Énoncé de confidentialité

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement or provide us with services. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with our ISO27001 accreditation.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

We also have produced a video notice to tell you the relevant points of what we do with your personal data.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In Belgium, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, applies.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our UK offices, please send an email to data.enquiry@gowlingwlg.com or write to us at Gowling WLG (UK) LLP, Two Snowhill, Birmingham, B4 6WR or you may submit a complaint to the Information Commissioner's Office (ICO).

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings.  It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to: racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint.

We will also collect information that you share with us to help us understand your situation, your hobbies and preferences and to represent your best interests when you instruct us/become a contact or client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In addition, where you give us personal data belonging to someone else, you must ensure that you have the necessary grounds, consents or authorisations to provide it to us. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law.  At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, financial institutions, recruitment agencies and other people connected to recruitment, information or service providers, introducers and referrers and from publicly available records. 

We may obtain information about you from third parties in order to verify your identity, carry out anti-money laundering, anti-terrorism, sanctions screening and other background and credit checks. In performing these checks, personal information provided by you may be disclosed to that third party which may keep a record of that information.  All information provided by you will be treated securely and strictly in accordance with the Data Protection Laws.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work, carry out searches and checks,  and maintain internal records, which will include the collection of names, addresses, banking, and/or financial details and creditworthiness; to maintain and develop our relationship with you, to carry out recruitment activities if you are applying for a job or placement with us; to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and the legal services we provide and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to  iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us  to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services
• To carry out recruitment and administer work experience and work placement activities

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws. For example, we ask you to provide your dietary requirements when you attend an event at our offices. We consider that you have made this data manifestly public to our organisation to help us protect you and to ensure your health and safety. We will keep this information confidential and restrict it to only those who need to know.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, credit checking, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the Solicitors Regulation Authority (SRA), HMRC, Health & Safety Executive and National Crime Agency (NCA) in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the EEA

In the context of its global practice, Gowling WLG UK transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Transfers from Gowling WLG UK entities in the EEA to Gowling WLG UK entities in any country outside the EEA that is not deemed to offer an adequate level protection according to the European Commission shall be governed by a data transfer agreement containing model clauses offering an adequate level protection according to the European Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, unless we inform you that another appropriate safeguard has been put in place.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

We have robust information security management systems in place to protect your personal information and are ISO27001 accredited. ISO27001 is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management.

If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Minimum Retention Period
Original Documentation	Permanently, or until returned to you
File documentation	Six years
CDD documentation	Six years after the end of the client relationship
Contracts with suppliers/third parties	Six years after expiry of contract
Complaints, correspondence and data relating to complaints	Six years following closure of the complaint
Professional negligence Claims, correspondence and data relating to PII claims	Six years following conclusion of the claim
Applications/CVs/interview records for jobs-unsuccessful	Twelve months after notifying unsuccessful candidates (unless we have obtained express consent from the candidate to hold for longer)

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

• the right of access to Personal Data relating to you;
• the right to correct any mistakes in your information;
• the right to ask us to stop contacting you with direct marketing;
• rights in relation to automated decision making; 
• the right to restrict or prevent your Personal Data being processed;
• the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider); and 
• the right to erasure.

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

• a copy;
• details of the purpose for which it is being or is to be processed;
• details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
• the period for which it is held (or the criteria we use to determine how long it is held);
• any information available about the source of that data; and
• whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like to do this, please:

• email, call or write to us (see "How to contact us")
• let us have enough information to identify you, and
• let us know the Personal Data that is incorrect and what it should be replaced with.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

• See "How can you contact us" above
• You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com.

Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to prevent processing of personal data

You may request that we stop processing your personal data temporarily if:

• you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
• you have objected to processing because you believe that your interests should override our legitimate interests.

Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to erasure

You can ask us to erase your Personal Data where:

• you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
• if you had given us consent to process your Personal Data, you withdraw that consent and we cannot otherwise legally process your Personal Data;
• you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
• your Personal Data has been processed unlawfully or have not been erased when it should have been.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium. http://www.privacycommission.be.

November 2019

Politique de collecte, d'utilisation et de communication des renseignements personnels de Gowling WLG Canada (« Politique de confidentialité »)

Gowling WLG (Canada) S.E.N.C.R.L., s.r.l. (« Gowling WLG Canada », « nous », « notre » et « nos ») est une entité indépendante. La présente est la politique de confidentialité de Gowling WLG Canada qui décrit comment nous traitons les renseignements personnels. D'autres entités de Gowling WLG Canada sont présentes dans différents pays et possèdent des politiques de confidentialité distinctes qui expliquent leurs pratiques spécifiques en la matière. Veuillez cliquer ici pour plus d'information.

Conformément à nos obligations en tant que professionnels du droit, nous avons le mandat d'assurer de façon rigoureuse la confidentialité et la sécurité des renseignements qui nous sont confiés. Gowling WLG Canada adhère à certains principes de protection de la confidentialité pour protéger les renseignements personnels qui nous sont confiés.

La présente politique de confidentialité vous indique comment nous recueillons les renseignements personnels à votre sujet, comment nous les utilisons et dans quelles circonstances nous les communiquons.

Renseignements personnels

Aux fins de la présente politique de confidentialité, par « renseignements personnels » on entend tous les renseignements sur une personne identifiable ou permettant d'identifier une personne, fournis à Gowling WLG Canada ou collectés par cette dernière. Cette politique de confidentialité s'applique, peu importe comment ces derniers sont enregistrés (par voie électronique ou sur document papier, par exemple). La présente politique ne s'applique pas aux renseignements qui portent sur plus d'une personne lorsque l'identité de ces personnes est inconnue et ne peut être inférée de ces renseignements (l'« ensemble des renseignements »). Gowling WLG Canada se réserve le droit d'utiliser l'ensemble des renseignements de quelque façon qu'elle estime appropriée. Cette politique de confidentialité ne s'applique pas non plus aux renseignements au sujet de sociétés ou d'autres entités juridiques.

Responsabilisation

Gowling WLG Canada prend la protection des renseignements personnels très au sérieux. Nos obligations à titre de professionnels du droit sont définies, en partie, par les règles d'éthique professionnelle qui imposent des devoirs et des obligations relatifs à la protection des renseignements personnels fournis par les clients à Gowling WLG Canada. Ces obligations s'appliquent à tous les professionnels, membres du cabinet, autres employés, agents contractuels et mandataires qui fournissent des services relatifs à notre prestation de services juridiques ou autres services à nos clients.

Quels types de renseignements font l'objet d'une collecte?

Nous pouvons recueillir des renseignements personnels : (1) aux fins de déterminer si Gowling WLG Canada s'engage ou non à établir une relation professionnelle, ou 2) dans le cours d'une relation professionnelle, ou (3) lorsque nous recueillons des renseignements personnels, par exemple, lorsque vous nous fournissez des renseignements à votre sujet, ou au sujet d'un tiers associé à votre besoin d'obtenir des services juridiques. Ces renseignements dont nous disposons sont tenus strictement confidentiels et ne sont divulgués à quiconque, sauf avec l'autorisation expresse ou implicite de la personne ou de l'organisation concernée ou  lorsqu'il est, ou tel qu'il est, requis ou permis par la loi applicable.

Dans le cadre de notre relation avec vous, Gowling WLG Canada devra collecter, utiliser, et parfois divulguer, différents types de renseignements personnels à diverses fins relativement aux services que nous fournissons selon les directives fournies par vous ou votre organisation. Étant donné la nature de nos services, il est impossible de dresser la liste de tous les types de renseignements personnels pouvant être collectés, utilisés ou divulgués. Cependant, les renseignements personnels que nous collectons peuvent comprendre :

• votre nom complet;
• vos coordonnées, comme votre adresse, votre numéro de téléphone, votre adresse courriel, ou vos titres professionnels;
• des renseignements permettant d'établir votre identité;
• des renseignements relatifs à vos exigences juridiques, situations, et intérêts;
• la question à savoir si vous vous êtes abonné ou désabonné à l'une ou l'autre de nos listes d'envoi ou avez accepté toute invitation de notre part;
• des renseignements relatifs à votre organisation ou autres organisations, y compris de l'information relative aux administrateurs, aux directeurs ou employés de nos clients ou autres parties, témoins, bénéficiaires, parties adverses, parties liées, parties en cause, partenaires d'affaires, investisseurs, actionnaires, détenteurs de titres, acheteurs, vendeurs, partenaires d'affaires, et clients des clients;
• des renseignements quant à vos préférences, notamment, si vous assistez à l'un de nos événements et que nous recueillons des données sur vos préférences alimentaires;
• vos renseignements de paiement; et
• tout autre renseignement personnel que vous nous fournissez volontairement.

Dans certains cas, nous recueillons des renseignements personnels auprès de tiers tels que des clients à qui nous fournissons des services juridiques, des autorités juridiques et de réglementation, d'autres organismes avec lesquels nous traitons (ou vous traitez), tels que des organismes gouvernementaux, des agences d'évaluation de crédit, des agences de recrutement, des fournisseurs de services ou de renseignements, et auprès d'autres registres accessibles à tous. Nous pouvons également recueillir des renseignements auprès de sources publiques dans le cadre d'une enquête ou de procédures relatives aux services juridiques que nous fournissons à l'un de nos clients. 

Comment utilisons-nous et divulguons-nous les renseignements personnels?

Gowling WLG Canada utilise et divulgue des renseignements personnels aux fins établies dans la présente politique. En aucun cas Gowling WLG Canada ne vend les renseignements personnels qu'elle a obtenus.

Gowling WLG Canada peut utiliser et divulguer des renseignements personnels aux fins suivantes :

• L'établissement de votre identité et la conformité relativement aux critères « Connaître son client », aux mesures de lutte contre le blanchiment d'argent et aux autres obligations juridiques. Pour ce faire, il se peut que vous deviez fournir vos nom, adresse, renseignements relatifs à votre emploi/activités d'affaires et autres formes d'identification prescrites par la loi;
• La facturation : laquelle comprend la collecte, l'utilisation et la divulgation de noms, adresses, détails bancaires ou financiers et/ou de paiement;
• La prestation et l'élaboration de services/produits, dont la prestation de conseils juridiques ou l'intervention dans des cas de litige, d'arbitrage ou d'autres procédures juridiques, qui comprennent tout renseignement personnel nécessaire afin de fournir les services que vous ou votre organisation avez demandés;
• L'analytique : il est possible que nous utilisions aussi et analysions les renseignements personnels qui nous sont fournis en vue de vous offrir des services ou produits additionnels, de même que pour effectuer le suivi et la gestion de vos préférences en matière de consentement, de réservations de places à des événements ainsi que de requêtes de désabonnement. Vous pouvez, en tout temps, aviser une entité Gowling WLG Canada que vous ne souhaitez pas recevoir d'information de notre part;
• La tenue d'archives internes et l'analyse ainsi que la gestion de la prestation de nos services juridiques;
• La réponse à vos questions, ou la fourniture de renseignements ou de documents que vous souhaitez obtenir;
• Aux fins d'études de marché;
• Le marketing de nos propres produits et services à votre intention par courriel ou autres moyens si vous êtes abonné à l'une de nos listes d'envoi;
• Pour veiller à ce que vos renseignements et préférences soient exacts. Par exemple, de temps à autre, il se pourrait que nous vous demandions (par courriel ou autre moyen) de vérifier vos coordonnées et préférences de listes d'envoi et de les mettre à jour, le cas échéant;
• Le respect de nos normes professionnelles et de qualité élevée, et l'obtention et la conservation de nos accréditations et agréments qui peuvent impliquer des vérifications de nos processus internes;
• Afin de respecter les exigences réglementaires, notamment pour mener des analyses de conflits d'intérêts avant tout mandat et ériger des barrières pour limiter l'accès à certains renseignements;
• Afin de nous permettre, ou de permettre à nos clients, d'intenter certains recours ou de limiter les dommages que nous pourrions subir, ou que nos clients pourraient subir;
• Afin de détecter et d'aider à prévenir la fraude ou toute autre activité illicite;
• Pour satisfaire à nos exigences en matière d'assurance;
• Pour satisfaire aux exigences de sécurité et pour la prévention du crime; par exemple, il se peut que des caméras de vidéosurveillance soient installées dans nos locaux et que des données soient saisies par ces caméras à des fins de sécurité;
• Toute fin permise ou requise par la loi; et
• Afin de mener à bien tout autre objectif qui vous sera divulgué et auquel vous aurez consenti.

Les messages courriel de marketing envoyés par Gowling WLG Canada vous donneront l'occasion de mettre à jour vos coordonnées et préférences de listes d'envoi ou de vous désabonner complètement de nos listes d'envoi. Veuillez noter que Gowling WLG (UK) LLP et ses affiliés, ainsi que Gowling WLG (Canada) S.E.N.C.R.L., s.r.l. sont des entités distinctes et que leurs listes d'envoi sont distinctes également.

Si vous ne souhaitez plus recevoir de courriels marketing de Gowling WLG Canada, veuillez suivre le lien pour vous désabonner figurant dans nos messages courriel de marketing. Vous pouvez également communiquer avec nous au moyen des coordonnées ci-dessous pour nous demander de mettre à jour vos préférences ou vous désabonner de toute liste marketing.

Gowling WLG Canada peut partager des renseignements personnels avec d'autres entités du groupe Gowling WLG aux fins établies dans la présente politique. Pour en savoir davantage sur les autres entités de Gowling WLG, consultez la page Information juridique.

Gowling WLG Canada permet à certains fournisseurs tiers autorisés d'effectuer le suivi et de conserver certains renseignements relativement aux visiteurs de nos sites Web (y compris des noms de domaine, des adresses IP et des pages vues, comme décrit ci-dessous).

Gowling WLG Canada peut également divulguer des renseignements personnels à des organisations qui effectuent des services pour nous. Nous fournirons uniquement des renseignements personnels à de telles organisations si elles conviennent par contrat d'assurer une protection appropriée pour ces renseignements.

Les renseignements personnels peuvent aussi être assujettis à un transfert vers une autre organisation dans le cadre d'une transaction commerciale comme une fusion ou un changement de propriété. Cela ne surviendra que si les parties ont conclu une entente aux termes de laquelle la collecte, l'utilisation et la divulgation des renseignements se limitent aux fins liées à la transaction commerciale, y compris la détermination de la question de donner suite ou non à la transaction commerciale et à savoir s'ils sont utilisés par les parties pour mener et conclure ladite transaction commerciale.

Enfin, il se peut que nous divulguions vos renseignements personnels à toute autre fin à laquelle vous donnez votre consentement.

Limites relatives à la collecte, à l'utilisation, à la divulgation et à la conservation de renseignements personnels

Gowling WLG Canada peut collecter des renseignements personnels sous diverses formes (par exemple, copie papier ou électronique, télécopie, conversations ou enregistrements téléphoniques, courriels, etc.), mais ne le fera que par des moyens licites et uniquement aux fins nécessaires qui vous ont été divulguées, comme décrit dans la présente politique, ou permis ou requis par la loi applicable.

Les renseignements personnels collectés sous n'importe quelle forme par Gowling WLG Canada ne sont conservés que le temps nécessaire : a) aux fins pour lesquelles ils ont été recueillis, tel que décrit dans la présente politique; b) à des fins légitimes; ou c) pour répondre à toute question qui pourrait survenir ultérieurement. Lorsque les renseignements personnels recueillis ne sont plus requis pour ces fins telles que décrites, Gowling WLG Canada dispose des procédures nécessaires sécuritaires à la destruction, la suppression, l'effacement ou la conversion de ceux-ci sous une forme anonyme.

Nos sites Web et les fichiers témoins

En règle générale, vous pouvez naviguer sur nos sites Web sans nous fournir de renseignements personnels. Si vous êtes l'un de nos visiteurs anonymes, sachez que nous pouvons tout de même conserver certaines données analytiques comme il est établi dans la présente section.

Gowling WLG Canada peut utiliser des fichiers témoins, des balises Internet ou des pixels invisibles, des fichiers journal et autres technologies pour collecter certains renseignements personnels relatifs aux visiteurs sur nos sites Web, ainsi que sur les destinataires de nos bulletins, invitations et autres communications. Cliquer ici pour en savoir plus au sujet de la politique de Gowling WLG Canada sur les fichiers témoins.

Lorsque vous visitez nos sites Web, nous pouvons recueillir des renseignements au sujet de votre visite dont votre adresse IP, votre région géographique (telle que déterminée par votre adresse IP), les données sur votre parcours de navigation sur notre site Web, la date et l'heure de votre visite, des renseignements sur votre appareil et sur votre réseau, tel que le navigateur dont vous vous servez et sa configuration, votre vitesse de connexion, les pages que vous consultez ou recherchez sur notre site Web, les liens que vous cliquez, ce que vous téléchargez, le temps de réponse de nos pages, tout téléchargement ou autres erreurs, la durée de votre visite, et si les courriels que nous vous envoyons sont ouverts.

Nous pouvons utiliser ces renseignements afin d'améliorer la fonctionnalité de notre site Web ou de personnaliser le contenu que nous pourrions vous envoyer ou vous montrer, ou encore à des fins d'analyse pour comprendre comment les internautes interagissent avec notre site Web, nos messages et les renseignements qui y sont fournis.

Consentement

Le fait que vous fournissiez à Gowling WLG Canada des renseignements personnels signifie que vous acceptez et consentez à la collecte, l'utilisation et la communication par Gowling WLG Canada de vos renseignements personnels, conformément à la présente politique de confidentialité. Si vous n'êtes pas d'accord avec ces conditions, merci de ne pas nous fournir de renseignements personnels vous concernant. Toutefois, bien que la décision de nous fournir certains renseignements personnels vous revienne, certains services ne peuvent être offerts que si vous nous les fournissez et, dans le cas contraire, il se peut que nous ne puissions pas vous offrir certains services si ces renseignements sont nécessaires.

Il est possible d'accorder son consentement de différentes manières comme : a) en signant expressément un document, ou en donnant son consentement par voie électronique ou verbalement; ou b) implicitement en fournissant les renseignements personnels volontairement.

Il peut y avoir des circonstances où vous avez fourni des renseignements personnels à une fin en particulier, et ultérieurement Gowling WLG Canada a besoin d'utiliser ces renseignements pour une fin différente. Dans ces cas, Gowling WLG Canada vous demandera votre consentement afin d'utiliser les renseignements pour la fin différente, à moins que la loi requière ou nous permette d'utiliser ces renseignements pour cette fin différente.

Prenez note que certaines circonstances pourraient justifier ou permettre la collecte, l'utilisation ou la communication de renseignements personnels sans consentement préalable, ou lorsque Gowling WLG Canada est en mesure ou est obligée de les communiquer sans consentement aux termes des lois applicables.

Vous pouvez en tout temps révoquer votre consentement à la collecte, l'utilisation et la divulgation de vos renseignements personnels. Toutefois, une telle révocation pourrait nous empêcher de vous fournir des services ou produits; dans ces circonstances, nous discuterons avec vous du motif pour lequel nous avons besoin de vos renseignements personnels et de la raison pour laquelle la révocation de votre consentement affecte notre capacité à vous fournir des services ou produits.

Conservation ou sécurité

Gowling WLG Canada a pris des mesures pour garantir la sécurité des renseignements personnels sur les plans tant physique et technique que procédural.

Les principaux endroits où Gowling WLG Canada conserve actuellement des renseignements personnels sont les villes dans lesquelles Gowling WLG Canada possède des bureaux ou des installations et dans des municipalités voisines où des entrepôts hors site peuvent être situés. L'accès à cesdits renseignements est accordé aux personnes qui doivent connaître ces renseignements afin que Gowling WLG Canada puisse fournir ses services.

Les renseignements personnels peuvent être conservés à l'extérieur du territoire ou pays dans lequel vous vivez, si un tiers fournisseur ou une autre entité à qui nous divulguons des renseignements personnels conformément à la présente politique est situé à l'extérieur de ce pays ou territoire. Dans de tels cas, les renseignements personnels peuvent être assujettis aux lois locales des pays ou territoires au sein desquels les renseignements sont collectés, utilisés, divulgués ou entreposés, et les autorités gouvernementales et les autorités chargées de l'application de la loi de ces pays ou territoires peuvent y avoir accès.

Exactitude et accès

Gowling WLG Canada s'efforce d'assurer que tous les renseignements personnels fournis par le cabinet et en sa possession sont aussi exacts, actuels et complets que nécessaire pour les fins pour lesquelles Gowling WLG Canada les utilise.

Vous avez le droit de demander accès à vos renseignements personnels et de demander une correction si ces derniers sont inexacts. Le cas échéant, si vous croyez que vos renseignements personnels sont inexacts ou si vous souhaitez avoir accès à vos renseignements personnels, vous pouvez faire une demande en utilisant les coordonnées fournies ci-dessous.

Nous nous efforcerons de vous fournir un accès en temps opportun à vos renseignements personnels. Toutefois, nous pouvons vous demander de dûment vérifier votre identité avant de le faire. De plus, il peut y avoir des circonstances où nous ne pourrons vous y donner accès. Par exemple, nous ne vous y donnerons pas accès lorsque cette action peut mener à la divulgation de renseignements personnels d'une autre personne et que cette personne refuse de consentir à la divulgation des renseignements ou que les renseignements sont protégés par le secret professionnel ou autres restrictions juridiques. Les cas échéants, nous vous aviserons de la raison pour laquelle nous ne pouvons vous donner accès à vos renseignements personnels.

Modification de nos pratiques et de la présente politique de confidentialité

La présente politique de confidentialité entre en vigueur le 25 mai 2018. Gowling WLG Canada passera en revue et révisera périodiquement ses pratiques en matière de confidentialité et cette politique de confidentialité. Advenant toute modification, un avis approprié sera affiché sur notre site Web.

Votre accès ou votre utilisation continu de notre site Web ou la fourniture de vos renseignements personnels après toute modification constitue votre acceptation et votre consentement aux conditions de la présente politique telle qu'elle a été modifiée. Pour savoir quels sont les renseignements personnels que nous recueillons, comment nous les utilisons et avec qui nous pouvons les partager, veuillez examiner périodiquement la présente politique de confidentialité.

Pour nous joindre

Pour toute question, plainte ou préoccupation à l'égard de la présente politique de confidentialité ou tout renseignement personnel fourni à Gowling WLG Canada, ou si vous souhaitez :

• accéder à des renseignements personnels que vous avez déjà fournis afin de les corriger ou de les mettre à jour ou de demander leur suppression ou
• rapporter toute violation de la présente politique de confidentialité

vous pouvez communiquer avec le chef de la protection des renseignements personnels de Gowling WLG Canada, ou les professionnels de Gowling WLG Canada avec lesquels vous êtes en contact.

Vous pouvez communiquer avec le chef de la protection des renseignements personnels de Gowling WLG Canada par courriel à chiefprivacyofficer.ca@gowlingwlg.com ou par courrier postal à l'adresse :  

Gowling WLG (Canada) S.E.N.C.R.L., s.r.l.
1 First Canadian Place
100, rue King Ouest
Bureau 1600
Toronto (Ontario)
Canada M5X 1G5
À l'attention du chef de la protection des renseignements personnels

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement or provide us with services. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with ISO27001 standards.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In China, the major general laws include:

• The Decision of the Standing Committee of the National People's Congress on Strengthening Network Information Protection.
• The Cybersecurity Law of the PRC
• The Consumer Rights and Interests Protection Law of the PRC

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our China office, please write to us at: Gowling WLG, Suites 3404 & 3405B, Teem Tower, 208 Tianhe Road, 510620, Guangzhou, China.

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to: racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint.

We will also collect information that you share with us to help us understand your situation, your hobbies and preferences and to represent your best interests when you instruct us/become a contact or client of Gowling WLG (UK), or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, financial institutions, recruitment agencies and other people connected to recruitment, information or service providers, introducers and referrers and from publicly available records.

We may obtain information about you from third parties in order to verify your identity, carry out anti-money laundering, anti-terrorism, sanctions screening and other background and credit checks. In performing these checks, personal information provided by you may be disclosed to that third party which may keep a record of that information. All information provided by you will be treated securely and strictly in accordance with the Data Protection Laws

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work, carry out searches and checks,  maintain internal records, which will include the collection of names, addresses, banking, financial details and creditworthiness; to maintain and develop our relationship with you, to carry out recruitment activities if you are applying for a job or placement with us, to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and the legal services we provide and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services
• To carry out recruitment and administer work experience and work placement activities

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws. For example, we ask you to provide your dietary requirements when you attend an event at our offices. We consider that you have made this data manifestly public to our organisation to help us protect you and to ensure your health and safety. We will keep this information confidential and restrict it to only those who need to know.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, credit checking, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of China

In the context of its global practice, Gowling WLG UK transfers personal data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside China.

Any transfer of your Personal Data from Gowling WLG UK entities in China to Gowling WLG UK entities in any country outside, will be subject to a mechanism that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

Gowling WLG is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. The firm aligns to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management. If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the CAC (Cyberspace Administration of China)

November 2019

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement, or provide us with services. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with ISO27001 standards.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In Dubai, in the Dubai International Financial Centre (DIFC) (a free zone where our Dubai office is located), the DIFC Data Protection Law N°1 of 2007 and Data Protection Regulations apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our Dubai Office please write to us at Gowling WLG, Office 1701, Level 17, ICD Brookfield Place, Dubai International Financial Centre, PO Box 506503, Dubai, UAE or email reception.dubai@gowlingwlg.com or you may submit a complaint to the Commissioner of Data Protection.

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to:   racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint.

We will also collect information that you share with us to help us understand your situation, your hobbies and preferences and to represent your best interests when you instruct us/become a contact or client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, financial institutions, recruitment agencies, information or service providers, introducers and referrers, and from publicly available records.

We may obtain information about you from third parties in order to verify your identity, carry out anti-money laundering, anti-terrorism, sanctions screening and other background and credit checks. In performing these checks, personal information provided by you may be disclosed to that third party which may keep a record of that information. All information provided by you will be treated securely and strictly in accordance with the Data Protection Laws.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information and financial information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work, carry out searched and checks  maintain internal records, which will include the collection of names, addresses, banking,  financial details and creditworthiness; to maintain and develop our relationship with you, to carry out recruitment activities if you are applying for a job or placement with us; to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and the legal services we provide and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints that we may receive;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

If Necessary for the performance of a Task

If the processing is necessary for the performance of a task carried out in the interests of the DIFC, or in the exercise of the DIFCA, the DFSA, the Court and the Registrars' functions or powers vested in the Data Controller or in a Third Party to whom the data are disclosed.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services
• To carry out recruitment and administer work experience and work placement activities

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your written consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws. For example, we ask you to provide your dietary requirements when you attend an event at our offices. We consider that you have made this data manifestly public to our organisation to help us protect you and to ensure your health and safety. We will keep this information confidential and restrict it to only those who need to know.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, credit checking, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the UAE Legal Affairs Department of the Ministry of Justice, the Dubai International Financial Centre Authorities (DIFCA) and the Dubai Financial Services Authority (DFSA) in the United Arab Emirates, the DIFC Registrar, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the DIFC

In the context of its global practice, Gowling WLG UK transfers personal data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the DIFC.

Any transfer of your Personal Data from Gowling WLG UK entities in the DIFC to Gowling WLG UK entities in any country outside, will be subject to a mechanism that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, and if necessary we will gather your written consent first.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information.

How we keep your data secure

Gowling WLG is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. The firm aligns to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management. If you have any particular concerns about your information, please contact us (see 'How to contact us' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Minimum Retention Period
Original Documentation	Permanently, or until returned to you
File documentation	Six years
CDD documentation	Six years after the end of the client relationship
Contracts with suppliers/third parties	Six years after expiry of contract
Complaints, correspondence and data relating to complaints	Six years following closure of the complaint
Professional negligence Claims, correspondence and data relating to PII claims	Six years following conclusion of the claim
Applications/CVs/interview records for jobs-unsuccessful	Twelve months after notifying unsuccessful candidates (unless we have obtained express consent from the candidate to hold for longer)

Your rights

If you are in the DIFC you have the right to:

• Access to and Rectification, Erasure or Blocking of Personal Data
  
  A Data Subject has the right to obtain from the Data Controller upon request, at reasonable intervals and without excessive delay or expense:
  • confirmation in writing as to whether or not Personal Data relating to him is being Processed and information at least as to the purposes of the Processing, the categories of Personal Data concerned, and the Recipients or categories of Recipients to whom the Personal Data are disclosed;
  • communication to him in an intelligible form of the Personal Data undergoing Processing and of any available information as to its source; and
  • as appropriate, the rectification, erasure or blocking of Personal Data the Processing of which does not comply with the provisions of the Law.
• Object at any time on reasonable grounds relating to your particular situation to the processing of your Personal Data; and
• To be informed before your Personal Data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object such disclosures or uses.

Complaints to the regulator:

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the Commissioner of Data Protection.

November 2019

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement, or provide us with services. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with ISO27001 standards.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In France, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, and the Data Protection Act apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our Paris office, please write to us at Gowling WLG (France), AARPI, 38 Avenue de l'Opera 75002, Paris, France or you may submit a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL).

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings.  It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to:   racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including:   obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint.

We will also collect information that you share with us to help us understand your situation, your hobbies and preferences and to represent your best interests when you instruct us/become a contact or client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, financial institutions, recruitment agencies and other people connected to recruitment, information or service providers, introducers and referrers, and from publicly available records. 

We may obtain information about you from third parties in order to verify your identity, carry out anti-money laundering, anti-terrorism, sanctions screening and other background and credit checks. In performing these checks, personal information provided by you may be disclosed to that third party which may keep a record of that information. All information provided by you will be treated securely and strictly in accordance with the Data Protection Laws.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work, carry out searches and checks, maintain internal records, which will include the collection of names, addresses, banking, financial details and creditworthiness; to maintain and develop our relationship with you, to carry out recruitment activities if you are applying for a job or work placement with us, to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and the legal services we provide and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to  iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy  which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us  to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services
• To carry out recruitment and administer work experience and work placement activities

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws. For example, we ask you to provide your dietary requirements when you attend an event at our offices. We consider that you have made this data manifestly public to our organisation to help us protect you and to ensure your health and safety. We will keep this information confidential and restrict it to only those who need to know.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, credit checking, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the Ordre des avcoats de Paris, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the EEA

In the context of its global practice, Gowling WLG UK transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Transfers from Gowling WLG UK entities in the EEA to Gowling WLG UK entities in any country outside the EEA that is not deemed to offer an adequate level protection according to the European Commission shall be governed by a data transfer agreement containing model clauses offering an adequate level protection according to the European Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, unless we inform you that another appropriate safeguard has been put in place.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

Gowling WLG is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. The firm aligns to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management.

If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Minimum Retention Period
Original Documentation	Permanently, or until returned to you
File documentation	Six to seven years in archives after the end of the client relationship or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
CDD documentation	From six to seven years after the end of the client relationship
Contracts with suppliers/third parties	From six to seven years in archives after expiry of contract or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Complaints, correspondence and data relating to complaints	From six to seven years in archives after closure of the complaint or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Professional negligence Claims, correspondence and data relating to PII claims	From six to seven years in archives after closure of the complaint or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Applications/CVs/interview records for jobs-unsuccessful	For the purposes of presenting further opportunities, the period for which we sought one's explicit consent or, in the absence of response, up to two years after the applicant's last contact For the purposes of defending ourselves against any discrimination action, from six to seven years in archives after notifying unsuccessful candidates or, in case of any pending litigating at the end of this period for which this data is relevant, after final settlement thereof.
Contact details of previous and potential clients for marketing purposes	Up to three years after the collection of the contact details for a potential client or the end of the client relationship for a previous client or, if later, the last contact from this person
Data relating to the exercise of the right of access, rectification or other	One to two years in archives after the response to the request or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof
Data relating to the exercise of the right of opposition	Six to seven years in archives after the response to the request or, in case of any pending litigation at the end of this period for which this data is relevant, after final settlement thereof

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

• the right of access to Personal Data relating to you;
• the right to correct any mistakes in your information;
• the right to ask us to stop contacting you with direct marketing;
• rights in relation to automated decision making; 
• the right to restrict or prevent your Personal Data being processed;
• the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider); and 
• the right to erasure.

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

• a copy;
• details of the purpose for which it is being or is to be processed;
• details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
• the period for which it is held (or the criteria we use to determine how long it is held);
• any information available about the source of that data; and
• whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like to do this, please:

• email, call or write to us (see "How to contact us")
• let us have enough information to identify you, and
• let us know the Personal Data that is incorrect and what it should be replaced with.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

• See "How can you contact us" above
• You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com

Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to prevent processing of personal data

You may request that we stop processing your personal data temporarily if:

• you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
• you have objected to processing because you believe that your interests should override our legitimate interests.

Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party

Right to erasure

You can ask us to erase your Personal Data where:

• you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
• if you had given us consent to process your Personal Data, you withdraw that consent and we cannot otherwise legally process your Personal Data;
• you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
• your Personal Data has been processed unlawfully or have not been erased when it should have been.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the Commission Nationale de l'Informatique et des Libertés (CNIL) www.cnil.fr

November 2019

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement or provide us with services. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events, including webinars and other digital events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About Us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity. Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In Germany, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, and the Federal Data Protection Act 2017 apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our Munich office, please write to us at Prannerstrasse 15, 80333 , Munich, Germany.

If you wish to contact our Stuttgart office, please write to us at Heilbronner Strasse 190, 70191 Stuttgart, Germany.

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to: racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; sexual orientation or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, collecting, recording, retrieving, reviewing, consulting, storing, using or holding it; organising, structuring, adapting or altering it; disclosing by transmission, disseminating or otherwise making it available; and aligning, combining, restricting, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint. We will also collect information that you share with us to help us understand your situation, your hobbies and preferences and to represent your best interests when you instruct us/become a contact or client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, financial institutions, recruitment agencies and other people connected to recruitment, information or service providers, introducers and referrers and from publicly available records.

We may obtain information about you from third parties in order to verify your identity, carry out anti-money laundering, anti-terrorism, sanctions screening and other background and credit checks. In performing these checks, personal information provided by you may be disclosed to that third party which may keep a record of that information. All information provided by you will be treated securely and strictly in accordance with the Data Protection Laws.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail)

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations – such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business and financial information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work, carry searches and checks, maintain internal records, which will include the collection of names, addresses, banking, financial details and creditworthiness; to maintain and develop our relationship with you, to carry out recruitment activities if you are applying for a job or work placement with us; to analyse and help us manage our practice, to maintain and update our records.
• Carry out Business Development and Marketing – to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and the legal services we provide and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to iaadmin@gowlingwlg.com
• Maintain Quality Standards – to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services – please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work, to erect information barriers to restrict access to certain information and to comply with all aspects of our regulatory obligations
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services
• To carry out recruitment and administer work experience and work placement activities

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws. For example, we ask you to provide your dietary requirements when you attend an event at our offices. We consider that you have made this data manifestly public to our organisation to help us protect you and to ensure your health and safety. We will keep this information confidential and restrict it to only those who need to know.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, credit checking, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights or our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the UK/EEA

In the context of its global practice, Gowling WLG UK transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Transfers from Gowling WLG UK entities in the EEA to Gowling WLG UK entities in any country outside the EEA that is not deemed to offer an adequate level protection according to the European Commission shall be governed by a data transfer agreement containing model clauses offering an adequate level protection according to the European Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, unless we inform you that another appropriate safeguard has been put in place.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

Gowling WLG UK is committed to its Information and Cyber security programme, ensuring that adequate security controls are in place to protect information and data from being accessed, corrupted, lost or stolen. Our Germany offices align to ISO27001 standards - an international information security standard which is widely recognised as an indication of best practice in information security and informational risk management. If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Retention Period
Job applications	2 months
Court litigation documents	3 years; up to 30 years
Trade or business letters received	6 years
Annual reports	10 years
Accounts and records	10 years

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

• the right of access to Personal Data relating to you;
• the right to correct any mistakes in your information;
• the right to object to the processing of your Personal Data for direct marketing purposes;
• the right to object to our processing based grounds of our legitimate interests
• rights in relation to automated decision making;
• the right to restrict or prevent your Personal Data being processed;
• the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider);
• the right to erasure; and
• the right to withdraw previously given consent

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

• a copy;
• details of the purpose for which it is being or is to be processed;
• details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
• the period for which it is held (or the criteria we use to determine how long it is held);
• any information available about the source of that data; and
• whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If your Personal Data is incomplete, you can ask us to complete it by adding more details. If you would like to do this, please:

• email, call or write to us (see "How to contact us")
• let us have enough information to identify you, and
• let us know the Personal Data that is incorrect and what it should be replaced or supplemented with or how they should be completed.

Right to object to the processing of your Personal Data for direct marketing purposes

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

• See "How can you contact us" above
• You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com.

Right to object

You can object, on grounds relating to your particular situation, to our processing of Personal Data if our basis of processing is for the purpose of legitimate interests. We will only process your Personal Data further if there are compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.

Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to restrict or prevent processing of personal data

You may request that we stop or limit processing your personal data temporarily if:

• you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
• you have objected to processing because you believe that your interests should override our legitimate interests and it has not yet been determined whether this is the case. We will continue processing as soon as it is certain that our legitimate interests outweigh your interests.

Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to erasure

You can ask us to erase your Personal Data where:

• you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
• if you had given us consent to process your Personal Data and you withdraw that consent;
• you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
• your Personal Data has been processed unlawfully or have not been erased when it should have been.

Right to withdraw consent

The circumstances in which we rely on consent are minimal but if the lawful basis for processing is based upon the provision of your consent, you are able to withdraw your previously given consent to the processing of the Personal Data at any time without giving reasons.

If you want to withdraw your consent:

• contact us by email, telephone or in writing (see "How can you contact us" above)
• give us enough information so that we can identify you and if necessary, let us know which consent you would like to withdraw.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the responsible supervisory authority.

The supervisory authority responsible for our office in Munich is the Bavarian State Office for Data Protection: Contact the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) www.lda.bayern.de

The supervisory authority responsible for our office in Stuttgart is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg at www.baden-wuerttemberg.datenschutz.de

The addresses of all German supervisory authorities as well as the links to their websites can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

January 2021

Kurzzusammenfassung

Wir verarbeiten Ihre Daten, um Ihnen juristische und sonstige Dienstleistungen zur Verfügung zu stellen. Möglicherweise verarbeiten wir Ihre Daten auch aufgrund Ihrer Beziehung zu einem oder mehreren unserer Mandanten, oder wenn Sie sich auf eine Stelle oder ein Praktikum bei uns bewerben oder uns Dienstleistungen erbringen. Außerdem erheben wir personenbezogene Informationen, wenn Sie uns kontaktieren, einen unserer Newsletter abonnieren oder an einem unserer Seminare oder einer unserer Veranstaltungen, einschließlich Webinare und andere digitale Veranstaltungen, teilnehmen.

In dieser Beziehung spielen auch andere Dienstleister eine wichtige Rolle, wenn wir sie damit beauftragen, uns bei sonstigen professionellen Dienstleistungen und administrativen Vorgaben zu unterstützen. Wir arbeiten mit ihnen zusammen, um eine effiziente Unternehmensunterstützung zu gewährleisten, beispielsweise in den Bereichen Sicherheit, Lieferung, Technologie, Zahlungsabwicklung, Versicherungen, Unterstützung bei Rechtsstreitigkeiten sowie Archivierung und Sicherung.

Ihre Informationen werden gemäß der ISO27001-Norm sicher und streng vertraulich behandelt.

In dieser Erklärung wird erläutert, welche Daten wir warum verarbeiten, die rechtliche Grundlage dafür sowie Ihre Rechte. Um so transparent wie möglich zu sein, werden wir diese Datenschutzerklärung fortlaufend aktualisieren.

• Über uns
• Nützliche Begriffe und Ausdrücke
• Welche Informationen erheben wir?
• Warum verarbeiten wir Ihre personenbezogenen Daten?
• Auf welcher rechtlichen Grundlage werden Ihre personenbezogenen Daten verarbeitet?
• Wer wird Zugriff auf Ihre personenbezogenen Daten haben?
• Wann werden wir Ihre personenbezogenen Daten löschen?
• Ihre Rechte

Über uns

Gowling WLG (UK) LLP (Gowling WLG UK) ist eine eigenständige Gesellschaft und Teil der Gowling-WLG-Gruppe. Weitere Gesellschaften der Gowling-WLG-Gruppe sind in anderen Staaten tätig. Unsere Handhabung Ihrer Daten unterscheidet sich von Staat zu Staat, weswegen jede unserer Gesellschaften ein gesonderter 'Verantwortlicher für die Datenverarbeitung'. ist Der Verantwortliche für die Datenverarbeitung ist für die Verarbeitung Ihrer personenbezogenen Daten gemäß den Datenschutzgesetzen verantwortlich.

Auf unserer Seite mit rechtlichen Hinweisen finden Sie Informationen zur Struktur von Gowling WLG, den Gesellschaften unserer Gruppe und darüber, wer Ihr Verantwortlicher für die Datenverarbeitung ist.

Jeder Staat hat unterschiedliche Datenschutzgesetze. In Deutschland gelten die Datenschutz-Grundverordnung (DSGVO) (Verordnung (EU) 2016/679) sowie das Bundesdatenschutzgesetz (BDSG) 2017.

Wir nehmen den Schutz Ihrer Daten sehr ernst und bitten Sie, diese Datenschutzerklärung aufmerksam zu lesen, da sie wichtige Informationen enthält über:

• Ihre Rechte
• Die personenbezogenen Daten, die wir von Ihnen erheben, und für welche Zwecke wir sie erheben
• Was wir mit Ihren Daten machen und
• Mit wem Ihre Informationen geteilt werden

Wenn Sie zusätzliche Hilfe benötigen

Wenn Sie diese Erklärung in einem anderen Format haben möchten (z. B. Audio, Großdruck, Braille), kontaktieren Sie uns bitte.

Wie Sie uns kontaktieren können

Bitte kontaktieren Sie uns, wenn Sie Fragen haben zu dieser Datenschutzerklärung oder den Informationen, die wir über Sie gespeichert haben.

Wenn Sie unser Büro in München kontaktieren möchten, wenden Sie sich bitte schriftlich an Gowling WLG, Prannerstraße 15, 80333 München, Deutschland.

Wenn Sie unser Büro in Stuttgart kontaktieren möchten, wenden Sie sich bitte schriftlich an Gowling WLG, Heilbronner Straße 190, 70191 Stuttgart, Deutschland.

Änderungen der Datenschutzerklärung

Wir können diese Datenschutzerklärung bei Veranlassung ändern. Sie sollten diese Datenschutzerklärung gelegentlich überprüfen, um sicherzustellen, dass Ihnen die aktuellste Version bekannt ist.

Nützliche Begriffe und Ausdrücke

Bitte machen Sie sich mit den folgenden Begriffen und Ausdrücken vertraut, da diese in den Datenschutzgesetzen eine besondere Bedeutung haben und in der gesamten Datenschutzerklärung verwendet werden:

Personenbezogene Daten	Dies bezeichnet jegliche personenbezogenen Informationen, anhand derer eine lebende Person identifiziert werden kann. Dies umfasst Angaben wie beispielsweise Telefonnummern, Namen, Adressen, E-Mail-Adressen, Fotos, Sprachaufnahmen. Dies umfasst auch Meinungsäußerungen zu betroffenen Personen (sowie deren eigene Meinungsäußerungen/Absichten). Dies umfasst auch Informationen, die für sich allein keine Identifizierung einer Person zulassen, jedoch in Kombination mit anderen Informationen, die uns vorliegen oder uns wahrscheinlich in Zukunft vorliegen werden sie identifizieren könnte.
Sensible personenbezogene Daten oder besondere Kategorien personenbezogener Daten	Dies bezeichnet jegliche Informationen bezüglich: rassischer oder ethnischer Herkunft politischer Meinungen und Zugehörigkeiten religiöser oder weltanschaulicher oder ähnlicher Überzeugungen Gewerkschaftszugehörigkeiten des geistigen oder körperlichen Gesundheitszustands des Sexuallebens und der sexuellen Orientierung; oder genetischer oder biometrischer Daten
Verarbeitung	Dies umfasst praktisch alles, was mit personenbezogenen Daten geschehen kann, einschließlich: deren Erhebung, Erfassung, Abruf, Überprüfung, Abfrage, Auslesung, Speicherung, Verwendung oder Verwaltung; deren Organisation, Ordnung, Abgleich, Verknüpfung, Anpassung oder Veränderung; Offenlegung, Verbreitung oder anderweitige Form der Bereitstellung; sowie derenEinschränkung, Löschung oder Vernichtung
Betroffene Person	Die Person, auf die sich die personenbezogenen Daten beziehen.
Aufsichtsbehörde	Die Behörde, die für die Implementierung, Überwachung und Durchsetzung der Datenschutzgesetze zuständig ist.
Verantwortlicher für die Datenverarbeitung	Dies bezeichnet jegliche Personen, die Zwecke und die Art und Weise der Verarbeitung personenbezogener Daten festlegen.
Auftragsverarbeiter	Dies bezeichnet jegliche Personen, die im Auftrag des Verantwortlichen für die Datenverarbeitung personenbezogene Daten verarbeiten.
Datenschutzgesetze	Dies bezeichnet die Gesetze, die den Umgang mit Daten regeln – die Auflistung der Gesetze finden Sie am Anfang dieser Datenschutzerklärung.

Welche Informationen erheben wir?

Personenbezogene Daten, die von Ihnen zur Verfügung gestellt werden

Um Ihnen unsere Dienstleistungen anbieten zu können, können wir personenbezogene Daten von Ihnen erheben, einschließlich:

• Ihres Namens,
• Ihrer Adresse,
• Ihrer Telefonnummer,
• Ihrer E-Mail-Adresse,
• Ihres Geburtsdatums und sonstiger Identitätsangaben, die wir für die Einhaltung gesetzlicher und aufsichtsrechtlicher Anforderungen benötigen

Außerdem werden wir personenbezogene Daten erheben, wenn Sie uns kontaktieren, uns Feedback senden, einen unserer Newsletter abonnieren, eines unserer Seminare oder eine unserer Veranstaltungen besuchen oder eine Beschwerde einreichen.

Ferner erheben wir Informationen, die Sie mit uns teilen, um Ihre Situation sowie Ihre Hobbies und Vorlieben zu verstehen und Ihre Interessen vertreten zu können, wenn Sie uns beauftragen bzw. ein Kontakt oder Mandant von Gowling WLG UK werden, oder aufgrund Ihrer Beziehung zu einem oder mehreren unserer Mandanten, wenn Sie Dienstleistungen uns erbringen oder wenn Sie sich auf eine Stelle oder ein Praktikum bewerben.

Sensible personenbezogene Daten

Wenn wir Sie darum bitten, uns sensible personenbezogene Daten zur Verfügung zu stellen, werden wir erläutern, warum wir diese Daten benötigen, was wir mit ihnen zu tun beabsichtigen und welche Rechte Sie haben.

Personenbezogene Daten anderer Personen

Wenn Sie Informationen im Auftrag einer anderen Person an uns weitergeben, bestätigen Sie, dass die andere Person Sie dazu bestimmt hat, in ihrem Auftrag zu handeln, und Ihnen gestattet hat, dies zu tun. In einigen Fällen erheben wir personenbezogene Daten, die Sie betreffen, von anderen Personen, einschließlich Mandanten, denen wir Rechtsdienstleistungen erbringen. Wir können beispielsweise Informationen einholen über Geschäftsführer, Angestellte oder Mitarbeiter unserer Mandanten oder sonstiger Parteien, Zeugen, Begünstigter, Gegenparteien, verbundener Parteien, Interessenträger, Geschäftspartner, Investoren, Gesellschafter, Wertpapierinhaber, Käufer sowie Kunden von Mandanten.

Von Dritten zur Verfügung gestellte personenbezogene Daten

Wir erheben personenbezogene Daten direkt von Ihnen, von Mandanten oder Bevollmächtigten und wie sonst nach geltendem Recht zulässig oder erforderlich. Bisweilen werden wir auch personenbezogene Informationen von Dritten, wie beispielsweise Aufsichts- und Justizbehörden, erheben, sowie sonstigen Organisationen, mit denen Sie in Beziehung stehen oder die ein rechtliches Interesse an solchen Daten haben, Regierungsbehörden, Auskunfteien, Finanzinstituten, Personalagenturen und sonstigen Personen, die mit Personalbeschaffung im Zusammenhang stehen, Informationsanbietern oder Dienstleistern, Akquisiteuren und Empfehlern sowie aus öffentlich zugänglichen Registern.

Möglicherweise holen wir von Dritten Informationen über Sie ein, um Ihre Identität zu verifizieren und um Prüfungen zur Geldwäsche- und Terrorismusbekämpfung, Sanktionsprüfungen und sonstige Hintergrund- und Bonitätsprüfungen durchzuführen. Bei der Durchführung dieser Prüfungen können von Ihnen zur Verfügung gestellte personenbezogene Informationen an diesen Dritten weitergegeben werden, der diese Informationen möglicherweise dokumentiert. Sämtliche von Ihnen zur Verfügung gestellten Informationen werden sicher und streng gemäß den Datenschutzgesetzen behandelt.

Warum verarbeiten wir personenbezogene Daten?

Wir verwenden Ihre personenbezogenen Daten für die Zwecke, die nachfolgend in diesem Abschnitt aufgelistet sind. Wir sind aufgrund einer bestimmten Rechtsgrundlage dazu berechtigt (siehe Abschnitt "auf welcher rechtlichen Grundlage erfolgt die Verarbeitung Ihrer Daten" für weitere Einzelheiten).

Wir erheben Ihre Informationen, damit wir:

• Rechtsdienstleistungen erbringen können – juristische und sonstige Dienstleistungen und Produkte gemäß Ihrem Auftrag anbieten, Ihre Fragen beantworten und Ihnen Informationen und Materialien liefern, um die Sie gebeten haben;
• Unsere gesetzlichen und aufsichtsrechtlichen Pflichten erfüllen können – wie beispielsweise die Feststellung Ihrer Identität zur Erfüllung von Vorschriften zur Geldwäschebekämpfung und unserer sonstigen gesetzlichen und aufsichtsrechtlichen Pflichten, aufgrund derer Sie verpflichtet sein können, Ihren Namen, Ihre Adresse, Ihre Beschäftigungs-/Geschäftsverhältnisse und finanziellen Informationen und/oder sonstige gesetzlich vorgeschriebener Identifikationsmerkmale anzugeben;
• Verwaltungstätigkeiten durchführen können – unsere Leistungen abrechnen, Recherchen und Prüfungen durchführen, interne Unterlagen führen, was die Erhebung von Namen, Adressen, Bankdetails, finanzieller Informationen und der Kreditwürdigkeit umfasst; unsere Beziehung zu Ihnen aufzubauen und zu pflegen, Personalanwerbemaßnahmen durchführen, wenn Sie sich bei uns um eine Stelle oder ein Praktikum bewerben; unsere Tätigkeit analysieren und verwalten, unsere Unterlagen führen und aktualisieren.
• Geschäftsentwicklung und Marketing durchführen können – Marktrecherchen durchführen; unsere eigenen Produkte und Dienstleistungen an Sie vermarkten, auch – soweit im Rahmen des geltenden Rechts zulässig – per E-Mail und anderweitig, und Ihre Informationen und Vorlieben korrekt halten. Wir können die personenbezogenen Daten, die uns zur Verfügung gestellt wurden, auch für die Nachverfolgung und Verwaltung Ihrer Zustimmungen, Veranstaltungsreservierungen und etwaigen Abbestellungen verwenden. Bei Veranlassung möchten wir Ihnen evtl. rechtliche Änderungen, Newsletter, Pressemitteilungen, Informationen zu unseren Veranstaltungen und Rechtsdienstleistungen sowie sonstige Mitteilungen schicken, die für Sie und/oder Ihr Unternehmen interessant sein könnten. Ihre Kontaktdaten und Einstellungen können Sie jederzeit überprüfen und aktualisieren oder unsere Marketingmitteilungen abbestellen, indem Sie auf die Links in unseren E-Marketing-Nachrichten klicken oder eine E-Mail senden an iaadmin@gowlingwlg.com
• Wenn Sie dem Erhalt von Marketingmaterial von uns zugestimmt haben, können Sie sich jederzeit davon abmelden. Weitere Informationen finden Sie unter Ihre Rechte. Sie können Ihre Einstellungen auch verwalten, indem Sie eine E-Mail senden an iaadmin@gowlingwlg.com
• Qualitätsstandards aufrechterhalten können – hohen Qualitäts- und professionellen Standards gerecht werden sowie Zertifizierungen und Zulassungen erhalten und aufrechterhalten, was Prüfungen unserer internen Abläufe beinhalten könnte;
• Ansprüche verwalten können – verfügbare Abhilfemaßnahmen verfolgen oder Schäden begrenzen, die wir oder unsere Mandanten erleiden könnten, und zu Feedback oder Beschwerden Stellung nehmen;
• Menschen und Gebäude schützen können – Sicherheit gewährleisten und Kriminalität verhindern; an den Eingängen zu unseren Büroräumen können Überwachungskameras installiert sein, und es können Videoüberwachungsdaten von Kameras erfasst werden;
• die Nutzung unserer Webseite überwachen können, um unsere Leistungen zu verbessern – in unserer Cookie-Richtlinie können Sie nachlesen, was Cookies sind und warum wir sie verwenden.

Auf welcher rechtlichen Grundlage erfolgt die Verarbeitung Ihrer Daten?

Wir dürfen Ihre personenbezogenen Daten aus folgenden Gründen und aufgrund der folgenden rechtlichen Grundlagen verarbeiten:

Einwilligung

Wenn Sie eingewilligt haben – beispielsweise, wenn Sie eine E-Mail-Verteilerliste abonniert haben, mit der wir Sie über bedeutende rechtliche Änderungen unterrichten, Informationen zu Updates/Veranstaltungen oder sonstige Informationen schicken, die für Sie interessant sein könnten.

Vertrag

Wenn dies für die Erfüllung des Vertrags, den Sie mit Gowling WLG UK abgeschlossen haben, erforderlich ist. Wenn Sie beispielsweise eine Rechtsberatung von Gowling WLG UK in Anspruch nehmen, müssen wir Ihre personenbezogenen Daten verarbeiten, um unsere Rechtsberatungsdienstleistungen angemessen erbringen und unsere Leistungen abrechnen zu können.

Rechtliche Verpflichtung

Wenn wir rechtlich verpflichtet sind, Ihre Daten zum Zwecke der Einhaltung geltender Gesetze zu verarbeiten, z. B. wenn wir unsere Mandanten gemäß den Vorschriften zur Geldwäschebekämpfung, die in vielen Ländern gelten, identifizieren und gemäß den Gesundheits- und Sicherheitsvorschriften Unterlagen anlegen und führen müssen. Außerdem haben wir Verpflichtungen im Rahmen der Finanz- und Steuervorschriften sowie Meldepflichten an die Steuerbehörden.

Berechtigtes Interesse

Die Verarbeitung Ihrer personenbezogenen Daten ist außerdem rechtmäßig, wenn sie auf Grundlage unseres "berechtigten Interesses" erfolgt. Für die Verarbeitung auf dieser Grundlage haben wir die Auswirkungen auf Ihre Interessen und Rechte berücksichtigt und angemessene Sicherheitsvorkehrungen getroffen, um sicherzustellen, dass Ihre Privatsphäre so weit wie möglich gewahrt wird.

Nachfolgend finden Sie Beispiele für die Zwecke, für die wir Ihre personenbezogenen Daten auf dieser Grundlage verarbeiten werden:

• Mandantenverwaltung – damit wir interne Unterlagen führen können
• um die Einhaltung gesetzlicher Bestimmungen sicherzustellen – beispielsweise, dass wir Konfliktchecks durchführen, bevor wir mit unserer Arbeit beginnen, und Informationsschranken einrichten, um den Zugriff auf bestimmte Informationen einzuschränken
• um bestimmte Qualitätsstandards der von uns erbrachten professionellen Dienstleistungen aufrechterhalten und Qualitätszulassungen erlangen und aufrechterhalten zu können
• um verfügbare Abhilfemaßnahmen verfolgen oder Schäden, die wir erleiden könnten, begrenzen zu können
• um Beschwerden verwalten und dazu Stellung nehmen zu können
• um mit Vertretern unserer Firmen- und sonstiger Geschäftsmandanten zusammenarbeiten zu können
• für die Vermarktung unserer Dienstleistungen
• für Personalanwerbung und die Verwaltung von Praktika und Referendarausbildungen

Bitte beachten Sie, dass Sie das Recht haben, der Verarbeitung Ihrer Daten für jedes der oben genannten berechtigten Interessen zu widersprechen.

Sensible personenbezogene Daten

Unter bestimmten Umständen können wir Ihre sensiblen personenbezogenen Daten aus folgenden Gründen und mit folgenden Ausnahmen verarbeiten:

• Einwilligung
  Wenn Sie beispielsweise in die Verarbeitung Ihrer Gesundheitsinformationen ausdrücklich eingewilligt haben, damit wir Sie rechtlich beraten können.
• Lebenswichtige Interessen
  Weil wir Ihre lebenswichtigen Interessen schützen müssen, z. B. müssen wir Ihre medizinischen/gesundheitlichen Informationen verarbeiten, um unsere Gesundheits- und Sicherheitsvorkehrungen befolgen zu können, wenn Sie an einer Veranstaltung teilnehmen oder unsere Büroräume besuchen, was uns wiederum dabei helfen könnte, Ihr Leben zu schützen.
• Offensichtlich öffentlich gemachte personenbezogene Daten
  Die Daten, die Sie offensichtlich öffentlich gemacht wurden und nur, wenn dies für unsere Zwecke erforderlich und gemäß den geltenden Datenschutzgesetzen zulässig ist. Beispielsweise, wenn wir Sie darum bitten, uns Ihre Ernährungsbedürfnisse mitzuteilen, wenn Sie an einer Veranstaltungen in unseren Büroräumen teilnehmen. Wir gehen dann davon aus, dass Sie diese Daten offensichtlich an unsere Organisation öffentlich gemacht haben, um uns zu helfen, Ihre Gesundheit und Sicherheit sicherzustellen. Wir werden diese Information vertraulich behandeln und nur den Personen zugänglich machen, die sie benötigen.
• Rechtsansprüche
  Wir machen Rechtsansprüche geltend, üben diese aus oder verteidigen diesen für Sie als Mandanten oder in unserem eigenen Namen.

Wer hat Zugriff auf Ihre personenbezogenen Daten?

Im Rahmen der Erbringung unserer Dienstleistungen und der Durchführung unseres Geschäftsbetriebs können wir Ihre personenbezogenen Daten weitergeben an:

• andere Büros, Gesellschaften und verbundene Unternehmen von Gowling WLG;
• Dienstleister, die wir mit der Unterstützung bei der Erbringung juristischer oder sonstiger Dienstleistungen und Produkte und den damit verbundenen administrativen Vorgaben beauftragen, z. B. andere professionelle Berater;
• Anbieter bestimmter Unternehmensunterstützungsmaßnahmen an Gowling WLG UK, einschließlich in den Bereichen Sicherheit, Lieferung, Technologie, Recherche, Bankgeschäfte, Zahlungsabwicklung, Versicherungen, Unterstützung bei Rechtsstreitigkeiten, Übersetzung, Bonitätsprüfung, Archivierung und Sicherung;
• Anbieter von Dienstleistungen zur Geschäftsentwicklung und Marketingunterstützung für die Unterstützung bei Veranstaltungen und beim Marketing;
• Justiz- und Aufsichtsbehörden einschließlich Gerichten oder öffentlichen Behörden, die eine Offenlegung verlangen, wenn gemäß verschiedenen Gesetzen und Bestimmungen eine Offenlegung von uns verlangt wird oder wir gesetzlich, aufsichtsrechtlich oder beruflich dazu verpflichtet sind, um die Sicherheit oder die Rechte unserer Mandanten, unseres Personals oder sonstiger Personen zu schützen;
• Personenbezogene Daten können auch an eine andere Organisation übermittelt werden im Falle einer Unternehmenstransaktion wie beispielsweise eines Zusammenschlusses, einer Fusion oder Übernahme oder eines Inhaberwechsels unserer Kanzlei. Dies wird nur dann geschehen, wenn die Parteien eine Vereinbarung geschlossen haben, gemäß derer die Erhebung, Nutzung und Weitergabe der Informationen auf die Zwecke beschränkt ist, die mit der Unternehmenstransaktion zusammenhängen, einschließlich einer Festlegung, ob mit der Unternehmenstransaktion fortgefahren werden soll, und die von den Parteien für die Durchführung und Vervollständigung der Unternehmenstransaktion verwendet werden.
• Personen, an die wir gemäß Ihrem Auftrag im Rahmen der Erbringung juristischer Dienstleistungen Informationen weitergeben sollen, z. B. eine Partei, die an einem Rechtsanspruch oder einer Transaktion beteiligt ist;
• Wenn Sie mehr über die Parteien wissen möchten, mit denen wir personenbezogene Daten teilen, kontaktieren Sie uns bitte.

Internationaler Datentransfer zwischen unseren Büros

Transfer Ihrer Informationen außerhalb des EWR

Im Rahmen ihrer globalen Tätigkeit übermittelt Gowling WLG UK personenbezogene Daten zwischen ihren Büros, da der freie Informationsfluss für die effiziente Durchführung ihrer internationalen Geschäfte unerlässlich ist. Einige unserer Büros und verbundenen Unternehmen befinden sich außerhalb des Europäischen Wirtschaftsraums. Übermittlungen von Unternehmen von Gowling WLG UK im EWR an Unternehmen von Gowling WLG UK in ein Land außerhalb des EWR, das laut der Europäischen Kommission keinen adäquaten Schutz bietet, unterliegt einer Datenübermittlungsvereinbarung, die Modellklauseln enthält, die laut der Europäischen Kommission adäquaten Schutz bieten, Ihre Persönlichkeitsrechte schützen und Ihnen für den unwahrscheinlichen Fall eines Sicherheitsverstoßes Abhilfemaßnahmen zur Verfügung stellen, es sei denn, wir teilen Ihnen mit, dass ein anderer angemessener Schutz eingerichtet wurde.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") ist eine unabhängige Gesellschaft. Gowling WLG Canada hat eine separate Datenschutzerklärung, in der beschrieben ist, wie personenbezogene Daten verarbeitet werden. Für die Zwecke des europäischen Datenschutzes ist die Europäische Kommission der Ansicht, dass das kanadische bundesstaatliche Datenschutzrecht adäquaten Schutz Ihrer Persönlichkeitsrechte bietet.

Wenn Sie uns beauftragen und es erforderlich ist, werden wir Informationen mit Kanzleien in anderen Rechtsräumen austauschen.

Wie wir Ihre Daten schützen

Gowling WLG ist ihrem Informations- und Cybersicherheitsprogramm verpflichtet, das sicherstellt, dass adäquate Sicherheitskontrollen greifen, um Informationen und Daten vor unbefugtem Zugriff, Beschädigung, Verlust oder Diebstahl zu schützen. Die Kanzlei richtet sich nach der ISO27001-Norm – einer internationalen Norm für Informationssicherheit, die allgemein als Best Practice im Bereich Informationssicherheit und Informationsrisikomanagement anerkannt ist. Wenn Sie im Hinblick auf Ihre Informationen bestimmte Bedenken haben, kontaktieren Sie uns bitte (siehe 'Wie Sie uns kontaktieren können' oben).

Wann löschen wir Ihre Daten?

Wir bewahren Ihre personenbezogenen Daten gemäß unseren internen Richtlinien, Vertragsbedingungen und in den Fällen, in denen wir gesetzlich, aufsichtsrechtlich oder beruflich dazu verpflichtet sind, auf. Unsere standardmäßigen Aufbewahrungszeiträume unterscheiden sich je nach Land, in dem Ihre Dienstleistungen erbracht werden. In jedem Fall löschen wir Daten, sobald deren Aufbewahrung nicht mehr erforderlich ist.

Art der Arbeit/Daten	Aufbewahrungszeitraum
Bewerbungen	zwei Monate
Dokumente für Gerichtsverfahren	drei Jahre; bis zu 30 Jahren
Handels- oder Geschäftsbriefe, die wir erhalten	sechs Jahre
Geschäftsberichte	10 Jahre
Bücher und Unterlagen	10 Jahre

Ihre Rechte

Als betroffene Person haben Sie gemäß den Datenschutzgesetzen folgende Rechte:

• ein Auskunftsrecht über personenbezogene Daten, die Sie betreffen;
• das Recht auf Berichtigung von Fehlern in Ihren Informationen;
• das Recht, einer Verarbeitung Ihrer personenbezogenen Daten zu Zwecken des Direktmarketings zu widersprechen;
• Rechte in Bezug auf automatisierte Entscheidungsfindung;
• das Recht, die Verarbeitung Ihrer personenbezogenen Daten einzuschränken oder zu verhindern;
• das Recht, eine zuvor erteilte Einwilligung in die Datenverarbeitung zu widerrufen;
• das Recht, einer aufgrund unserer überwiegenden Interessen erfolgten Datenverarbeitung zu widersprechen;
• das Recht, Ihre Daten an einen anderen Verantwortlichen für die Datenverarbeitung zu übertragen (z. B. wenn Sie sich entschließen, mit einem anderen Dienstleister zusammenzuarbeiten); und
• das Recht auf Löschung.

Diese Rechte sind nachfolgend näher erläutert; wenn Sie jedoch Anmerkungen, Bedenken oder Beschwerden bezüglich der Verwendung Ihrer personenbezogenen Daten durch uns haben, kontaktieren Sie uns bitte (siehe Abschnitt "Wie Sie uns kontaktieren können").

Wir werden binnen eines Monats ab Erhalt Ihrer Anfrage auf sämtliche Rechte eingehen, die Sie geltend machen. Bei besonders komplexen Anfragen antworten wir innerhalb von drei Monaten.

Bitte beachten Sie, dass es Ausnahmen gibt, die bezüglich einiger Rechte gelten und die wir gemäß den Datenschutzgesetze anwenden werden.

Auskunftsrecht über personenbezogene Daten, die Sie betreffen

Sie können darum bitten, Ihre personenbezogenen Daten, die bei uns gespeichert sind, einzusehen, und erhalten:

• eine Kopie;
• Einzelheiten über den Zweck der aktuellen oder zukünftigen Verarbeitung;
• Einzelheiten zu den Empfängern oder Empfängerklassen, an die Ihre Daten weitergegeben werden (könnten), und auch, ob diese im Ausland ansässig sind und welche Schutzmechanismen für diese Übermittlungen ins Ausland greifen;
• den Zeitraum, in dem Ihre Daten gespeichert werden (bzw. die Kriterien, nach denen wir diesen festlegen);
• sämtliche Informationen, die bezüglich der Quelle dieser Daten verfügbar sind; und
• eine Auskunft darüber, ob wir automatisierte Entscheidungsfindung durchführen oder Profile erstellen, und in den Fällen, in denen wir dies tun, über die angewandte Logik und das angestrebte Ergebnis dieser Entscheidung oder Profilerstellung.

Damit wir die personenbezogenen Daten leichter finden können, stellen Sie uns bitte so viele Informationen wie möglich über die Art der personenbezogenen Daten, die Sie einsehen möchten, zur Verfügung.

Recht auf Berichtigung von Fehlern in Ihren Informationen

Sie können von uns kostenfrei die Berichtigung jeglicher Fehler in Ihren personenbezogenen Daten, die bei uns gespeichert sind, bzw. deren Vervollständigung verlangen. Wenn Sie dies tun möchten, gehen Sie bitte folgendermaßen vor:

• kontaktieren Sie uns per E-Mail, telefonisch oder schriftlich (siehe "Wie Sie uns kontaktieren können")
• geben Sie uns ausreichend Informationen, damit wir Sie identifizieren können, und
• teilen Sie uns die personenbezogenen Daten mit, die fehlerhaft sind, und womit sie ersetzt werden sollen bzw. wie sie vervollständigt werden sollen.

Recht, einer Verarbeitung Ihrer personenbezogenen Daten zu Zwecken des Direktmarketing zu widersprechen

Sie können von uns verlangen, Sie nicht mehr zu Zwecken des Direktmarketings zu kontaktieren. Wenn Sie dies tun möchten, gehen Sie bitte folgendermaßen vor:

• siehe "Wie Sie uns kontaktieren können" oben
• Ihre Kontaktdaten und Einstellungen können Sie jederzeit überprüfen und aktualisieren oder unsere Mitteilungen abbestellen, indem Sie auf die Links in unseren E-Marketing-Nachrichten klicken oder eine E-Mail senden an iaadmin@gowlingwlg.com.

Rechte in Bezug auf automatisierte Entscheidungsfindung

Wir treffen keine automatisierten Entscheidung in Bezug auf Sie; dieses Recht findet daher keine Anwendung.

Recht, die Verarbeitung personenbezogener Daten einzuschränken oder zu verhindern

Sie können beantragen, dass die Verarbeitung Ihrer personenbezogenen Daten eingeschränkt wird, wenn:

• Sie der Ansicht sind, dass Ihre personenbezogenen Daten nicht korrekt sind. Wir werden die Verarbeitung fortführen, sobald wir die Korrektheit überprüft haben;
• die Verarbeitung unrechtmäßig ist, Sie aber nicht möchten, dass wir Ihre personenbezogenen Daten löschen;
• wir die personenbezogenen Daten nicht mehr für unsere Verarbeitung benötigen, Sie jedoch die personenbezogenen Daten benötigen, zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen; oder
• Sie der Verarbeitung widersprochen haben, weil Sie der Ansicht sind, dass Ihre Interessen über unseren berechtigten Interessen stehen und noch nicht feststeht, ob dies zutrifft. Wir werden die Verarbeitung fortführen, sobald feststeht, dass unsere berechtigten Interessen gegenüber Ihren Interessen überwiegen.

Recht, eine zuvor erteilte Einwilligung in die Datenverarbeitung zu widerrufen

Sie haben das Recht, eine zuvor erteilte Einwilligung in die Verarbeitung Ihrer personenbezogenen Daten jederzeit ohne Angaben von Gründen zu widerrufen. Durch Ihren Widerruf wird die zuvor aufgrund Ihrer erteilten Einwilligung vorgenommene Datenverarbeitung nicht unzulässig.

Wenn Sie Ihre Einwilligung widerrufen möchten,

• kontaktieren Sie uns per E-Mail, telefonisch oder schriftlich (siehe "Wie Sie uns kontaktieren können")
• geben Sie uns ausreichend Informationen, damit wir Sie identifizieren können, und
• teilen Sie uns ggf. mit, welche Einwilligung Sie widerrufen möchten.

Recht, einer aufgrund berechtigter Interessen erfolgten Datenverarbeitung zu widersprechen

Sie haben das Recht, aus Gründen, die sich aus ihrer besonderen Situation ergeben, jederzeit gegen die Verarbeitung Sie betreffender personenbezogener Daten, die aufgrund überwiegender berechtigter Interessen von uns erfolgt, Widerspruch einzulegen. Wir verarbeiten Ihre personenbezogenen Daten dann nur noch weiter, wenn zwingende schutzwürdige Gründe für die Verarbeitung bestehen, die Ihre Interessen, Rechte und Freiheiten überwiegen oder wenn die Verarbeitung der Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen dient. Das Bestehen dieser Gründe weisen wir Ihnen nach.

Wenn Sie der Datenverarbeitung aufgrund berechtigter Interessen widersprechen möchten,

• kontaktieren Sie uns per E-Mail, telefonisch oder schriftlich (siehe "Wie Sie uns kontaktieren können")
• geben Sie uns ausreichend Informationen, damit wir Sie identifizieren können, und
• teilen Sie uns ggf. mit, welcher Datenverarbeitung aufgrund berechtigter Interessen Sie widersprechen möchten.

Recht auf Datenübertragung (Datenportabilität)

Sie können eine elektronische Kopie Ihrer personenbezogenen Daten anfordern, die bei uns elektronisch gespeichert sind und die wir verarbeiten, wenn wir einen Vertrag mit Ihnen geschlossen haben. Sie können uns auch darum bitten, diese direkt an einen Dritten zu übermitteln.

Recht auf Löschung

Sie können um Löschung Ihrer personenbezogenen Daten bitten, wenn:

• Sie der Ansicht sind, dass wir Ihre personenbezogenen Daten nicht benötigen, um sie für die Zwecke gemäß dieser Datenschutzerklärung zu verarbeiten;
• Sie in die Verarbeitung Ihrer personenbezogenen Daten eingewilligt hatten, Sie diese Einwilligung widerrufen;
• Sie der Verarbeitung widersprechen und wir keine berechtigten Interessen haben, die bedeuten, dass wir die Verarbeitung Ihrer Daten fortsetzen können; oder
• Ihre personenbezogenen Daten unrechtmäßig verarbeitet oder nicht gelöscht wurden, wenn dies erforderlich gewesen wäre.

Recht auf Beschwerde bei einer Aufsichtsbehörde

Es ist wichtig, dass Sie diese Datenschutzerklärung lesen und uns so schnell wie möglich informieren, falls Sie der Meinung sind, dass wir Ihre Daten nicht gemäß dieser Erklärung verarbeiten oder verarbeitet haben. Ebenso können Sie eine Beschwerde an die zuständige Aufsichtsbehörde richten.

Die für unser Büro in München zuständige Aufsichtsbehörde ist das Bayerische Landesamt für Datenschutzaufsicht (BayLDA), www.lda.bayern.de.

Die für unser Büro in Stuttgart zuständige Aufsichtsbehörde ist der Landesbeauftragte für den Datenschutz und die Informationsfreiheit in Baden-Württemberg (LfDI), www.baden-wuerttemberg.datenschutz.de.

Die Anschriften aller deutschen Aufsichtsbehörden sowie die Links zu deren Websites finden Sie unter https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

January 2021

Key summary

We process your data in order to provide legal services and other services to you. We may also process your data as a result of your relationship with one or more of our clients, or where you apply for a job or work placement, or provide us with services. We also collect personal information when you contact us, subscribe to one of our mailing lists or attend one of our seminars or events.

Other service providers play an important role in this relationship as we instruct them to assist with other professional services and administrative requirements. We liaise with them to ensure efficiency in business support tasks such as security, delivery, technology, payment, insurance, litigation support and archiving and storage.

Your information will be treated securely and in strict confidence, in line with our ISO27001 accreditation.

This notice explains what data we process, why, how it is legal and your rights. In order to do our best to be transparent, this privacy notice will be updated on an ongoing basis.

We also have produced a video notice to tell you the relevant points of what we do with your personal data.

• About us
• Useful words and phrases
• What information do we collect?
• Why do we process your personal data?
• How is processing your personal data lawful?
• Who will have access to your personal data?
• When will we delete your data?
• Your rights

About us

Gowling WLG (UK) LLP (Gowling WLG UK) is an independent entity and part of the Gowling WLG group.  Other Gowling WLG group entities operate in different countries. We decide what to do with your data in a different way in each country and so each of our entities is a separate 'data controller'. The data controller is responsible for the processing of your personal data according to the data protection laws.

Please see the legal information page for information on the Gowling WLG structure, our group entities, and who your data controller is.

Each country has different Data Protection Laws. In the UK, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679, and the Data Protection Act 2018 apply.

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• Your Rights
• The personal data we collect about you and why we collect the data;
• What we do with your data, and
• Who your information will be shared with.

If you need extra help

If you would like this notice in another format (for example: audio, large print, braille) please contact us.

How you can contact us

Please contact us if you have any questions about this Privacy Notice or the information we hold about you.

If you wish to contact our UK offices, please send an email to data.enquiry@gowlingwlg.com or write to us at Gowling WLG (UK) LLP, Two Snowhill, Birmingham, B4 6WR  or you may submit a complaint to the Information Commissioner's Office (ICO).

Changes to the Privacy Notice

We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure you are aware of the most recent version.

Useful Words and Phrases

Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Personal Data	This means any information from which a living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings.  It will also include expressions of opinion about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data or Special Categories of Data	This means any information relating to:   racial or ethnic origin; political opinions or affiliations ; religious or philosophical beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; or genetic data or biometric data
Processing	This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, reviewing, consulting, storing or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.
Data Subject	The person to whom the Personal Data relates.
Supervisory Authority	The authority responsible for implementing, overseeing and enforcing the Data Protection Laws.
Data Controller	This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.
Data Processor	This means any person who processes the Personal Data on behalf of the data controller.
Data Protection Laws	This means the laws which govern the handling of data - the list of laws listed at the top of this Privacy Notice.

What information do we collect?

Personal data provided by you

To provide you with our services, we may collect your information including:

• your name,
• address,
• phone number,
• email address,
• date of birth and other identity documentation that we need to collect to comply with legal and regulatory requirements

We will also collect Personal Data when you contact us, send feedback, subscribe to one of our mailing lists, attend one of our events or seminars or raise any complaint.

We will also collect information that you share with us to help us understand your situation, your hobbies and preferences and to represent your best interests when you instruct us/become a contact or client of Gowling WLG UK, or as a result of your relationship with one or more of our clients, where you supply us with services, or where you apply for a job or work placement.

Sensitive personal data

If we ask you to provide us with your sensitive personal data, we will explain why we need that data and how we intend to use it and your rights. If necessary we will ask you for your consent first.

Personal data about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can. In addition, where you give us personal data belonging to someone else, you must ensure that you have the necessary grounds, consents or authorisations to provide it to us. In some cases, we may obtain Personal Data regarding you from other persons, including clients to whom we provide legal services. For example, we may obtain information regarding directors, officers, or employees of our clients or other parties, witnesses, beneficiaries, adverse parties, related parties, parties in interest, business partners, investors, shareholders, security holders, buyers, business partners, and customers of clients.

Personal data provided by third parties

We will collect Personal Data directly from you, from clients or from authorised representatives and as otherwise permitted or required by applicable law. At times, we will also collect personal information from third parties such as regulatory and legal authorities, other organisations with whom you have dealings or who have a legal interest in such data, government agencies, credit reporting agencies, financial institutions, recruitment agencies and other people connected to recruitment, information or service providers, introducers and referrers and from publicly available records. 

We may obtain information about you from third parties in order to verify your identity, carry out anti-money laundering, anti-terrorism, sanctions screening and other background and credit checks. In performing these checks, personal information provided by you may be disclosed to that third party which may keep a record of that information. All information provided by you will be treated securely and strictly in accordance with the Data Protection Laws.

Why do we process personal data?

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

We collect your information so that we can:

• Deliver Legal Services - Provide legal and other services and products as instructed by you, answer your queries and provide you with information or materials you have asked to receive;
• Comply with our Legal and Regulatory obligations - such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations which may require you to provide name, address, employment/business and financial information, and/or other legally mandated forms of identification;
• Carry out administration - Bill for our work, carry out searches and checks, maintain internal records, which will include the collection of names, addresses, banking, financial details and creditworthiness; to maintain and develop our relationship with you; to carry out recruitment activities if you are applying for a job or placement with us; to analyse and help us manage our practice; to maintain and update our records.
• Carry out Business Development and Marketing - to carry out market research; market our own products and services to you, including as may be permitted by the applicable law, by email or other means and to keep your information and preferences accurate. We may also use and analyse the Personal Data provided to us to track and manage your consent preferences, event reservations and any unsubscribe requests. From time to time, we may wish to send you legal updates; newsletters; press releases; information about our events and the legal services we provide and other communications that we think will be of interest to you and/or your business. You can review and update your contact details and preferences or unsubscribe from our e-marketing communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com
• If you have consented to receive marketing materials from us, you can opt out at any time. See 'Your Rights' for further information. You can also manage your preferences by sending a message to  iaadmin@gowlingwlg.com
• Maintain Quality Standards - to meet high standards of quality and professional standards, and to obtain and maintain certification and accreditations which may involve audits of our internal processes;
• Manage Claims - pursue available remedies or limit any damages that we or our clients may sustain and to respond to any feedback or complaints that we may receive;
• Keep people and buildings safe -to help ensure security and for crime prevention; we may have CCTV cameras installed at the entrances to our premises and CCTV data is captured on cameras;
• To monitor our website usage to improve our services - please see our cookies policy which explains what cookies are and why we use them.

How is processing your data lawful?

We are allowed to process your Personal Data for the following reasons and on the following legal basis:

Consent

Where you have given consent - for example, where you have subscribed to a mailing list for us to send you legal alerts, information regarding updates/events or other information which may be of interest to you.

Contract

Where it is necessary for the performance of the contract you have agreed to enter with Gowling WLG UK. For example, because you are using Gowling WLG UK for legal advice, we are required to process your Personal Data for the purposes of performing our legal advice services appropriately and billing our services and by retaining us you agree that we may do so.

Legal obligation

Where we are subject to legal obligations to process your data for the purposes of compliance with applicable laws; for example, we are required to identify our clients in accordance with the anti-money laundering regulations in many countries and are required to gather and maintain records in compliance with health and safety legislation. We also have obligations pursuant to financial and tax legislation and reporting obligations in respect of tax administration.

Legitimate interest

Processing your Personal Data is also legal if it is based on our 'legitimate interests'. To process on this basis, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.

The following are examples of the purposes for which we will process your Personal Data on this basis:

• Client administration - to enable us  to maintain internal records
• To ensure regulatory compliance - for example that conflict checks are carried out before we start work and to erect information barriers to restrict access to certain information
• To enable us to maintain specific standards of quality in the professional services we provide and to obtain and maintain quality accreditations
• To permit us to pursue available remedies or limit any damages that we may sustain
• To permit us to manage and respond to any complaints
• To liaise with representatives of clients of corporates and other business clients
• To market our services
• To carry out recruitment and administer work experience and work placement activities

Please be aware that you have the right to object to the processing of your data for any of the legitimate interests identified.

Sensitive Personal Data

In certain circumstances, we may process your sensitive personal data for the following reasons and subject to the following exceptions:

• Consent
  For example, you have given your explicit consent for us to process your health information for the purpose of providing you with legal advice.
• Vital Interests
  Because it is necessary for us to protect your vital interest e.g. It is necessary for us to process your medical/health information, for the purposes of following our health and safety procedures if you are attending an event or visiting our buildings, which in turn could assist us if we are required to protect your life.
• Manifestly public personal data
  The data has been manifestly made public and only when it is necessary for our purposes and permitted by the applicable Data Protection Laws. For example, we ask you to provide your dietary requirements when you attend an event at our offices. We consider that you have made this data manifestly public to our organisation to help us protect you and to ensure your health and safety. We will keep this information confidential and restrict it to only those who need to know.
• Legal claims
  We are establishing or defending a legal claim for you as a client or in our own right.

Who will have access to your personal data?

In the course of providing our services and operating our business, we may disclose your Personal Data to:

• Other Gowling WLG offices, group entities and affiliates;
• Service providers whom we instruct to assist with the provision of legal or other services and products such as other professional advisors, and the administrative requirements associated with those services;
• Providers of certain business support tasks to Gowling WLG UK including security, delivery, technology, research, banking, payment, insurance, litigation support, translation, credit checking, archiving and storage;
• Providers of business development and marketing support services, in order to provide event and marketing support;
• Legal and or regulatory authorities including courts or public authorities who may compel disclosure, such as the Solicitors Regulation Authority (SRA), HMRC, Health & Safety Executive and National Crime Agency (NCA) in the event that we are required to make a disclosure under various legislation and regulation or where we have a legal, regulatory or professional obligation to do so or are required to protect the safety or rights of our clients, staff or others;
• Personal Data may also be subject to transfer to another organisation in the event of corporate transaction such as a merger, combination or acquisition, or change of ownership of our firm. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is used by the parties to carry out and complete the business transaction.
• Persons whom you instruct us to disclose your information to in the course of providing legal services, for example a party involved in a legal claim or transaction.
• If you wish to know more about the parties with whom we share Personal Data, please contact us.

International transfers of data between our offices

Transfers of your information out of the EEA

In the context of its global practice, Gowling WLG UK transfers Personal Data between its offices, the free flow of information being essential for the efficient conduct of its International business. A number of our offices and affiliates are located outside the European Economic Area. Transfers from Gowling WLG UK entities in the EEA to Gowling WLG UK entities in any country outside the EEA that is not deemed to offer an adequate level protection according to the European Commission shall be governed by a data transfer agreement containing model clauses offering an adequate level protection according to the European Commission, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach, unless we inform you that another appropriate safeguard has been put in place.

Gowling WLG (Canada) LLP ("Gowling WLG Canada") is an independent entity. Gowling WLG Canada has a separate privacy notice which describes how it processes personal information. For European data protection law purposes, the European Commission considers that Canada's federal privacy law offers adequate levels of protection to safeguard your privacy rights.

If you instruct us and if it is necessary, we will exchange information with law firms located in other jurisdictions.

How we keep your data secure

We have robust information security management systems in place to protect your personal information and are ISO27001 accredited. ISO27001 is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management.

If you have any particular concerns about your information, please contact us (see 'How to contact us?' above).

When will we delete your data?

We retain personal data in line with our internal policies, contractual terms and where necessary for us to meet our legal, regulatory and professional obligations. Our default retention periods will differ, depending on the country which is providing your services. In any case, the criteria that we apply is to delete data when it is no longer necessary for us to hold it.

Type of work/data	Minimum Retention Period
Original Documentation	Permanently, or until returned to you
File documentation	Six years
CDD documentation	Six years after the end of the client relationship
Contracts with suppliers/third parties	Six years after expiry of contract
Complaints, correspondence and data relating to complaints	Six years following closure of the complaint
Professional negligence Claims, correspondence and data relating to PII claims	Six years following conclusion of the claim
Applications/CVs/interview records for jobs-unsuccessful	Twelve months after notifying unsuccessful candidates (unless we have obtained express consent from the candidate to hold for longer)

Your rights

As a data subject, you have the following rights under the Data Protection Laws:

• the right of access to Personal Data relating to you;
• the right to correct any mistakes in your information;
• the right to ask us to stop contacting you with direct marketing;
• rights in relation to automated decision making; 
• the right to restrict or prevent your Personal Data being processed;
• the right to have your Personal Data ported to another data controller (e.g. if you decide to contract with a different service provider); and 
• the right to erasure.

These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your Personal Data by us, please contact us (please refer to section "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to access Personal Data relating to you

You may ask to see what Personal Data we hold about you and be provided with:

• a copy;
• details of the purpose for which it is being or is to be processed;
• details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
• the period for which it is held (or the criteria we use to determine how long it is held);
• any information available about the source of that data; and
• whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the Personal Data easily, please provide us as much information as possible about the type of Personal Data you would like to see.

Right to correct any mistakes in your information

You can require us to correct any mistakes in your Personal Data which we hold free of charge. If you would like to do this, please:

• email, call or write to us (see "How to contact us")
• let us have enough information to identify you, and
• let us know the Personal Data that is incorrect and what it should be replaced with.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

• See "How can you contact us" above
• You can review and update your contact details and preferences or unsubscribe from our communications at any time via the links in our e-marketing messages or by e-mailing us at iaadmin@gowlingwlg.com.

Rights in relation to automated decision making

We do not make any automated decisions about you so this right does not apply.

Right to prevent processing of personal data

You may request that we stop processing your personal data temporarily if:

• you do not think that your Personal Data is accurate. We will start processing again once we have checked whether or not it is accurate;
• the processing is unlawful but you do not want us to erase your Personal Data;
• we no longer need the Personal Data for our processing, but you need the Personal Data to establish, exercise or defend legal claims; or
• you have objected to processing because you believe that your interests should override our legitimate interests.

Copies of your Personal Data (data portability)

You may ask for an electronic copy of your Personal Data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to erasure

You can ask us to erase your Personal Data where:

• you do not believe that we need your Personal Data in order to process it for the purposes set out in this Privacy Notice;
• if you had given us consent to process your Personal Data, you withdraw that consent and we cannot otherwise legally process your Personal Data;
• you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
• your Personal Data has been processed unlawfully or have not been erased when it should have been.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the competent supervisory authority.

Contact the Information Commissioner's Office. Information about how to do this is available on his website at www.ico.org.uk.

November 2019