deactivate those cookies. Alternatively, you may prevent the processing of your personal data by activating the “do-not-track”-option of your browser. |
| Possible consequences of failure to provide personal data | If you do not consent to the use of cookies or withdraw your consent, we will not use cookies and the processing of your data associated with the use of cookies will not take place. Disabling functionality and performance cookies can affect our website’s performance. If you activate the “do-not-track”-option of your browser, the display of our website may be hindered. |
| Recipients | Functionality and performance cookie data is processed by our systems and Cloudflare Inc. as data processor on our behalf on the basis of data processing agreements between Cloudflare Inc. and us. |
| Transfer of personal data to third countries or international organisations | Functionality and performance enhancing cookie data may be processed by Cloudflare Inc. |
We use the following cookies for functionality and performance:
|
Tool / Provider |
Cookie Name |
Type |
Purpose |
Expiry after |
|
Windows Azure (our system) |
ARRAffinity |
Temporary |
This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. |
When you close your browser |
|
Cloudflare |
optimizelyBuckets, optimizelyEndUserId, optimizelySegments |
Permanent |
The main purpose of this cookie is performance of the user’s experience and the appearance of the site. |
10 years |
|
Episerver |
EPi_NumberOfVisits |
Permanent |
Stores the number of times you access pages on the site to allow personalization of content based on the frequency the site content is viewed. This cookie is used only when the visitor group Number of Visits criteria is used. |
1 year |
Analytics
To manage your cookies via our preference centre please use the button below:
| Description and purposes of cookies and the associated data processing | We use web analytics cookies to create anonymised user statistics (e.g. number of visits and traffic sources) and help us to tailor our website to our users’ needs by, for example, placing the most sought-after sites where they are most easily found. Web analytics cookies also allow us to gauge how attractive our website is, how many of our users are regulars and how we can improve the reach of our website. For this purpose,
Show Details: When you visit a site on our website that uses Google Analytics, Ektron, NmStat, or Hotjar, certain information on this “pageview hit” (incl. the URL of the site visited by you as well as your IP address, information on the operating system, browser and language setting used by you and potentially some information stored in the cookies described below) will be transmitted to our cookie supplier´s server by code embedded in the respective site. The IP address is only used for the technical purposes of transmission and is anonymised by deleting the last digits immediately after reception. The other usage data will be attributed to an anonymous / pseudonymous identifier that is automatically generated and stored in a cookie on your device (cf. below). This identifier cannot and will not be traced back to you. Its sole purpose is to allow us to analyse typical website usage by obtaining information on relevant usage cycles. Google Analytics also includes a retargeting technology function. This is necessary part of the program package and cannot be deactivated selectively. However, the retargeting functions are not actively used by us. Show Details: By incorporating codes or so-called tracking pixels, we collect certain usage data while user browse on our website (for example, which sites are visited). This data will be processed by our provider and associated with a pseudonymous, non-personal profile. When browsing on another website, the cookie data stored in this cookie are also processed by the provider of the respective website and possibly further user data may be added to this cookie. For example, if a user visits website A and then website B, personalized ads based on browsing / usage behaviour regarding website A may be displayed on website B. |
| Legal basis for the processing of personal data / use of cookies | The use of web analytics cookies and the associated processing of usage data is based on your consent which you may withdraw at any time. |
| Withdrawal of your consent / changing your cookie preferences | To withdraw your consent and prevent the processing of your data associated with web analytics cookies you can change your cookie preferences and deactivate those cookies. Alternatively, you may prevent the processing of your personal data by activating the “do-not-track”-option of your browser. The use of cookies by Google Analytics can also be prevented by installing the Google Analytics opt-out browser add-on. |
| Possible consequences of failure to provide personal data | If you do not consent to the use of cookies or withdraw your consent, this will generally not have any negative effects. If you activate the “do-not-track”-option of your browser, however, the display of our website may be hindered, as technically necessary cookies will also be deactivated in this case. |
| Recipients | Usage data is processed by our cookie supplier as a data processor on our behalf. Analyses of website traffic provided by our cookie suppliers are used by our internal departments, in particular the IT and business development departments, for the abovementioned purposes. |
| Transfer of personal data to third countries or international organisations | Usage data may be processed by Google LLC, Episerver Inc., ShareThis Inc. and Hotjar Ltd. |
| Further information | Please see the privacy notices of Google, Episerver, and Hotjar. |
The following cookies are used for the purposes of web analytics:
|
Tool / Provider |
Cookie Name |
Type |
Purpose |
Expiry after |
|
Google Analytics |
_utma |
Permanent |
This tracks the number of times a visitor has been to our site, when their first visit was, and when their last visit occurred. Google Analytics uses the information to calculate visitor statistics. |
2 years |
|
Google Analytics |
_utmb _utmc |
Session |
These cookies work together to calculate how long a visit takes. _utmb takes a timestamp of the exact moment when a visitor enters a site, while_utmc takes a timestamp of the exact moment when a visitor leaves a site. _utmb expires at the end of the session. _utmc waits 30 minutes, and then expires. _utmc waits 30 minutes for another page view to happen, and if it doesn't, it expires. |
30 minutes |
|
Google Analytics |
_utmz |
Permanent |
This cookie tracks where visitors came from. What search engine was used. What links were clicked on. What keywords were used. Where they were in the world when they accessed the website. It expires in 6 months. |
6 months |
|
Google Analytics |
_utmv |
Permanent |
This cookie stores custom variables for each visitor and allows us to use segmentation to better understand our visitors. It expires 2 years after last visit. |
2 years after last visit |
|
Google Analytics |
__utmt |
Permanent |
Used to throttle request rate. |
10 minutes |
|
Google Analytics |
_ga |
Permanent |
This cookie is used to distinguish between site visitors. It expires 2 years after last visit. |
2 years after last visit |
|
Google Analytics |
_gat_UA-506736-1 |
Temporary |
Tracking cookie. Used to throttle request rate. |
1 minute |
|
Google Analytics |
_gid |
Permanent |
Used to distinguish users. |
24 hours |
|
Google Analytics |
1P_JAR |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
1 month |
|
Google Analytics |
AID |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
6 months |
|
Google Analytics |
CONSENT |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
20 years |
|
Google Analytics |
NID |
Permanent |
These cookies are used to collect information about the use of our website by visitors. We use the information to prepare reports and to improve the site. These cookies are only associated to an anonymous user and to his / her computer / device without providing references that allow knowing personal data. They collect the number of visitors to the site, the duration of visits, the browser, the type of terminal, the place of origin of the visitors and the pages visited. |
6 months |
|
Ektron |
EkAnalytics EktGUID |
Permanent |
These cookies provide alternative web analytics to Google which are used by our Content Management System (the platform on which our website is built). |
1 year after last visit |
|
ShareThis |
_unam |
Permanent |
This cookie monitors “click-stream” activity, e.g. web pages viewed, navigation from page to page, time spent on each page etc. Personal identification only occurs if you have separately signed up with ShareThis for a ShareThis account. |
9 months |
|
Google Analytics |
Doubleclick.net |
Permanent |
Retargeting |
1 year |
|
ASP (our systems) |
.ASPXANONYMOUS |
Temporary |
This cookie is used by sites using the .NET technology platform from Microsoft. It enables the site to maintain an anonymous user-id to track unique users within a session without them logging in or otherwise identifying themselves. |
39 days |
|
ASP (our systems) |
Nmstat |
Permanent |
This is an ASP.net cookie which is used to track the sequence of pages a visitor looks at during a visit. |
1000 days |
|
Windows Azure (our system) |
ai_user |
Permanent |
This cookie name is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique user identifier cookie enabling counting of the number of users accessing the application over time. |
1 year |
|
Hotjar |
_hjClosedSurveyInvites |
Permanent |
Hotjar cookie that is set once a visitor interacts with an External Link Survey invitation modal. It is used to ensure that the same invite does not reappear if it has already been shown. |
1 year |
|
Hotjar |
_hjDonePolls |
Permanent |
Hotjar cookie that is set once a visitor completes a survey using the On-site Survey widget. It is used to ensure that the same survey does not reappear if it has already been filled in. |
1 year |
|
Hotjar |
_hjMinimizedPolls |
Permanent |
Hotjar cookie that is set once a visitor minimizes an On-site Survey widget. It is used to ensure that the widget stays minimized when the visitor navigates through your site. |
1 year |
|
Hotjar |
_hjShownFeedbackMessage |
Permanent |
Hotjar cookie that is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if the visitor navigates to another page where it is set to show. |
1 year |
|
Hotjar |
_hjid |
Permanent |
Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
1 year |
|
Hotjar |
_hjRecordingLastActivity |
Session |
This should be found in Session storage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records). |
Session |
|
Hotjar |
_hjTLDTest |
Session |
When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. |
Session |
|
Hotjar |
_hjLocalStorageTest |
Temporary |
This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created. |
Under 100ms |
|
Hotjar |
_hjIncludedInPageviewSample |
Permanent |
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit. |
30 minutes |
|
Hotjar |
_hjIncludedInSessionSample |
Permanent |
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit. |
30 minutes |
|
Hotjar |
_hjAbsoluteSessionInProgress |
Permanent |
This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie. |
30 minutes |
|
Hotjar |
_hjFirstSeen |
Session |
This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions. |
Session |
|
Hotjar |
hjViewportId |
Session |
This stores information about the user viewport such as size and dimensions. |
Session |
|
Hotjar |
_hjRecordingEnabled |
Session |
This is added when a Recording starts and is read when the recording module is initialized to see if the user is already in a recording in a particular session. |
Session |
Marketing
To manage your cookies via our preference centre please use the button below:
| Description and purposes of cookies and the associated data processing | We use the AddThis (AddThis, LLC, 1595 Spring Hill Road, Suite 300, Vienna, VA 22182, USA). This service allows a simplified bookmarking of websites via buttons and allows you to share content of our website in social networks. It embeds social media providers it partners with. Please note that we do not gather any personal data in that regard. However, when you browse a website where AddThis is embedded, usage data is transferred to AddThis and/or its partner networks, allowing them to track your browsing. In addition, when you choose to share information via AddThis in social networks, data regarding your status will be processed by AddThis and the respective provider of the social network. |
| Legal basis for the processing of personal data / use of cookies | The use of networking cookies and the associated processing of data, if any, is based on your consent which you may withdraw at any time. |
| Withdrawal of your consent / changing your cookie preferences | To withdraw your consent and prevent the processing of your data associated with networking cookies you can change your cookie preferences and deactivate those cookies. Alternatively, you may prevent the processing of your personal data by activating the “do-not-track”-option of your browser. |
| Possible consequences of failure to provide personal data | If you do not consent to the use of cookies or withdraw your consent, this will generally not have any negative effects. If you activate the “do-not-track”-option of your browser, however, the display of our website may be hindered, as technically necessary cookies will also be deactivated in this case. |
| Recipients | Data is processed by AddThis and its partners (in particular, providers of social networks). |
| Transfer of personal data to third countries or international organisations | Usage data may be processed by AddThis and the providers of social networks that partner with AddThis. |
| Further information | Please refer to the service providers’ own privacy notices and policies:
|
The following cookies are used for the purposes of marketing:
|
Tool / Provider |
Cookie Name |
Type |
Purpose |
Expiry after |
|
|
AddThis |
uvc |
Permanent |
Tracks how often a user interacts with AddThis. |
396 days |
|
|
AddThis |
loc |
Permanent |
Stores the visitor’s geolocation to record location of sharer. |
396 days |
|
|
Social Media Networks |
For cookies set by social media partners of Addthis, please refer to the service providers’ own privacy notices and policies:
|
||||
3. ADVISING OUR CLIENTS
In this section of our Notice, we inform you about the processing of personal data in relation to providing our legal advice and services on a Matter and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions outside of the European Union or where GDPR does not apply (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Applicable Data Protection Laws.
|
Data Controller |
The data processing in the context of providing legal advice on a given Matter will ordinarily be controlled by the Freshfields Entity that is instructed and provides its services on that Matter. Where several Freshfields Entities work together on a Matter, they normally act as individual controllers for the respective work done on that Matter by them, as they will ordinarily be providing their advice in respect of the relevant jurisdiction where they are based. If they should however act as joint controllers, the relevant Freshfields Entity that is instructed on that Matter is designated as a single point of contact for data subjects under the GDPR. You can see here the Freshfields Entities through which we practise law in the relevant jurisdiction. |
|
Description and purposes of the processing, categories of personal data processed |
We process personal data in relation to a Matter (“Matter Data”) for certain specific purposes, including:
Whose personal data do we process in the course of handling a Matter? Depending on the nature of the Matter, we may process personal data of various categories of data subjects, including:
What types of personal data are processed as Matter Data? The Matter Data can include various types of personal data, depending on the nature of the Matter and the information that is provided to, or obtained by, us in the course of that Matter. The types of personal that we typically process in relation to a Matter include client contact and communication data. In addition, in the course of carrying out the KYC verification required by law, we may process a copy of an identity document (e.g. ID card), including any personal data specified therein. Depending on the Matter, we also process “special categories of personal data” according to Art. 9(1) GDPR (e.g. health data) and personal data relating to criminal convictions and offences or related security measures according to Art. 10 GDPR. We of course limit the processing of personal data and in particular sensitive personal data to the necessary minimum.
|
|
Legal basis for the processing and legitimate interests for the processing |
We process special categories of personal data (as necessary): for the establishment, exercise or defence of legal claims; based on your consent; for employment and social security law purposes; in relation to personal data which has been made public by a data subject; and/or for reasons of public interest in connection with a statutory provision. |
|
Sources of personal data |
In the context of a Matter, our clients ordinarily provide us with the personal data that we need to handle the Matter in our capacity as their legal advisors. If a client has registered to use one of our Solutions (see section 2.2 above), we may also gather personal data through use of those solutions. However, we may also obtain certain personal data from other sources (for example for KYC purposes) such as public registers and databases, court and public records, and our communication with third parties and other advisors involved in the Matter. |
|
Recipients |
In the course of our work on a Matter, as a global law firm we may, where necessary and subject to appropriate terms regarding confidentiality and data protection, share Matter Data:
|
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we share Matter Data within Freshfields Bruckhaus Deringer (e.g. where multiple Freshfields Bruckhaus Deringer offices are involved in a Matter). Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer (and where necessary with other third parties working with or for us on a Matter) will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Applicable Data Protection Laws. Additionally, within Freshfields Bruckhaus Deringer we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
4. PROMOTING OUR SERVICES
In this section of our Notice, we inform you about the processing of personal data in relation to promoting our services and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions outside of the European Union or where GDPR does not apply (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Applicable Data Protection Laws.
4.1 GENERAL
|
Data Controller |
Data processing activities in the context of global business development initiatives are generally controlled by Freshfields Bruckhaus Deringer LLP. Data processing activities in the context of local business development initiatives are ordinarily controlled by the respective Freshfields Entity. If different Freshfields Entities act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. |
|
Description and purposes of the processing |
In the conduct of our business we engage in different business development and related activities with current and potential clients and other relevant third parties. For these purposes, we process certain “business development data” such as:
These data are provided directly by, or obtained from, the relevant data subject or other business contacts and sources (e.g. business information services, public sources or registers). |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interest to pursue business development initiatives, or, as the case may be, in order to take steps at the request of a data subject prior to entering into a contract. |
|
Recipients |
As a global firm in the conduct of our business, we share certain business development data within Freshfields Bruckhaus Deringer. On a case-by-case basis, we may also share certain business development data with our business partners (for example law firms from our “StrongerTogether” network) and certain other parties that assist us with our business development activities in the ordinary course of our business (e.g. marketing services providers). |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share business development data within Freshfields Bruckhaus Deringer and with certain third parties supporting us with the administration of our activities in the ordinary course of our business. Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer (and where necessary with certain other third parties) will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Applicable Data Protection Laws. Additionally, within Freshfields Bruckhaus Deringer we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities.
|
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
Where we collect business development data directly from you, you continue to retain full discretion over how and what you disclose to us. There are no negative consequences if you do not provide us business development data. |
4.2 NEWSLETTERS AND UPDATES
|
Data Controller |
Generally, data processing activities in the context of newsletters and update services (e.g. RSS news feeds and social media news feeds) are ordinarily controlled by Freshfields Bruckhaus Deringer LLP. Data processing in the context of local newsletters or other update services are ordinarily controlled by the respective Freshfields Entity. If different Freshfields Entities act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. |
|
Description and purposes of the processing |
If you have signed up or otherwise agreed to receive newsletters or other update services, we will process your contact data (e.g. name, e-mail) to provide those services to you. To further optimise the user experience and in particular to tailor the information provided to you, we process information on your specified preferences, if any, and in some instances, follow your consumption of material (user statistics). All newsletter activities and other update services serve marketing purposes and business development. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interests to pursue business development activities, or, as the case may be, for the performance of a contract according. In other cases, we may ask you for your explicit consent for the processing. |
|
Recipients |
As a global firm in the conduct of our business, we share certain business development data within Freshfields Bruckhaus Deringer. On a case-by-case basis, we may also share certain business development data with our business partners (for example law firms from our “StrongerTogether” network) and certain other parties that assist us with our business development activities in the ordinary course of our business (e.g. marketing services providers). |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we share data within Freshfields Bruckhaus Deringer. Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured: through standard contractual clauses; with your consent; or on the basis that the transfer is otherwise compliant with Applicable Data Protection Laws. Additionally, within Freshfields Bruckhaus Deringer we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities.
|
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
There are no negative consequences if you do not provide us the above mentioned personal data. However, without providing your personal data, you cannot receive our newsletter or other update services. |
4.3 OUR SEMINARS, WEBINARS AND EVENTS
|
Controller |
Data processing in the context of seminars, webinars and events is ordinarily controlled by the relevant Freshfields Entity offering the seminar, webinar or event. |
|
Description and purposes of the processing |
We offer seminars, webinars and events on a wide range of topics primarily to our clients in the course of our business relationship with them, but also to other registered parties. Seminars, webinars and events are part of our business development endeavours. When you sign up for a seminar, webinar or event, we will process the registration data you provide, such as your name, role and contact details, to administer access to and present the respective seminar, webinar or event. We may also use registration and attendance data for purposes of business development and, where required to do so, to facilitate contact tracing in relation to COVID-19. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing is based on our legitimate interests to develop our business and promote client relationships. It also serves the legitimate interests of users and attendees to receive training in legal matters and know-how. Additionally, processing contact details and attendance data is in the interests of public health efforts to help tackle COVID-19. |
|
Recipients |
Registration and attendance data is processed by the relevant departments of the respective Freshfields Entity hosting and/or performing the seminar or webinar. It may also be processed by the internal business development departments of other Freshfields Entities. Lists of attendees may be provided to other attendees and, if required, to a contact tracing scheme in order to support efforts to help tackle COVID-19. |
|
Transfer of personal data to third countries |
As an organisation with a global presence, we share registration and usage data with Freshfields Entities in third countries. Adequate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
|
Possible consequences of failure to provide personal data |
Without us processing the above mentioned personal data, you cannot participate in our seminars, webinars or events. |
5. OUR ALUMNI NETWORK
In this section of our Notice, we inform you about the processing of personal data in relation to our alumni network and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions outside of the European Union or where GDPR does not apply (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Applicable Data Protection Laws.
|
Controller |
The processing of personal data in the context of our social media tool for alumni (the “Freshfields Alumni Network”) on our website is generally controlled by Freshfields Bruckhaus Deringer LLP. Data processing in the context of local alumni networks and newsletters are ordinarily controlled by the respective Freshfields Entity. |
|
Description and purposes of the processing |
The Freshfields Alumni Network is a network of valuable business contacts and enables you to keep in contact with us and your former colleagues. You may sign up to our Freshfields Alumni Network by filling out our registration form. We ask you to provide your contact information (name, private address and e-mail), current employment information (such as current company name, job title, business contact details) and information regarding your time at Freshfields (such as office and department at departure, role title). The Freshfields Alumni Network also serves recruiting purposes. The registration form also provides the possibility to subscribe to different newsletters and updates. For further information on data processing activities in the context of these newsletters and updates, please see above under 4.2. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing in the context of our Freshfields Alumni Network is based on our legitimate interests to pursue our business interest of developing and maintaining a network of business contacts and to recruit highly skilled employees. |
|
Recipients |
We share the above-mentioned personal data, in particular contact data, with other Freshfields Entities. |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share your data within Freshfields Bruckhaus Deringer. Appropriate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Possible consequences of failure to provide personal data |
There are no negative consequences if you do not provide us the above mentioned personal data. However, without processing the above mentioned personal data, you cannot use our social media tool for alumni. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. Generally, we erase your personal data in regard to our Freshfields Alumni Network as soon as possible after your withdrawal from this network. |
6. CONTACT AND COMMUNICATION
In this section of our Notice, we inform you about the processing of personal data in relation to communications between you and us and how we ensure compliance with the GDPR (or other applicable legal requirements with equivalent effect). Where we operate in jurisdictions outside of the European Union or where GDPR does not apply (such as in the United States of America), these descriptions and in particular the outlined rights and obligations and limitations to processing do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively applicable Applicable Data Protection Laws.
|
Controller |
If you use the contact options on our website, the respective data processing is controlled by the relevant Freshfields Entities if you contact them directly. If different Freshfields Entities act as joint controllers, Freshfields Bruckhaus Deringer LLP is designated as a single point of contact for data subjects under the GDPR. |
|
Description and purposes of the processing
|
We offer you the possibility to contact us via e-mail or our contact form. We will process your personal data (such as your name, address, telephone number) to respond to you request and save them for potential further inquiries. Also, the content of the communication will be processed by us for the purpose of responding to your request. |
|
Legal basis for the processing and legitimate interests for the processing |
The processing of your data in the context of our communications with you (e.g. via a contact form or by e-mail) is based on our legitimate interests to respond to your requests or queries, or otherwise to communicate with you. |
|
Recipients |
We share the above-mentioned personal data, in particular contact data, with those Freshfields Entities, offices or departments your request is aimed at. |
|
Transfer of personal data to third countries or international organisations |
As a global law firm, we may share your data within Freshfields Bruckhaus Deringer. Appropriate safeguards for personal data transfers within Freshfields Bruckhaus Deringer will be ensured through standard contractual clauses. Additionally, we have in place binding firm-wide data protection and information security policies which govern our internal data processing activities. |
|
Possible consequences of failure to provide data |
You are not obliged to provide us with your personal data. However, we need the relevant data to contact you and respond to your request or query. |
|
Retention period |
We retain personal data only for as long as there is a legitimate reason or other legal ground to do so, and will keep these legal bases under review. If there is no longer a legal ground for the data to be retained, we will erase personal data securely, or in some cases anonymise it. |
7. YOUR RIGHTS
If you are an individual whose personal data, and the processing of that personal data by the relevant Freshfields Entity, are subject to the application of the GDPR, you have certain rights. These rights are identified below together with a brief, non-exhaustive explanation. Where your personal data and the processing of your personal data are not subject to the GDPR these rights do not necessarily apply and nothing in this Notice may be interpreted to establish rights or obligations that go beyond what is mandated by the respectively Applicable Data Protection Laws. Residents of the State of California may view our California Privacy Notice for a summary of their rights under applicable California law.
If you have any questions in relation to this Notice, or wish to assert any of your rights, please contact us using the contact details included below. To protect your rights and your privacy and to validate communications received in relation to this Notice, we may request a confirmation and proof of your identity.
|
Your rights |
What do they mean for you? |
|
The right to object to the processing |
You have the right to object to the processing of your personal data in certain situations. |
|
The right to information |
You have the right to be informed whether and to what extent we process your data. |
|
The right of access |
Subject to certain exceptions you have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data. |
|
The right to rectification |
If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time. |
|
The right to deletion
|
Subject to certain exceptions if you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example where retention is required to meet legal or regulatory obligations). |
|
The right to restrict the processing
|
You have the right to request that we restrict the processing of your personal data in certain situations:
|
|
The right to data portability
|
Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format. |
|
Rights in relation to automated decision making and profiling
|
You have the right to object to decisions based exclusively on the automated processing of your personal data. |
|
The right to withdraw your consent |
If your personal data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. |
If you wish to exercise your rights you can get in touch with us by contacting:
The Data Protection Officer
(Legal Department)
Freshfields Bruckhaus Deringer LLP
100 Bishopsgate, London EC2P 2SR
Telephone: +44 20 7716 4000
Email: dataprivacy@freshfields.com
For processing conducted by Freshfields Bruckhaus Deringer Rechtsanwälte Steuerberater PartG mbB in Germany and Freshfields Bruckhaus Deringer Rechtsanwälte PartG mbB in Austria, the Firm has appointed a Data Protection Officer who may be contacted as follows:
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne
Germany
Phone: +49 (0)221 - 222 183 0
Fax: + 49 (0)221 - 222 183 10
E-mail: FBD@kinast.eu
Website: https://www.kinast.eu/en/
You also have the right to lodge a complaint:
- by using the contact details above; and/or
- with a competent supervisory authority.
8. TERMS AND DEFINITIONS
|
Term |
Definition |
|
Applicable Laws |
Means all applicable laws, rules, orders, ordinances, regulations, statutes, requirements, codes and executive orders of any governmental or judicial authorities, each as amended, extended or re-enacted from time-to-time. |
|
CCPA |
Means the California Consumer Privacy Act of 2018, as amended from time to time, and any applicable regulations. |
|
Cookies |
A ‘cookie’ is a small file of letters and numbers that is stored on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. |
|
Controller |
Means the entity which alone, or jointly with others, determines the purposes and means of the processing of personal data. |
|
Applicable Data Protection Laws |
Refers to the applicable laws, rules and regulations relating to the processing of personal data, including, where applicable, the GDPR (and any laws, rules and regulations implementing the foregoing), and the CCPA. |
|
Freshfields Bruckhaus Deringer LLP |
Refers to Freshfields Bruckhaus Deringer LLP, a limited liability partnership registered in England and Wales with registered number OC334789, and registered office at 100 Bishopsgate, London EC2P 2SR. |
|
Freshfields Bruckhaus Deringer
|
Refers to the international legal practice operating through Freshfields Bruckhaus Deringer LLP, a limited liability partnership incorporated in England and associated entities and undertakings incorporated or formed in the USA (Freshfields Bruckhaus Deringer US LLP, a limited liability partnership incorporated in New York), in Hong Kong (Freshfields Bruckhaus Deringer, a partnership registered in Hong Kong), in Japan (Freshfields Bruckhaus Deringer Law Office and Freshfields Bruckhaus Deringer Foreign Law Office), in Singapore (Freshfields Bruckhaus Deringer Singapore Pte. Limited), in Italy (Studio Legale associato a Freshfields Bruckhaus Deringer) in Germany and Spain (Freshfields Bruckhaus Deringer Rechtsanwälte Steuerberater PartG mbB), in Austria (Freshfields Bruckhaus Deringer Rechtsanwälte PartG mbB), in Ireland (Freshfields Bruckhaus Deringer Ireland LLP) and by means of a number of other associated entities and undertakings (each a “Freshfields Entity”). |
|
Freshfields Entity |
Refers to Freshfields Bruckhaus Deringer LLP and each other entity associated with Freshfields Bruckhaus Deringer LLP. The identity of the Freshfields Entities which together make up Freshfields Bruckhaus Deringer may change from time-to-time. You may access here the most up-to-date information regarding our various offices. |
|
GDPR |
Means the EU-General Data Protection Regulation (Regulation (EU) 2016/679) including its implementing national legislation. |
|
Matter
|
Means a matter in respect of which we agree to provide our advice or services to a client. |
|
Matter Data |
Has the meaning given to this concept in section 3 of this Notice (Advising our clients). |
|
Personal data |
Means any information relating to an identified or identifiable living person. |
|
Processing |
Means anything that is done to, or with, personal data (including obtaining, recording, holding, disclosing, transmitting, making available, using or deleting those data). |
|
Special categories of personal data |
Means (as per Art. 9 GDPR) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. |
|
Standard contractual clauses
|
Are a set of contractual provisions that are recognised and approved by the European Commission on the basis of Article 26(4) of Directive 95/46/EC (decision 2004/915/EC) as offering appropriate safeguards for transfers of personal data outside the European Economic Area. Standard contractual clauses adopted in accordance with Article 93(2) of the GDPR shall supersede any standard contractual clauses adopted on the basis of Article 26(4) of Directive 95/46/EC to the extent that such clauses intend to cover the same kind of data transfer relationship as the prior clauses. |
|
Supervisory authority |
Means an independent public authority which is established pursuant to Art. 51 GDPR. |
|
Third country |
Means a country which is not a member of the European Union or the European Economic Area, or which does not benefit from an “adequacy decision” by the European Commission. |