Privacy statement

Our Privacy Promises

We at Gowling WLG offer legal services in a variety of countries around the world. As lawyers, we are strongly committed to respecting your rights and obeying the law - explaining your privacy and data protection rights is important to us.

In this statement, we explain generally how we protect your personal information.

Because privacy laws differ across the countries in which we have offices, we've included links to more detailed information on the different privacy laws in those countries.

Privacy and individuals

This statement is about the rights of individuals. While we are also committed to protecting information about companies and other businesses we act for, this policy isn't about them.

When we act for individual clients we need personal information to provide legal services. For example, if you ask us to help you draft a will, we need personal information about you and your family.

We may also get personal information about individuals when acting for businesses. For example, we protect trademarks and patents by registering them. We may need information about the individual creators to do that. We also often get information about employees when acting for businesses.

Our privacy commitments

  • We are accountable for the information you give us.
  • We will tell you why we need information when we ask for it
  • We will use your personal information only for that purpose, or as the law requires.
  • We do not sell your information.
  • We keep your information safe. We take security seriously.

If the work we are doing requires us to involve others - for example, other lawyers in another country or a different law firm - we may need to share your data with them.

But we will tell you - and ensure that they understand and respect your rights. They must also comply with local privacy laws  - which may be different from the law in your country.

We may also need to share your data with the courts or the government, if the law requires.

If you want to know what personal data we have about you, please ask us  - we will tell you unless the law prevents us doing so.

If you ask us for marketing material or attend an event, we will keep your contact information in a database so that we can contact you in the future. If you don't want this, please tell us and we will remove your name.

Please talk to us

A statement like this is only an overview of your rights and our commitments. You'll find more detail in the linked pages about privacy rights in the country where you live.

Our privacy staff will answer any questions you may have. You can contact them at chiefprivacyofficer@ca.gowlingwlg.com if you are in Canada, or data.enquiry@gowlingwlg.com if you are in the UK, Europe, UAE or Asia.

Privacy policy by country

Belgium

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients or our volunteering programme, or where you apply for a job or work placement with us or our clients, or provide us with services. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events, including webinars and other digital events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with our ISO27001 accreditation.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

We also have produced a video notice to tell you the relevant points of what we do with your personal data.

About us

Gowling WLG (UK) LLP is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In Belgium, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, applies.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

  • Your Rights
  • The personal data we collect about you and why we collect the data;
  • What we do with your data, and
  • Who your information will be shared with.
If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our Belgium office please write to us at The Library, Square Ambiorix 10, BE-1000,  Brussels, Belgium or you can contact our UK offices by sending an email to data.enquiry@gowlingwlg.com or write to us at Gowling WLG (UK) LLP, Two Snowhill, Birmingham B4 6WR. If you wish to submit a complaint to the Belgium Supervisory Authority: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium. http://www.privacycommission.be.

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal data

This means any information referring to an identified or identifiable natural person.

This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings.  It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive personal data or special categories of data

This means any personal data relating to:

  • racial or ethnic origin;
  • political opinions or affiliations ;
  • religious or philosophical beliefs or beliefs of a similar nature;
  • trade union membership;
  • physical or mental health or condition;
  • sexual life; genetic data;
  • or biometric data for the purpose of uniquely identifying you
Processing

This means any operations performed on personal data, including:

  • collecting, obtaining, recording, retrieving, reviewing, consulting, storing or holding it;
  • organising, adapting or altering it;
  • disclosing, transmitting, disseminating or otherwise making it available; and
  • aligning, blocking, restricting, erasing or destroying it.
Data subject This means the identified or identifiable natural  person to whom the Personal Data relates.
Supervisory authority The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data controller This means any person who alone or jointly with others determines the purposes and means of the processing of Personal Data.
Data processor This means any person who processes the Personal Data on behalf of the data controller.
Data protection laws This means the laws which govern the handling of data - the list of laws applicable to Belgium is listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

  • Identity and contact data; such as your name,
  • address,
  • phone number,
  • email address,
  • date of birth, company you work for and your position financial data; such as payment related information,
  • identification and background information provided by you or collected as part of our on-boarding process. We will process identification and background information as part of our onboarding process including anti-money laundering, conflict, reputational and financial checks, and to fulfil any other legal or regulatory requirements which apply to us.,
  • video images/photographs/audio; in connection with identification checks, CCTV, providing/receiving training, remote meetings,
  • location data; reception registration and/or visitor security pass where you attend our offices ie for legal services, insight day, consultancy support, an event or to provide IT support,
  • financial information ie. for billing purposes,
  • any other information relating to you or third parties which you give us so we may provide you with our service.

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, wish to attend, or have attended, one of our events or seminars, attend one of our voluntary programmes or raise any complaint, enquiry or information request with us.

We will also collect information that you share with us to help us understand your situation, your preferences and to represent your best interests when you instruct us/become a client of Gowling WLG (UK) LLP, or as a result of your relationship with one or more of our clients, where you supply us or our clients with services, or where you apply for work experience, insight scheme or a  job or work placement with us or our clients.

We will also collect personal data where you are representing your organisation for example as part of procurement or tender. Where you provide third party technical support we may process your data where you provide us with technical support remotely by connecting to our systems or services.

Special category personal data personal data

If we ask you to provide us with your special category personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary, we will ask you for your consent first.

You may provide us with yours or a third party's special category personal data where it is necessary in connection with services we provide, such as information about a person's physical or mental health, alleged criminal activities.

You may provide us with your special category personal data such as your health data to inform us of any dietary requirements or reasonable adjustments required where you are attending one of our offices or events.

We may need to process your special categories of personal data if processing is necessary to comply with laws that apply to us in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection or prosecution of any crime.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and have agreed that you can. In addition, where you give us personal data belonging to someone else, you must ensure that you have the necessary grounds, consents or authorisations to provide it to us. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Children's data

We do not provide services directly to children or proactively collect their personal information. However, we are sometimes given information about children where it is necessary in connection to legal services we provide to our clients or in connection with our Probono initiatives.

We may also process children's data in connection with our HR and CSR programmes such as our Insight scheme. Children's personal data processed in connection with our Insight Scheme is usually limited to name, contact details, school/college name and CV.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, financial institutions, recruitment agencies and other people connected to recruitment, information or service providers, introducers and referrers and from publicly available records.

We may obtain information about you from third parties in order to verify your identity, carry out anti-money laundering, anti-terrorism, sanctions screening and other background and credit checks. In performing these checks, personal information provided by you may be disclosed to that third party which may keep a record of that information. All information provided by you will be treated securely and strictly in accordance with the Data Protection Laws.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

  • Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
  • Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business and financial information, and/or other legally mandated forms of identification;
  • Carry out administration - Bill for our work, carry out searches and checks, maintain internal records, which will include the collection of names, addresses, banking, financial details and creditworthiness; to maintain and develop our relationship with you; to carry out recruitment activities if you are applying for a job or work placement with us or our clients; to analyse and help us manage our practice; to maintain and update our records.
  • Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and the legal services we provide and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
  • If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to iaadmin@gowlingwlg.com
  • Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
  • Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints that we may receive;
  • Keep people and buildings safe - to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
  • To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG (UK) LLP. For example, because you are using Gowling WLG (UK) LLP for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our ‘legitimate interests’ which are not overridden by your data protection interests or fundamental rights and freedoms. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

  • Client administration - to enable us to maintain internal records
  • To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information and to comply with all aspects of our regulatory obligations
  • To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
  • To permit us to pursue available remedies or limit any damages that we may sustain
  • To permit us to manage and respond to any complaints
  • To liaise with representatives of clients of corporates and other business clients
  • To market our services
  • To carry out recruitment and administer work experience and work placement activities

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Special Category Personal Data

In certain circumstances, we may process your special category personal data for the following reasons and subject to the following exceptions:

  • Consent
    For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
  • Vital Interests
    Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
  • Manifestly public personal data
    The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws. For example, we ask you to provide your dietary requirements when you attend an event at our offices. We consider that you have made this data manifestly public to our organisation to help us protect you and to ensure your health and safety. We will keep this information confidential and restrict it to only those who need to know.
  • Legal claims
    We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

  • Other Gowling WLG (UK) LLP offices, group entities, subsidiaries and affiliates, partnerships operating under the Gowling brand;
  • Third party service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
  • Third party service providers of certain business support tasks to Gowling WLG (UK) LLP including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, credit checking, archiving, recruitment agencies and storage;
  • Charities and organisations in connection with our volunteering programmes
  • External inspectors or auditors
  • Providers of business development and marketing support services, in order to provide event and marketing support;
  • Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the Solicitors Regulation Authority (SRA), HMRC, Health & Safety Executive and National Crime Agency (NCA). This may be (i) in the event that we are required to make a disclosure under various legislation and regulation; or (ii) where we have a legal, regulatory or professional obligation to do so; or (iii) where we are required to protect the safety or rights or our clients, staff or others; (iv) or to exercise, establish or defend our legal rights;
  • Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
  • Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
  • If you wish to know more about the parties with whom we share Personal Data, please contact us.
International transfers of data between our offices
Transfers of your information out of the UK and EEA

In the context of its global practice, Gowling WLG (UK) LLP and affiliated businesses or subsidiaries transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Where we transfer personal data outside the UK and EEA, to a country without adequacy regulation, we implement the EC and UK standard contractual clauses to require that personal data remains protected. We also implement EC and UK standard contractual clauses or an alternative transfer mechanism with our third party service providers and partners where there is an international transfer of personal data to a country without adequacy regulations. Any transfer of your personal data outside of the UK or EEA to a third party or another office of ours will be subject to appropriate data protection safeguards that protect your data privacy rights.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For UK and European data protection law purposes, the European Commission and the ICO considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

We have robust information security management systems in place to protect your personal information and are ISO27001 accredited. ISO27001 is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management.

If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data Minimum Retention Period
Original documentation Permanently, or until returned to you
File documentation Six years
CDD documentation Six years after the end of the client relationship
Contracts with suppliers/third parties Six years after expiry of contract
Complaints, correspondence and data relating to complaints Six years following closure of the complaint
Professional negligence Claims, correspondence and data relating to PII claims Six years following conclusion of the claim
Applications/CVs/interview records for jobs-unsuccessful 12 months after notifying unsuccessful candidates (unless we have obtained express consent from the candidate to hold for longer)

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

  • the right of access to Personal Data relating to you;
  • the right to correct or update any mistakes in your information;
  • the right to object to our processing of your personal data in certain circumstances such as where we are processing it for our legitimate interests
  • the right to ask us to stop contacting you with direct marketing (opt-out/unsubscribe);
  • rights in relation to know details of any automated decision making;  
  • the right to restrict or prevent your Personal Data being processed;
  • the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider);
  •  the right to withdraw your consent where we are processing your personal data based on consent ;
  • the right to erasure where you believe we have no good reason to continue processing it;
  • right to lodge a complaint with a data protection authority.

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

  • a copy of your personal data;
  • details of the purpose for which it is being or is to be processed;
  • details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
  • the period for which it is held (or the criteria we use to determine how long it is held);
  • any information available about the source of that data; and
  • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If your Personal Data is incomplete, you can ask us to complete it by adding more details. If you would like to do this, please:

  • email, call or write to us (see "How to contact us")
  • let us have enough information to identify you, and
  • let us know the Personal Data that is incorrect and what it should be replaced or supplemented with.
Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

  • See "How can you contact us" above
  • You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com.
Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to prevent processing of personal data

You may request that we stop or limit processing your personal data temporarily if:

  • you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful but you do not want us to erase your Personal Data;
  • we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.
Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to erasure

You can ask us to erase your Personal Data where:

  • you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
  • if you had given us consent to process your Personal Data, you withdraw that consent and we cannot otherwise legally process your Personal Data;
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • your Personal Data has been processed unlawfully or have not been erased when it should have been.
Right to withdraw consent

The circumstances in which we rely on consent are minimal but if the lawful basis for processing is based upon the provision of your consent, you are able to withdraw your previously given consent to the processing of the Personal Data at any time without giving reasons.

If you want to withdraw your consent:

  • contact us by email, telephone or in writing (see "How can you contact us" above)
  • give us enough information so that we can identify you and if necessary, let us know which consent you would like to withdraw.
Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium. http://www.privacycommission.be.

February 2024

Canada

China

Dubai

France

Germany

UK