Énoncé de confidentialité

Politique de collecte, d'utilisation et de communication des renseignements personnels de Gowling WLG Canada (« Politique de confidentialité »)

Gowling WLG (Canada) S.E.N.C.R.L., s.r.l. (« Gowling WLG Canada », « nous », « notre » et « nos ») est une entité indépendante. La présente est la politique de confidentialité de Gowling WLG Canada qui décrit comment nous traitons les renseignements personnels. D'autres entités de Gowling WLG Canada sont présentes dans différents pays et possèdent des politiques de confidentialité distinctes qui expliquent leurs pratiques spécifiques en la matière. Veuillez cliquer ici pour plus d'information.

Conformément à nos obligations en tant que professionnels du droit, nous avons le mandat d'assurer de façon rigoureuse la confidentialité et la sécurité des renseignements qui nous sont confiés. Gowling WLG Canada adhère à certains principes de protection de la confidentialité pour protéger les renseignements personnels qui nous sont confiés.

La présente politique de confidentialité vous indique comment nous recueillons les renseignements personnels à votre sujet, comment nous les utilisons et dans quelles circonstances nous les communiquons.

Renseignements personnels

Aux fins de la présente politique de confidentialité, par « renseignements personnels » on entend tous les renseignements sur une personne identifiable ou permettant d'identifier une personne, fournis à Gowling WLG Canada ou collectés par cette dernière. Cette politique de confidentialité s'applique, peu importe comment ces derniers sont enregistrés (par voie électronique ou sur document papier, par exemple). La présente politique ne s'applique pas aux renseignements qui portent sur plus d'une personne lorsque l'identité de ces personnes est inconnue et ne peut être inférée de ces renseignements (l'« ensemble des renseignements »). Gowling WLG Canada se réserve le droit d'utiliser l'ensemble des renseignements de quelque façon qu'elle estime appropriée. Cette politique de confidentialité ne s'applique pas non plus aux renseignements au sujet de sociétés ou d'autres entités juridiques.

Responsabilisation

Gowling WLG Canada prend la protection des renseignements personnels très au sérieux. Nos obligations à titre de professionnels du droit sont définies, en partie, par les règles d'éthique professionnelle qui imposent des devoirs et des obligations relatifs à la protection des renseignements personnels fournis par les clients à Gowling WLG Canada. Ces obligations s'appliquent à tous les professionnels, membres du cabinet, autres employés, agents contractuels et mandataires qui fournissent des services relatifs à notre prestation de services juridiques ou autres services à nos clients.

Quels types de renseignements font l'objet d'une collecte?

Nous pouvons recueillir des renseignements personnels : (1) aux fins de déterminer si Gowling WLG Canada s'engage ou non à établir une relation professionnelle, ou 2) dans le cours d'une relation professionnelle, ou (3) lorsque nous recueillons des renseignements personnels, par exemple, lorsque vous nous fournissez des renseignements à votre sujet, ou au sujet d'un tiers associé à votre besoin d'obtenir des services juridiques. Ces renseignements dont nous disposons sont tenus strictement confidentiels et ne sont divulgués à quiconque, sauf avec l'autorisation expresse ou implicite de la personne ou de l'organisation concernée ou  lorsqu'il est, ou tel qu'il est, requis ou permis par la loi applicable.

Dans le cadre de notre relation avec vous, Gowling WLG Canada devra collecter, utiliser, et parfois divulguer, différents types de renseignements personnels à diverses fins relativement aux services que nous fournissons selon les directives fournies par vous ou votre organisation. Étant donné la nature de nos services, il est impossible de dresser la liste de tous les types de renseignements personnels pouvant être collectés, utilisés ou divulgués. Cependant, les renseignements personnels que nous collectons peuvent comprendre :

• votre nom complet;
• vos coordonnées, comme votre adresse, votre numéro de téléphone, votre adresse courriel, ou vos titres professionnels;
• des renseignements permettant d'établir votre identité;
• des renseignements relatifs à vos exigences juridiques, situations, et intérêts;
• la question à savoir si vous vous êtes abonné ou désabonné à l'une ou l'autre de nos listes d'envoi ou avez accepté toute invitation de notre part;
• des renseignements relatifs à votre organisation ou autres organisations, y compris de l'information relative aux administrateurs, aux directeurs ou employés de nos clients ou autres parties, témoins, bénéficiaires, parties adverses, parties liées, parties en cause, partenaires d'affaires, investisseurs, actionnaires, détenteurs de titres, acheteurs, vendeurs, partenaires d'affaires, et clients des clients;
• des renseignements quant à vos préférences, notamment, si vous assistez à l'un de nos événements et que nous recueillons des données sur vos préférences alimentaires;
• vos renseignements de paiement; et
• tout autre renseignement personnel que vous nous fournissez volontairement.

Dans certains cas, nous recueillons des renseignements personnels auprès de tiers tels que des clients à qui nous fournissons des services juridiques, des autorités juridiques et de réglementation, d'autres organismes avec lesquels nous traitons (ou vous traitez), tels que des organismes gouvernementaux, des agences d'évaluation de crédit, des agences de recrutement, des fournisseurs de services ou de renseignements, et auprès d'autres registres accessibles à tous. Nous pouvons également recueillir des renseignements auprès de sources publiques dans le cadre d'une enquête ou de procédures relatives aux services juridiques que nous fournissons à l'un de nos clients. 

Comment utilisons-nous et divulguons-nous les renseignements personnels?

Gowling WLG Canada utilise et divulgue des renseignements personnels aux fins établies dans la présente politique. En aucun cas Gowling WLG Canada ne vend les renseignements personnels qu'elle a obtenus.

Gowling WLG Canada peut utiliser et divulguer des renseignements personnels aux fins suivantes :

• L'établissement de votre identité et la conformité relativement aux critères « Connaître son client », aux mesures de lutte contre le blanchiment d'argent et aux autres obligations juridiques. Pour ce faire, il se peut que vous deviez fournir vos nom, adresse, renseignements relatifs à votre emploi/activités d'affaires et autres formes d'identification prescrites par la loi;
• La facturation : laquelle comprend la collecte, l'utilisation et la divulgation de noms, adresses, détails bancaires ou financiers et/ou de paiement;
• La prestation et l'élaboration de services/produits, dont la prestation de conseils juridiques ou l'intervention dans des cas de litige, d'arbitrage ou d'autres procédures juridiques, qui comprennent tout renseignement personnel nécessaire afin de fournir les services que vous ou votre organisation avez demandés;
• L'analytique : il est possible que nous utilisions aussi et analysions les renseignements personnels qui nous sont fournis en vue de vous offrir des services ou produits additionnels, de même que pour effectuer le suivi et la gestion de vos préférences en matière de consentement, de réservations de places à des événements ainsi que de requêtes de désabonnement. Vous pouvez, en tout temps, aviser une entité Gowling WLG Canada que vous ne souhaitez pas recevoir d'information de notre part;
• La tenue d'archives internes et l'analyse ainsi que la gestion de la prestation de nos services juridiques;
• La réponse à vos questions, ou la fourniture de renseignements ou de documents que vous souhaitez obtenir;
• Aux fins d'études de marché;
• Le marketing de nos propres produits et services à votre intention par courriel ou autres moyens si vous êtes abonné à l'une de nos listes d'envoi;
• Pour veiller à ce que vos renseignements et préférences soient exacts. Par exemple, de temps à autre, il se pourrait que nous vous demandions (par courriel ou autre moyen) de vérifier vos coordonnées et préférences de listes d'envoi et de les mettre à jour, le cas échéant;
• Le respect de nos normes professionnelles et de qualité élevée, et l'obtention et la conservation de nos accréditations et agréments qui peuvent impliquer des vérifications de nos processus internes;
• Afin de respecter les exigences réglementaires, notamment pour mener des analyses de conflits d'intérêts avant tout mandat et ériger des barrières pour limiter l'accès à certains renseignements;
• Afin de nous permettre, ou de permettre à nos clients, d'intenter certains recours ou de limiter les dommages que nous pourrions subir, ou que nos clients pourraient subir;
• Afin de détecter et d'aider à prévenir la fraude ou toute autre activité illicite;
• Pour satisfaire à nos exigences en matière d'assurance;
• Pour satisfaire aux exigences de sécurité et pour la prévention du crime; par exemple, il se peut que des caméras de vidéosurveillance soient installées dans nos locaux et que des données soient saisies par ces caméras à des fins de sécurité;
• Toute fin permise ou requise par la loi; et
• Afin de mener à bien tout autre objectif qui vous sera divulgué et auquel vous aurez consenti.

Les messages courriel de marketing envoyés par Gowling WLG Canada vous donneront l'occasion de mettre à jour vos coordonnées et préférences de listes d'envoi ou de vous désabonner complètement de nos listes d'envoi. Veuillez noter que Gowling WLG (UK) LLP et ses affiliés, ainsi que Gowling WLG (Canada) S.E.N.C.R.L., s.r.l. sont des entités distinctes et que leurs listes d'envoi sont distinctes également.

Si vous ne souhaitez plus recevoir de courriels marketing de Gowling WLG Canada, veuillez suivre le lien pour vous désabonner figurant dans nos messages courriel de marketing. Vous pouvez également communiquer avec nous au moyen des coordonnées ci-dessous pour nous demander de mettre à jour vos préférences ou vous désabonner de toute liste marketing.

Gowling WLG Canada peut partager des renseignements personnels avec d'autres entités du groupe Gowling WLG aux fins établies dans la présente politique. Pour en savoir davantage sur les autres entités de Gowling WLG, consultez la page Information juridique.

Gowling WLG Canada permet à certains fournisseurs tiers autorisés d'effectuer le suivi et de conserver certains renseignements relativement aux visiteurs de nos sites Web (y compris des noms de domaine, des adresses IP et des pages vues, comme décrit ci-dessous).

Gowling WLG Canada peut également divulguer des renseignements personnels à des organisations qui effectuent des services pour nous. Nous fournirons uniquement des renseignements personnels à de telles organisations si elles conviennent par contrat d'assurer une protection appropriée pour ces renseignements.

Les renseignements personnels peuvent aussi être assujettis à un transfert vers une autre organisation dans le cadre d'une transaction commerciale comme une fusion ou un changement de propriété. Cela ne surviendra que si les parties ont conclu une entente aux termes de laquelle la collecte, l'utilisation et la divulgation des renseignements se limitent aux fins liées à la transaction commerciale, y compris la détermination de la question de donner suite ou non à la transaction commerciale et à savoir s'ils sont utilisés par les parties pour mener et conclure ladite transaction commerciale.

Enfin, il se peut que nous divulguions vos renseignements personnels à toute autre fin à laquelle vous donnez votre consentement.

Limites relatives à la collecte, à l'utilisation, à la divulgation et à la conservation de renseignements personnels

Gowling WLG Canada peut collecter des renseignements personnels sous diverses formes (par exemple, copie papier ou électronique, télécopie, conversations ou enregistrements téléphoniques, courriels, etc.), mais ne le fera que par des moyens licites et uniquement aux fins nécessaires qui vous ont été divulguées, comme décrit dans la présente politique, ou permis ou requis par la loi applicable.

Les renseignements personnels collectés sous n'importe quelle forme par Gowling WLG Canada ne sont conservés que le temps nécessaire : a) aux fins pour lesquelles ils ont été recueillis, tel que décrit dans la présente politique; b) à des fins légitimes; ou c) pour répondre à toute question qui pourrait survenir ultérieurement. Lorsque les renseignements personnels recueillis ne sont plus requis pour ces fins telles que décrites, Gowling WLG Canada dispose des procédures nécessaires sécuritaires à la destruction, la suppression, l'effacement ou la conversion de ceux-ci sous une forme anonyme.

Nos sites Web et les fichiers témoins

En règle générale, vous pouvez naviguer sur nos sites Web sans nous fournir de renseignements personnels. Si vous êtes l'un de nos visiteurs anonymes, sachez que nous pouvons tout de même conserver certaines données analytiques comme il est établi dans la présente section.

Gowling WLG Canada peut utiliser des fichiers témoins, des balises Internet ou des pixels invisibles, des fichiers journal et autres technologies pour collecter certains renseignements personnels relatifs aux visiteurs sur nos sites Web, ainsi que sur les destinataires de nos bulletins, invitations et autres communications. Cliquer ici pour en savoir plus au sujet de la politique de Gowling WLG Canada sur les fichiers témoins.

Lorsque vous visitez nos sites Web, nous pouvons recueillir des renseignements au sujet de votre visite dont votre adresse IP, votre région géographique (telle que déterminée par votre adresse IP), les données sur votre parcours de navigation sur notre site Web, la date et l'heure de votre visite, des renseignements sur votre appareil et sur votre réseau, tel que le navigateur dont vous vous servez et sa configuration, votre vitesse de connexion, les pages que vous consultez ou recherchez sur notre site Web, les liens que vous cliquez, ce que vous téléchargez, le temps de réponse de nos pages, tout téléchargement ou autres erreurs, la durée de votre visite, et si les courriels que nous vous envoyons sont ouverts.

Nous pouvons utiliser ces renseignements afin d'améliorer la fonctionnalité de notre site Web ou de personnaliser le contenu que nous pourrions vous envoyer ou vous montrer, ou encore à des fins d'analyse pour comprendre comment les internautes interagissent avec notre site Web, nos messages et les renseignements qui y sont fournis.

Consentement

Le fait que vous fournissiez à Gowling WLG Canada des renseignements personnels signifie que vous acceptez et consentez à la collecte, l'utilisation et la communication par Gowling WLG Canada de vos renseignements personnels, conformément à la présente politique de confidentialité. Si vous n'êtes pas d'accord avec ces conditions, merci de ne pas nous fournir de renseignements personnels vous concernant. Toutefois, bien que la décision de nous fournir certains renseignements personnels vous revienne, certains services ne peuvent être offerts que si vous nous les fournissez et, dans le cas contraire, il se peut que nous ne puissions pas vous offrir certains services si ces renseignements sont nécessaires.

Il est possible d'accorder son consentement de différentes manières comme : a) en signant expressément un document, ou en donnant son consentement par voie électronique ou verbalement; ou b) implicitement en fournissant les renseignements personnels volontairement.

Il peut y avoir des circonstances où vous avez fourni des renseignements personnels à une fin en particulier, et ultérieurement Gowling WLG Canada a besoin d'utiliser ces renseignements pour une fin différente. Dans ces cas, Gowling WLG Canada vous demandera votre consentement afin d'utiliser les renseignements pour la fin différente, à moins que la loi requière ou nous permette d'utiliser ces renseignements pour cette fin différente.

Prenez note que certaines circonstances pourraient justifier ou permettre la collecte, l'utilisation ou la communication de renseignements personnels sans consentement préalable, ou lorsque Gowling WLG Canada est en mesure ou est obligée de les communiquer sans consentement aux termes des lois applicables.

Vous pouvez en tout temps révoquer votre consentement à la collecte, l'utilisation et la divulgation de vos renseignements personnels. Toutefois, une telle révocation pourrait nous empêcher de vous fournir des services ou produits; dans ces circonstances, nous discuterons avec vous du motif pour lequel nous avons besoin de vos renseignements personnels et de la raison pour laquelle la révocation de votre consentement affecte notre capacité à vous fournir des services ou produits.

Conservation ou sécurité

Gowling WLG Canada a pris des mesures pour garantir la sécurité des renseignements personnels sur les plans tant physique et technique que procédural.

Les principaux endroits où Gowling WLG Canada conserve actuellement des renseignements personnels sont les villes dans lesquelles Gowling WLG Canada possède des bureaux ou des installations et dans des municipalités voisines où des entrepôts hors site peuvent être situés. L'accès à cesdits renseignements est accordé aux personnes qui doivent connaître ces renseignements afin que Gowling WLG Canada puisse fournir ses services.

Les renseignements personnels peuvent être conservés à l'extérieur du territoire ou pays dans lequel vous vivez, si un tiers fournisseur ou une autre entité à qui nous divulguons des renseignements personnels conformément à la présente politique est situé à l'extérieur de ce pays ou territoire. Dans de tels cas, les renseignements personnels peuvent être assujettis aux lois locales des pays ou territoires au sein desquels les renseignements sont collectés, utilisés, divulgués ou entreposés, et les autorités gouvernementales et les autorités chargées de l'application de la loi de ces pays ou territoires peuvent y avoir accès.

Exactitude et accès

Gowling WLG Canada s'efforce d'assurer que tous les renseignements personnels fournis par le cabinet et en sa possession sont aussi exacts, actuels et complets que nécessaire pour les fins pour lesquelles Gowling WLG Canada les utilise.

Vous avez le droit de demander accès à vos renseignements personnels et de demander une correction si ces derniers sont inexacts. Le cas échéant, si vous croyez que vos renseignements personnels sont inexacts ou si vous souhaitez avoir accès à vos renseignements personnels, vous pouvez faire une demande en utilisant les coordonnées fournies ci-dessous.

Nous nous efforcerons de vous fournir un accès en temps opportun à vos renseignements personnels. Toutefois, nous pouvons vous demander de dûment vérifier votre identité avant de le faire. De plus, il peut y avoir des circonstances où nous ne pourrons vous y donner accès. Par exemple, nous ne vous y donnerons pas accès lorsque cette action peut mener à la divulgation de renseignements personnels d'une autre personne et que cette personne refuse de consentir à la divulgation des renseignements ou que les renseignements sont protégés par le secret professionnel ou autres restrictions juridiques. Les cas échéants, nous vous aviserons de la raison pour laquelle nous ne pouvons vous donner accès à vos renseignements personnels.

Modification de nos pratiques et de la présente politique de confidentialité

La présente politique de confidentialité entre en vigueur le 25 mai 2018. Gowling WLG Canada passera en revue et révisera périodiquement ses pratiques en matière de confidentialité et cette politique de confidentialité. Advenant toute modification, un avis approprié sera affiché sur notre site Web.

Votre accès ou votre utilisation continu de notre site Web ou la fourniture de vos renseignements personnels après toute modification constitue votre acceptation et votre consentement aux conditions de la présente politique telle qu'elle a été modifiée. Pour savoir quels sont les renseignements personnels que nous recueillons, comment nous les utilisons et avec qui nous pouvons les partager, veuillez examiner périodiquement la présente politique de confidentialité.

Pour nous joindre

Pour toute question, plainte ou préoccupation à l'égard de la présente politique de confidentialité ou tout renseignement personnel fourni à Gowling WLG Canada, ou si vous souhaitez :

• accéder à des renseignements personnels que vous avez déjà fournis afin de les corriger ou de les mettre à jour ou de demander leur suppression ou
• rapporter toute violation de la présente politique de confidentialité

vous pouvez communiquer avec le chef de la protection des renseignements personnels de Gowling WLG Canada, ou les professionnels de Gowling WLG Canada avec lesquels vous êtes en contact.

Vous pouvez communiquer avec le chef de la protection des renseignements personnels de Gowling WLG Canada par courriel à chiefprivacyofficer.ca@gowlingwlg.com ou par courrier postal à l'adresse :  

Gowling WLG (Canada) S.E.N.C.R.L., s.r.l.
1 First Canadian Place
100, rue King Ouest
Bureau 1600
Toronto (Ontario)
Canada M5X 1G5
À l'attention du chef de la protection des renseignements personnels

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with ISO27001 standards.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In China, The major general laws include:

• The Decision of the Standing Committee of the National People's Congress on Strengthening Network Information Protection.
• The Cybersecurity Law of the PRC
• The Consumer Rights and Interests Protection Law of the PRC

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our China office, please write to us at: Gowling WLG, Suites 3404 & 3405B, Teem Tower, 208 Tianhe Road, 510620, Guangzhou, China.

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to: racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint. We will also collect information that you share with us to help us understand your situation, your preferences and to represent your best interests when you instruct us/become a client of Gowling WLG (UK), or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first. For example, we will ask you for consent if you are attending one of our events and we collect data relating to your dietary requirements.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, recruitment agencies, information or service providers, and from publicly available records.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work and maintain internal records, which will include the collection of names, addresses, banking and/or financial details; to maintain and develop our relationship with you, to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of China

In the context of its global practice, Gowling WLG UK transfers personal data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside China.

Any transfer of your Personal Data from Gowling WLG UK entities in China to Gowling WLG UK entities in any country outside, will be subject to a mechanism that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights. Gowling WLG Canada has an affiliate with an office in Russia; to comply with European data protection law, it has appropriate arrangements for any transfers of your Personal Data to its Russian office.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

Gowling WLG is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. The firm aligns to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management. If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the CAC (Cyberspace Administration of China)

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with ISO27001 standards.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In Dubai, in the Dubai International Financial Centre (DIFC) (a free zone where our Dubai office is located), the DIFC Data Protection Law N°1 of 2007 and Data Protection Regulations apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our Dubai Office please write to us at Gowling WLG, Unit 2, Level 6, Currency House Office Building 1, The Gate District, Dubai International Financial Centre, PO Box 506503, Dubai, UAE or email reception.dubai@gowlingwlg.com or you may submit a complaint to the Commissioner of Data Protection.

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to:   racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint. We will also collect information that you share with us to help us understand your situation, your preferences and to represent your best interests when you instruct us/become a client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first. For example, we will ask you for consent if you are attending one of our events and we collect data relating to your dietary requirements.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, recruitment agencies, information or service providers, and from publicly available records.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work and maintain internal records, which will include the collection of names, addresses, banking and/or financial details; to maintain and develop our relationship with you, to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

If Necessary for the performance of a Task

If the processing is necessary for the performance of a task carried out in the interests of the DIFC, or in the exercise of the DIFCA, the DFSA, the Court and the Registrars' functions or powers vested in the Data Controller or in a Third Party to whom the data are disclosed.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your written consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the UAE Legal Affairs Department of the Ministry of Justice, the Dubai International Financial Centre Authorities (DIFCA) and the Dubai Financial Services Authority (DFSA) in the United Arab Emirates, the DIFC Registrar, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the DIFC

In the context of its global practice, Gowling WLG UK transfers personal data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the DIFC.

Any transfer of your Personal Data from Gowling WLG UK entities in the DIFC to Gowling WLG UK entities in any country outside, will be subject to a mechanism that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, and if necessary we will gather your written consent first.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information.

How we keep your data secure

Gowling WLG is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. The firm aligns to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management. If you have any particular concerns about your information, please contact us (see 'How to contact us' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Minimum Retention Period
Original Documentation	Permanently, or until returned to you
File documentation	Six years
CDD documentation	Six years after the end of the client relationship
Contracts with suppliers/third parties	Six years after expiry of contract
Complaints, correspondence and data relating to complaints	Six years following closure of the complaint
Professional negligence Claims, correspondence and data relating to PII claims	Six years following conclusion of the claim
Applications/CVs/interview records for jobs-unsuccessful	Twelve months after notifying unsuccessful candidates (unless we have obtained express consent from the candidate to hold for longer)

Your rights

If you are in the DIFC you have the right to:

• Access to and Rectification, Erasure or Blocking of Personal Data
  
  A Data Subject has the right to obtain from the Data Controller upon request, at reasonable intervals and without excessive delay or expense:
  • confirmation in writing as to whether or not Personal Data relating to him is being Processed and information at least as to the purposes of the Processing, the categories of Personal Data concerned, and the Recipients or categories of Recipients to whom the Personal Data are disclosed;
  • communication to him in an intelligible form of the Personal Data undergoing Processing and of any available information as to its source; and
  • as appropriate, the rectification, erasure or blocking of Personal Data the Processing of which does not comply with the provisions of the Law.
• Object at any time on reasonable grounds relating to your particular situation to the processing of your Personal Data; and
• To be informed before your Personal Data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object such disclosures or uses.

Complaints to the regulator:

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the Commissioner of Data Protection.

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with ISO27001 standards.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In France, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, and the Data Protection Act apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our Paris office, please write to us at Gowling WLG (France), AARPI, 38 Avenue de l'Opera 75002, Paris, France or you may submit a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL).

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings.  It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to:   racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including:   obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint. We will also collect information that you share with us to help us understand your situation, your preferences and to represent your best interests when you instruct us/become a client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first. For example, we will ask you for consent if you are attending one of our events and we collect data relating to your dietary requirements.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law.  At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, recruitment agencies, information or service providers, and from publicly available records.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work and maintain internal records, which will include the collection of names, addresses, banking and/or financial details; to maintain and develop our relationship with you, to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to  iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy  which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us  to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
• For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
• Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
• The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws.
• Legal claims
• We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the the Ordre des avcoats de Paris, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the EEA

In the context of its global practice, Gowling WLG UK transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Transfers from Gowling WLG UK entities in the EEA to Gowling WLG UK entities in any country outside the EEA that is not deemed to offer an adequate level protection according to the European Commission shall be governed by a data transfer agreement containing model clauses offering an adequate level protection according to the European Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, unless we inform you that another appropriate safeguard has been put in place.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights. Gowling WLG Canada has an affiliate with an office in Russia; to comply with the Data Protection Laws, it has appropriate arrangements in place for any transfers of your Personal Data to its Russian office.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

Gowling WLG is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. The firm aligns to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management.

If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Minimum Retention Period
Original Documentation	Permanently, or until returned to you
File documentation	Six to seven years in archives after the end of the client relationship or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
CDD documentation	From six to seven years after the end of the client relationship
Contracts with suppliers/third parties	From six to seven years in archives after expiry of contract or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Complaints, correspondence and data relating to complaints	From six to seven years in archives after closure of the complaint or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Professional negligence Claims, correspondence and data relating to PII claims	From six to seven years in archives after closure of the complaint or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Applications/CVs/interview records for jobs-unsuccessful	For the purposes of presenting further opportunities, the period for which we sought one's explicit consent or, in the absence of response, up to two years after the applicant's last contact For the purposes of defending ourselves against any discrimination action, from six to seven years in archives after notifying unsuccessful candidates or, in case of any pending litigating at the end of this period for which this data is relevant, after final settlement thereof.
Contact details of previous and potential clients for marketing purposes	Up to three years after the collection of the contact details for a potential client or the end of the client relationship for a previous client or, if later, the last contact from this person
Data relating to the exercise of the right of access, rectification or other	One to two years in archives after the response to the request or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Data relating to the exercise of the right of opposition	Six to seven years in archives after the response to the request or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

• the right of access to Personal Data relating to you;
• the right to correct any mistakes in your information;
• the right to ask us to stop contacting you with direct marketing;
• rights in relation to automated decision making; 
• the right to restrict or prevent your Personal Data being processed;
• the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider); and 
• the right to erasure.

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

• a copy;
• details of the purpose for which it is being or is to be processed;
• details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
• the period for which it is held (or the criteria we use to determine how long it is held);
• any information available about the source of that data; and
• whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like to do this, please:

• email, call or write to us (see "How to contact us")
• let us have enough information to identify you, and
• let us know the Personal Data that is incorrect and what it should be replaced with.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

• See "How can you contact us" above
• You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com

Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to prevent processing of personal data

You may request that we stop processing your personal data temporarily if:

• you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
• you have objected to processing because you believe that your interests should override our legitimate interests.

Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party

Right to erasure

You can ask us to erase your Personal Data where:

• you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
• if you had given us consent to process your Personal Data, you withdraw that consent and we cannot otherwise legally process your Personal Data;
• you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
• your Personal Data has been processed unlawfully or have not been erased when it should have been.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the Commission Nationale de l'Informatique et des Libertés (CNIL) www.cnil.fr

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with ISO27001 standards.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In Germany, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, and the Federal Data Protection Act 2017 apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our Munich office, please write to us at Gowling WLG, Prannerstrasse 15, 80333, Munich, Germany or you may submit a complaint to the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

If you wish to contact our Stuttgart office, please write to us at Gowling WLG, Stresemannstrasse 79, 70191, Stuttgart, Germany or you may submit a complaint to the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg.

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings.  It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to:   racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint. We will also collect information that you share with us to help us understand your situation, your preferences and to represent your best interests when you instruct us/become a client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first. For example, we will ask you for consent if you are attending one of our events and we collect data relating to your dietary requirements.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law.  At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, recruitment agencies, information or service providers, and from publicly available records.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work and maintain internal records, which will include the collection of names, addresses, banking and/or financial details; to maintain and develop our relationship with you, to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us  to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services.

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the EEA

In the context of its global practice, Gowling WLG UK transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Transfers from Gowling WLG UK entities in the EEA to Gowling WLG UK entities in any country outside the EEA that is not deemed to offer an adequate level protection according to the European Commission shall be governed by a data transfer agreement containing model clauses offering an adequate level protection according to the European Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, unless we inform you that another appropriate safeguard has been put in place.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights. Gowling WLG Canada has an affiliate with an office in Russia; to comply with the Data Protection Laws, it has appropriate arrangements in place for any transfers of your Personal Data to its Russian office.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

Gowling WLG is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. The firm aligns to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management. If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Retention Period
Job applications	Two months
Court litigation documents	Three years; up to 30 years
Trade or business letters received	Six years
Annual reports	10 years
Accounts and records	10 years

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

• the right of access to Personal Data relating to you;
• the right to correct any mistakes in your information;
• the right to ask us to stop contacting you with direct marketing;
• rights in relation to automated decision making; 
• the right to restrict or prevent your Personal Data being processed;
• the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider); and 
• the right to erasure.

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

• a copy;
• details of the purpose for which it is being or is to be processed;
• details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
• the period for which it is held (or the criteria we use to determine how long it is held);
• any information available about the source of that data; and
• whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like to do this, please:

• email, call or write to us (see "How to contact us")
• let us have enough information to identify you, and
• let us know the Personal Data that is incorrect and what it should be replaced with.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

• See "How can you contact us" above
• You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com.

Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to prevent processing of personal data

You may request that we stop processing your personal data temporarily if:

• you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
• you have objected to processing because you believe that your interests should override our legitimate interests.

Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to erasure

You can ask us to erase your Personal Data where:

• you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
• if you had given us consent to process your Personal Data, you withdraw that consent and we cannot otherwise legally process your Personal Data;
• you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
• your Personal Data has been processed unlawfully or have not been erased when it should have been.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

If you are in Munich: Contact the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) www.lda.bayern.de.

If you are in Stuttgart: Contact the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg at www.baden-wuerttemberg.datenschutz.de/ihr-weg-zu-uns.

Gowling WLG (International) Inc. Policy on the collection, use and disclosure of Personal Data

Gowling WLG maintains an office in Moscow to provide legal services in Russia. This office is separate from the rest of Gowling WLG and operates under the name Gowling WLG (International) Inc. ("Gowling WLG Russia"). This Privacy Policy describes how we handle Personal Data in Russia. Other Gowling WLG entities operate in different countries and have their own privacy policies.

As part of our professional obligations we are committed to maintaining high standards of confidentiality and security.

This Privacy Policy explains how we collect, use and disclose Personal Data.

Personal Data

In this Privacy Policy, "Personal Data" means any information about an identifiable individual, or an individual whose identity may be inferred or determined from the information. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs or voice recordings. It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). This Privacy Policy applies regardless of how Personal Data is recorded (for example, electronically, or on paper).

What Personal Data do we collect?

We collect Personal Data: (1) to help us to enter into a client-lawyer relationship will enter into a professional relationship; (2) during that relationship, or (3) when we otherwise collect Personal Data. In the course of a relationship with clients, for example, when an employer gives us information about employees. We hold this information in strict confidence. We do not reveal it to anyone unless expressly or implicitly authorized by the person or business concerned or where the law requires or permits.

In the course of our relationship with you, Gowling WLG Russia will need to collect, use, and sometimes disclose different types of Personal Data for various purposes associated with the services we provide as directed by you or your organization. Gowling WLG Russia focuses on assisting our clients with the protection of their intellectual property rights in Russia. In most cases, our collection, use and disclosure of Personal Data will be in this context. For example, we collect and use the names and business contact information of the representatives of our corporate clients, and we may be required to include the name of an inventor in a patent registration or application.

The Personal Data we collect may include:

• your full name;
• contact information, such as your address, telephone number, e-mail address, or job titles;
• information to help establish your identity;
• information regarding your legal requirements, situation, and interests;
• whether you have subscribed to, or unsubscribed from, any our mailing lists, or accepted any of our invitations;
• information regarding business and individuals connected with your business information regarding your preferences, for example, if you attend one of our events and we collect data relating to your dietary needs; and
• any other Personal Data that you voluntarily choose to provide to us.

In some cases, we collect Personal Data from third parties such as clients to whom we provide legal services, other Gowling WLG entities, including Gowling WLG (Canada) and Gowling WLG (UK), regulatory and legal authorities, other organizations with whom we or you have dealings, such as government agencies, information or service providers, and from publicly available records. We may also collect information from public sources when investigations or legal proceedings require.

How do we use and disclose Personal Data?

Gowling WLG Russia uses and discloses Personal Data for the purposes set out in this Privacy Policy. Under no circumstances will Gowling WLG Russia sells any Personal Data it has obtained.

Gowling WLG Russia may use and disclose Personal Data for the following purposes:

• Providing legal and other services and products as instructed by you, for example, we may be required to collect and disclose the name of an inventor in the context of a patent registration or application;
• Answering your queries and provide you with information or materials you have asked to receive;
• Carrying out administration, including establishing your identity and compliance with legal requirements, conducting conflict checks before we start work and to erect information barriers to restrict access to certain information; maintaining internal records, which will include the collection of names, addresses, banking or financial details to maintain and develop our relationship with you, to analyze and help us manage our practice, to maintain and update our records;
• Carrying out business development and marketing; marketing our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate.
• Tracking and managing your preferences, event reservations and any unsubscribe requests;
• Maintaining high standards of quality and professional standards, and to get certifications and accreditations which may involve audits of our internal processes;
• Managing Claims - taking any legal steps concerning claims involving clients or responding to any feedback or complaints;

Gowling WLG Russia may share Personal Data with other Gowling WLG group entities for the purposes set out in this Privacy Policy. You can learn more about other Gowling WLG entities by clicking here.

Gowling WLG Russia may also disclose Personal Data to organizations that perform services for us. Personal Data will only be provided to such organizations if they contractually commit to provide equivalent protection.

Lastly, we may disclose your Personal Data for any other purpose to which you consent.

Limiting collection, use, disclosure and retention of Personal Data

Gowling WLG Russia may collect Personal Data in many forms (for example, hard/soft copy, electronically, facsimile, telephone conversations/recordings, email, etc.), but will only do so by lawful means and only for necessary purposes that have been disclosed to you, are described in this Privacy Policy, or are permitted or required by applicable law.

Personal Data collected in any form will be retained by Gowling WLG Russia so long as it is required: a) for permitted purposes; b) to be retained by law; or c) to address any issues that may arise at a later date.

Consent

Your provision of Personal Data to Gowling WLG Russia means that you agree and consent to our collection, use and disclosure of your Personal Data under this Privacy Policy. If you do not agree with these terms, do not provide any Personal Data to us.

Consent may be given in different ways such as: a) expressly by signing a document or agreeing through electronic means; or b) implicitly by providing the Personal Data voluntarily.

Please note that there are circumstances where the collection, use and/or disclosure of Personal Data may be justified or permitted without consent, or where Gowling WLG Russia may or must disclose information without consent, in accordance with applicable law.

You have the right to revoke your consent to the collection, use and disclosure of your Personal Data at any time. However, revocation of your consent may prevent us from providing services or products to you; in such circumstances, we will discuss with you the reason we need your Personal Data and why the revocation of your consent affects our ability to provide our services or products to you.

Storage and security

Gowling WLG Russia has taken steps to maintain physical, procedural and technical security for Personal Data.

Personal Data may be stored outside of the jurisdiction in which you live, including in Canada, if a third party provider, Gowling WLG entity or other entity to whom we disclose Personal Data in accordance with this Privacy Policy is located outside of that jurisdiction. In such cases, Personal Data may be subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental and law enforcement authorities in those jurisdictions.

Accuracy and access

Gowling WLG Russia endeavours to ensure that any Personal Data provided and in its possession is as accurate, current and complete as necessary for the purposes for which we use that information.

You have a right to request access to your Personal Data and to request a correction to it if you believe it is inaccurate. In the event that you believe that your Personal Data is not accurate or you wish access to your Personal Data, you may make a request using the contact information provided below.

We endeavor to provide timely access to your Personal Data. However, we may require you to verify your identity to our satisfaction prior to doing so. Further, there may be circumstances where access cannot be granted. For example, we will not grant access where doing so would lead to the disclosure of Personal Data another individual and that individual refuses to provide consent to the disclosure, or where the information is subject to privilege or other legal restrictions. In such cases you will be notified of the reason why it is not possible to grant access to your Personal Data.

Amendment of our practices and this Privacy Policy

This Privacy Policy is in effect as of May 25 , 2018. Gowling WLG Russia will from time to time review and revise its privacy practices and this Privacy Policy. In the event of any amendment, an appropriate notice will be posted on our website.

Your continued access to and use of our website or provision of Personal Data to us after any such changes constitutes your acceptance of, and agreement to this Privacy Policy, as revised. Please periodically review this Privacy Policy so that you know what Personal Data we collect, how we use it, and with whom we may share it.

Contact us

If you have any questions, complaints or concerns regarding this Privacy Policy, any Personal Data you have submitted to Gowling WLG Russia, or if you would like to:

• access Personal Data that you have already provided so that you can correct or update it, or request that it be deleted, or
• report any violation of this Privacy Policy

You may contact Gowling WLG Russia by email at chiefprivacyofficer.ca@gowlingwlg.com, or by mail at:

Gowling WLG (International) Inc.
11 Gogolevsky Boulevard
Moscow
119019
Russia
ATTN: Chief Privacy Officer

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with our ISO27001 accreditation.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

We also have produced a video notice to tell you the relevant points of what we do with your personal data.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group.  Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In the UK, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, and the Data Protection Act 2018 apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our UK offices, please send an email to data.enquiry@gowlingwlg.com or write to us at Gowling WLG (UK) LLP, Two Snowhill, Birmingham, B4 6WR  or you may submit a complaint to the Information Commissioner's Office (ICO).

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings.  It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to:   racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint. We will also collect information that you share with us to help us understand your situation, your preferences and to represent your best interests when you instruct us/become a client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first. For example, we will ask you for consent if you are attending one of our events and we collect data relating to your dietary requirements.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In addition, where you give us personal data belonging to someone else, you must ensure that you have the necessary grounds, consents or authorisations to provide it to us. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law.  At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, recruitment agencies, information or service providers, and from publicly available records.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work and maintain internal records, which will include the collection of names, addresses, banking and/or financial details; to maintain and develop our relationship with you, to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to  iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us  to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the Solicitors Regulation Authority (SRA), HMRC, Health & Safety Executive and National Crime Agency (NCA) in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the EEA

In the context of its global practice, Gowling WLG UK transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Transfers from Gowling WLG UK entities in the EEA to Gowling WLG UK entities in any country outside the EEA that is not deemed to offer an adequate level protection according to the European Commission shall be governed by a data transfer agreement containing model clauses offering an adequate level protection according to the European Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, unless we inform you that another appropriate safeguard has been put in place.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights. Gowling WLG Canada has an affiliate with an office in Russia; to comply with the Data Protection Laws, it has appropriate arrangements in place for any transfers of your Personal Data to the Russian office.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

We have robust information security management systems in place to protect your personal information and are ISO27001 accredited. ISO27001 is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management.

If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Minimum Retention Period
Original Documentation	Permanently, or until returned to you
File documentation	Six years
CDD documentation	Six years after the end of the client relationship
Contracts with suppliers/third parties	Six years after expiry of contract
Complaints, correspondence and data relating to complaints	Six years following closure of the complaint
Professional negligence Claims, correspondence and data relating to PII claims	Six years following conclusion of the claim
Applications/CVs/interview records for jobs-unsuccessful	Twelve months after notifying unsuccessful candidates (unless we have obtained express consent from the candidate to hold for longer)

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

• the right of access to Personal Data relating to you;
• the right to correct any mistakes in your information;
• the right to ask us to stop contacting you with direct marketing;
• rights in relation to automated decision making; 
• the right to restrict or prevent your Personal Data being processed;
• the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider); and 
• the right to erasure.

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

• a copy;
• details of the purpose for which it is being or is to be processed;
• details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
• the period for which it is held (or the criteria we use to determine how long it is held);
• any information available about the source of that data; and
• whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like to do this, please:

• email, call or write to us (see "How to contact us")
• let us have enough information to identify you, and
• let us know the Personal Data that is incorrect and what it should be replaced with.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

• See "How can you contact us" above
• You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com.

Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to prevent processing of personal data

You may request that we stop processing your personal data temporarily if:

• you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
• you have objected to processing because you believe that your interests should override our legitimate interests.

Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to erasure

You can ask us to erase your Personal Data where:

• you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
• if you had given us consent to process your Personal Data, you withdraw that consent and we cannot otherwise legally process your Personal Data;
• you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
• your Personal Data has been processed unlawfully or have not been erased when it should have been.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the Information Commissioner's Office. Information about how to do this is available on his website at www.ico.org.uk.