Bryan Cave Leighton Paisner Privacy Notice

New update:

25 May 2018 to include the additional detail required under the EU General Data Protection Regulation (“GDPR”), including in respect of the Legal Basis and Permitted Purposes for the processing of your personal information, relevant retention periods, your rights under GDPR, and our privacy contacts. 

We have also updated our cookies information, and combined our notices for clients, job applicants, suppliers and other third parties into this consolidated Privacy Notice.

Jump down to the sections


Bryan Cave Leighton Paisner (the “ BCLP Group”, “we”, or “us”) respects your privacy. This Privacy Notice (“Notice”) explains how we use (“Process”) your personal information (including personal information that you provide to us about other persons) (together, “Personal Information”). It also explains your privacy rights and how you can exercise them.

Bryan Cave Leighton Paisner LLP, the limited liability partnership registered in England & Wales under number OC315919 and with a registered office at Adelaide House, London Bridge, London EC4R 9HA, UK (“BCLP UK”),  is responsible (i.e. it is the ‘Data Controller’) for the Personal Information it collects about you (including through the www.blplaw.com website). When you provide Personal Information to another BCLP Group entity (“BCLP Firm”), as named in the relevant email sign-off,  letterhead of business card of your BCLP contact (or visit a website managed by them, as set out in their website terms of use), that firm will be the Data Controller for that Information.    

The type of Information we collect and how we Process it will vary depending on the  relationship we have with you (e.g. whether you are a client, a supplier, applying for a role with us, or someone else) and the context - see the relationship-specific sections of this Notice for further details. If you are a current BCLP Group employee, self-employed consultant or lawyer, trainee, intern, secondee, volunteer or any other employee or contractor (together “Staff”) or Partner, see our Staff Privacy Notice instead.

Please note in particular that:

  1. As a regulated law firm, we are required by applicable rules to undertake appropriate: (a) pre-hiring checks of our Staff and Partners; and (b) vetting of other third parties (including of our clients and related parties, and of suppliers). These checks/vetting will involve the collection of criminal and regulatory records where appropriate and legally permitted;
  2. We monitor and record electronic communications to ensure compliance with applicable rules and law and our internal policies, and for business continuity purposes;
  3. We use cookies on our website and in marketing emails to help us manage and improve our websites, your browsing experience, and the material/information that we send to our subscribers; and
  4. As a global business, we will share certain Personal Information with our global offices and select third parties, subject to appropriate safeguards.

We will publish updates to the Notice on this website, with relevant changes highlighted  as appropriate. Where we hold or Process your Personal Data, we will also take appropriate measures to inform you of any amendments which have a material impact on you and your ability to exercise your privacy rights.   

If you have any questions regarding our processing of your Personal Information or would like to exercise your privacy rights, please email us or see the ‘Contacts and Other Important Privacy Information’ section of the Privacy notice.

Further information for clients > 

Sections:

How we collect Your Personal Information

We collect Personal Information to provide our legal services, for legal and regulatory purposes and to manage our business and relationships. For further details, please see the ‘Use of your Personal Information’ section of this Notice below. 

You will voluntarily provide most of your Personal Information directly to us. We will also obtain Personal Information from other sources or persons, including: 

Public information Personal Information about you or your business which is publicly available, for example on your employers’ website, public professional social networking sites, the press; and relevant electronic data sources.
Information from third parties Personal Information provided to us by third parties (for example by our or your clients; agents; suppliers; advisers; consultants, lawyers and other professional experts; counterparties; previous, current and future employers; complainants, correspondents and enquirers;  regulators and public authorities; relatives; and other persons) where such Information is provided to us in connection with the relevant purposes set out in this Notice.
Information collected through our websites We use cookies on our website and certain marketing emails which collect your IP address and certain other information from you when you visit our websites. For further details, please see the ‘Marketing, cookies and profiling’ section below. 

 

Sometimes the provision of your Personal Information to us by third parties will be unsolicited and/or provided in confidence (for example, reports made to us by regulators and other persons) and we will be unable to notify you of this. In all cases we shall take such necessary steps to ensure that Personal Information is obtained and used in a fair and lawful way.

Back to the top

The types of Personal Information that we collect

The categories of Personal Information we collect will vary, depending on our specific relationship with you, and the context. 

We will not be able to further our relationship with you (for example, to provide you with legal services if you are a client, recruit you, or engage you if you are a potential supplier) without certain Personal Information. We will inform you at the relevant time if this is the case.

We will in most cases need to collect your work details (such as your name, job title, work address, office email and telephone number). Other types of Personal Information which we will typically collect includes, for example: 
 

Type of Data Examples Context
Identification details Your passport/ID and proof of address. We will typically ask for this as part of our client and supplier due diligence, and pre-hiring checks. Please see the relevant relationship-specific section below for further details.    
Personal contact details Your home address, mobile number and personal email address. We will usually ask for this if you: (a) are applying for a position; (b) do not currently have office/work contact details; or (c) are a member of our alumni program.
Your activity on our websites Including your IP address, details of the webpages you visit, articles you download and the website you came to us from.    These are collected through cookies and other electronic logs which are created when you visit our websites. For further details, please see the ‘Marketing, cookies and profiling’ section below
Calls to our UK switchboard overflow Call recordings. In the UK, calls to our switchboard which cannot be answered by our Staff (for example because our telephone lines are busy) are directed to a supplier, who records the calls for training and quality purposes. We do not record general calls answered by our in-house switchboard or other Staff.  

 

Security and business continuity

We operate security and business continuity systems and procedures which involve the Processing of the following types of Personal Information where appropriate and applicable local law permits us to do so :   
 

Type of Data Examples Context
CCTV Images Images captured by certain of our offices’ CCTV cameras. In those offices where applicable local law permits us to, these are monitored by our security Staff based in London and other jurisdictions, and images will be recorded for security purposes and for the prevention of crime.
IT logs and online identifiers Incoming and outgoing email, telephone and similar communications records; and other IT logs. Our IT systems automatically filter email and instant messaging communications for viruses and compliance with our internal policies. Usage of our IT systems (and access to secure office areas) is also automatically logged. Where appropriate and local law permits  us to, we will  monitor such communications and logs to ensure compliance with applicable rules and law and our internal policies, and for business continuity purposes.

 

Special categories of information

In certain circumstances we will need to collect more sensitive Personal Information, such as (unless applicable local law prevents this) diversity and health data, and details of offences, regulatory action and related proceedings (“Sensitive Information”). Such information may be collected from you or, in those jurisdictions where it is permitted under applicable local law, from third parties. 

This will typically be more relevant: (a) for new/current Staff and Partners; (b) where necessary to enable us provide you with our legal services; or (c) as part of our due diligence on third parties (including clients and related persons, and suppliers) – please see the relationship-specific sections of this Notice for further information.

Sensitive Information may also be inadvertently disclosed to us (for example, if you provide us with your dietary requirements for the purpose of a business meal - which may give an indication your religion or health. Providing the name of your spouse or partner to us may also reveal your sexual orientation). 

We will only request Sensitive Information where necessary and we are legally allowed to, and will put in place enhanced safeguards to protect such Sensitive Information.

Further information for clients, applicants and suppliers >

Back to the top

Use of Your Personal Information

Our Processing of your Personal Information will include obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, copying, analysing, amending, retrieving, using, systemising, storing, disclosing, transferring, retaining, archiving, anonymising, erasing or destroying it by automated or non-automated means. 

The GDPR require us to communicate to you the purposes for which we Process your Personal Information (the “Permitted Purposes”), together with the corresponding ‘Legal Basis’. These are summarised in the tables below. As the GDPR requirements are new, the way we have grouped the Permitted Purposes and Legal Basis may change as more regulatory guidance and market practice develops.

Although applicable Data Privacy Laws in jurisdictions outside the European Economic Area (the “EEA”) adopt similar purposes of processing, there may be circumstances where some of these lawful purposes are modified by local legislation. For example, in Russia and certain other jurisdictions ‘legitimate interests’ is not specifically recognised as a legal basis for Processing (and we would need your written consent to process Sensitive Information in particular, subject to limited exceptions). Further information can be sought from our Privacy Officers (see the ‘Contacts and other important privacy information’ below). In the event of any inconsistency, the local legislation will prevail.

Further details on: (a) security and business continuity arrangements; (b) client due diligence, pre-hire checks and supplier vetting; and (c) equal opportunities monitoring and reporting, can be found in ‘The types of Personal Information that we collect’ section above. For further information about marketing, cookies and profiling, please see the ‘Marketing, cookies and profiling’ section.

General Permitted Purposes

We Process Your Personal Information for one or more of the following general Permitted Purposes. Where the Processing involves Sensitive Information, see also the second table under the heading ‘Sensitive Information’.

Legal Basis Permitted Purpose
Where it is necessary to perform our contract with you or to take steps at your request to enter into the contract For example: 
(a) to perform our legal and related services and provide legal advice if you are a client (including related client files management; order/matter acceptance, modification and processing; and for billing purposes and billing follow-up as applicable);  
(b) to employ/engage you if you are applying for a position;
 (c) to enter into or perform our agreement with you if you are a supplier or external adviser (including supplier account management; purchase order processing; and for payment of invoices); or
(d) to enter into or perform any other contract/agreement we may have with you.  
Where it is necessary for compliance with a legal obligation For example: 
(a) to carry out internal conflicts and other regulatory checks on new client matters and to undertake appropriate client due diligence in accordance with anti-money laundering law; 
(b) to perform appropriate pre-hiring checks of Staff and Partners in accordance with our professional obligations; 
(c) to undertake appropriate vetting of suppliers and external advisers (for example, to comply with our obligations under applicable privacy, tax payment and tax evasion, modern slavery, anti-bribery and corruption and confidentiality rules); 
(d) to protect our and our clients’ Personal Information, and other information, property and assets; 
(e) for health and safety and workplace accident prevention compliance;
(f) for equal opportunities monitoring and reporting purposes; 
(g) to co-operate with our regulators and other public authorities (including by responding to their requests for information; undertaking internal investigations; and complying with our reporting and other professional obligations); and 
(h) to comply with any other obligation to which we are subject under applicable rules and law.  

Where it is necessary for the purposes of our or another party’s legitimate interests, except where these are overridden by your interests, rights or freedoms

For example: 
(a) to ensure compliance with our internal policies; 
(b) for general security and business continuity purposes;
(c) for business management and financial planning (including management of suppliers; business process improvement and quality purposes; management reporting and reviewing records; accounting and auditing; and corporate due diligence);
 (d) for managing insurances, complaints, potential and actual claims; 
(e) to ensure the effective provision of legal services to clients and enhance our international business and cross-border offerings; 
(f) for the improvement of our recruitment and other business processes; 
(g) for training and continuing professional development purposes; 
(h) to manage our alumni programme and network; 
(i) for advertising, marketing and public relations purposes, including preparing client pitches and other business development material such as deal credentials; sending you legal blogs, legal updates, news and industry updates, events, promotions and competitions, reports and other information; 
(j) to organise corporate events and to carry out market research campaigns;  
(k) to protect, manage and improve our websites, and other services (including: (i) to make sure our websites function as they should; (ii) to recognize you when you return to the websites; (iii) to analyse how our websites and online services are performing; and (c) to present you with customised options relating to your interests;) 
(l) for any other legitimate purpose communicated to you at the time of collection of your Personal Information. 
We consider that our legitimate interests and these uses are  proportionate, and compatible with your interests, legal rights or freedoms. Details of the balancing test undertaken in respect of such Processing is available upon request.  
Where you provide your consent For example: 
(a) to deal with your enquiries and requests for information about our firm and services; 
(b)  to the extent applicable laws in certain jurisdictions require your consent for advertising, marketing and public relations purposes;  
(c) where you ask us to apply for or to renew, your practising certificate, foreign lawyer registration, work visa or other regulatory registration/authorisation on your behalf; and  
(d) where you otherwise provide us with your valid consent. 
 
Where it is necessary to protect your vital interests or that of another person For example the disclosure of your Personal Information to medical staff in the event of medical emergencies.

 

Sensitive Information

Where we are legally permitted to do so and one of the general Permitted Purposes apply, we will Process Sensitive Information for one or more of the following additional Permitted Purposes:

Legal Basis Permitted Purpose
Where it is necessary for reasons of substantial public interest, on the basis of applicable law For example:  
(a) In the UK and certain other jurisdictions where this is legally permitted, Processing  details of criminal and regulatory offences, allegations and other Sensitive Information:
(i) for the prevention or detection of fraud and other unlawful acts;
(ii) to comply with our money laundering and terrorist financing reporting requirements; and/or 
(iii) to protect the public against dishonesty, malpractice or other seriously improper conduct; unfitness or incompetence; mismanagement or failures in services.
(b) In the UK and certain other jurisdictions where this is legally permitted, Processing of data concerning your health, diversity data and other Sensitive Information for equal opportunities monitoring and reporting purposes.  
(c) Processing which is necessary for any other valid public interest reason. 
 
Where the processing is necessary for the establishment, exercise or defence of legal or regulatory claims For example, in the UK and certain other jurisdictions where this is legally permitted, where the Processing of details of criminal and regulatory offences, allegations and proceedings and other Sensitive Information is necessary:  
(a) to make or defend a claim, complaint or regulatory allegation on your behalf if you are a client; 
(b) to exercise our legal rights against third parties;
(c) to defend claims, complaints or regulatory allegations made by you or other persons against us; and/or
(d) for the establishment, exercise or defence of any other claim.
 
Where the processing relates to Sensitive Information manifestly made public by you  For example, Sensitive Information included on your employer's website, your LinkedIn profile, the press, or otherwise online and/or in public, which is Processed for one or more of the general Permitted Purposes.
Where it is necessary to protect your vital interests or that of another person where you/they are physically or legally incapable of giving consent For example the disclosure of your Sensitive Information to medical staff in the event of medical emergencies in circumstances where consent cannot be provided.  
Where you provide your explicit consent, except where applicable law prevents it For example: 
(a) Where you ask us to apply for or to renew, your practising certificate, foreign lawyer registration, work visa or other regulatory registration/authorisation on your behalf which requires the disclosure of details of criminal and regulatory offences, allegations and proceedings and other Sensitive Information; 
(b) You ask us to include information about your racial or ethnic origin or sexual orientation for consideration in public diversity awards;  
(c) You consent to us using your witness statement to investigate a health and safety incident or workplace accident; and/or
(c) You otherwise provide your valid explicit consent. 
 


Back to the top

Marketing, Cookies and Profiling

We generally rely on our legitimate interests to Process your Personal Information for marketing purposes.

We will inform you in advance of sending you marketing (unless this is reasonably obvious in the circumstances - for example, when you provide us with your business card during a formal meeting).

To the extent applicable laws in certain jurisdictions (for example in Russia) require consent, your provision of Personal Information to us will be deemed as confirmation of your consent to such Processing where appropriate. Where required, we will also ask you to provide your explicit written consent.

Cookies

We use cookies (small text files placed on your device) and similar technologies on our websites and marketing emails to:  

  1. make sure our websites function as they should;
  2. recognize you when you return to the websites (for example, to remember your login details so that you do not need to re-enter it on subsequent visits); 
  3. analyse how our websites and online services are performing (for example to understand how people arrive at and use our website so that we can make it more intuitive); and
  4. to present you with customised options relating to your interests, based on your previous use of the websites (for example, where you are known to us, we will keep a record of the articles on our website that you have clicked on/downloaded, and use that information to send you material which we have identified as relevant to your interests). 

Read our full list of cookies we use

Please note that some of the cookies on our website are third party cookies (e.g. Google advertising cookies) which we do not control. Our list of cookies indicates where this is the case, with a link to the third party’s website. Please view the relevant website for details of their privacy policy.

If you are concerned about cookies, most web browsers (Safari, Internet Explorer, Chrome etc) now recognize when a cookie is offered and allow you to opt-out of receiving it. You can also delete all cookies that are already on your browser. If you choose to do this, you may have to manually adjust some preferences every time you visit our websites and some services and functionalities may not work.

For more information about cookies and how to disable and/or delete them, please visit www.allaboutcookies.org

Profiling

Where you are known to us and have been added to our contacts database, we will: (a) use your marketing and content preferences, and other Personal Information you provide to us (including details of your attendance at, or interest in, events) in an identifiable format to build a profile for you; and (b) supplement this profile with information about how you use our websites, review our content and interact with us. We use this profile to try and ensure that you only receive material and information from us that you are likely to find of interest.

Changing your marketing preferences

You can change your preferences for receiving group marketing emails, legal updates and other information from us by clicking on the ‘update your preferences’ link in a BCLP Group marketing email.

You also have the right to ask us not to process your Personal Information for marketing purposes - and can exercise the right at any time by sending us an email at privacy@bclplaw.com, or clicking on 'unsubscribe' in a BCLP Group marketing email.

Back to the top

Where is your Personal Information stored and who will it be shared?

Electronic information is stored by us in our regional secure servers in the EU, Russia, Asia and the US. In those jurisdictions where there are applicable local rules on the storage of Personal Information (such as in Russia and certain other countries), we will put in place appropriate arrangements to comply with those local requirements.     

Your Personal Information will, where appropriate, be shared with our relevant Partners and Staff (or groups of them), who may be based in any of our offices. Please refer to the Our Locations section of our website for a list of our current offices and their locations.

We will also at times need to share some of your Personal Information with select third parties, such as: 

Persons related to you Your agents, consultants, other advisers, counterparties, beneficiaries, trustees, banks  and related persons who operate or are based around the world, where you ask us to, or as otherwise necessary for the Permitted Purposes.
Persons related to us

Our agents, consultants and other professionals, suppliers and external agencies/administrators who assist us with legal, administrative, financial, operational and other services, and may have access to certain of your Personal Information as part of their role. These will include, for example: 
(a) IT software, applications and services, including web content management, recruitment and telecommunications services  suppliers; website, online portal and client extranet providers; 
(b) business continuity/disaster recovery and data back-up providers;
(c) our file storage and management suppliers; 
(d) third party due diligence and identity/background verification suppliers; 
(e) our banks and other financial providers (such as currency exchange, e-billing and outsourced payroll suppliers);
(f) our insurers, insurance brokers and lawyers; 
(g) our auditors and other professionals engaged for audit purposes;  
(h) debt collection agencies;
(i) local lawyers, tax advisors or experts; and
(i) other professional advisors. 
Our suppliers will usually be based in those countries where we have offices mentioned above. Other agents, consultants and professionals may be based in other countries where we do not have offices. 

Current or potential affiliates and successors in title to our business, who may be based around the world.   

Business partners (for example, other law firms or financial/tax advisers and other professionals) with whom we collaborate to provide joint services to you or to organise joint corporate events. 

Courts/tribunals; and law enforcement,  regulatory and public authorities Where disclosure is required by applicable rules and law, or by any court, tribunal, law enforcement, regulatory, public or quasi-governmental authority or department around the world.  
Other involved persons

If you attend an event organised or hosted by us, we may disclose your details to others who attend or participate in the organisation of that event (as notified to you).

Any other persons with whom we may interact on your behalf or at your request and/or where this is otherwise necessary in connection with the Permitted Purposes.  

(collectively, “Select Third Parties”)

We do not disclose (or sell) your Personal Information to any other third parties.

This Processing will involve the transfer (sometimes via cloud computing) of some of your Personal Information to other countries whose privacy laws may not be as comprehensive to those where you are based.

Where third party and/or cross-border transfers take place, we will put enhanced confidentiality and information security safeguards in place to ensure the lawfulness of the transfer, and protect your Personal Information. For further details, please see the Security of your Personal Information and data breaches section of this Notice below. 

Further information for clients >

Back to the top

Security of your Personal Information and data breaches

We operate a range of technical, non-technical and procedural controls to safeguard your Personal Information (including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage). In particular:

The use of: (a) firewalls, encryption, filtering, vulnerability scanning tools and periodic penetration tests; (b) physical and technical controls on, and monitoring of, access to our premises and systems; and (c) Business Continuity and Disaster Recovery Plans.
We only engage reputable suppliers, and undertake appropriate information security and regulatory compliance due diligence on them. Where suppliers will have access to our and/or our clients’ information, they are also made subject to strict contractual provisions requiring them to ensure any Personal Information is kept secure, and is only used in accordance with our instructions (or as otherwise and to the extent strictly required by law, if applicable).
All our Partners and Staff who handle Personal Information are subject to confidentiality obligations, have to comply with our internal compliance policies, and receive appropriate data protection and information security training.
Our internal data protection compliance framework includes: (a) internal data protection and information security policies, systems and procedures; (b) a Data Privacy Steering Group (comprising senior cross functional leadership of the firm) to consider and make policy decisions regarding data privacy; and (c) a specialist data privacy compliance team, comprising Regional Privacy Officers for EMENA, the US and Asia and a Data Protection Officer for Germany, led by our international Compliance Officer for Data Protection who reports to the BCLP Board (for further details), please see the Contacts and other important privacy information section below). They are supported by experts from other offices who are responsible for IT systems and Information Security, Marketing and Human Resources.
Where your Personal Information is transferred to other countries, we will put appropriate safeguards in place to ensure the lawfulness and security of the transfer. For example, all transfers of Personal Information to our offices outside of the EEA are based on the EU Commission’s standard contractual clauses. We will also put such arrangements in place with third parties as appropriate. Where required under applicable local law, we will seek your consent to the transfer.  

 

We keep these arrangements under regular review, taking into account security and compliance best practices, current risks, threats, vulnerabilities, mitigating controls, technology, and changes in applicable legal requirements.  

However, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Information transmitted to our websites – and any such transmission is at your own risk. Our websites may also, from time to time, contain links to third party websites - which are outside of our control and are not covered by this Notice. If you access other websites using the links provided, please check their privacy policy before submitting any Personal Information to them.

Data Breaches

If a data breach (leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Information) occurs which is likely to result in a high risk of adversely affecting your rights and freedoms, we will inform you of this without undue delay.

Where legally permitted, any such notifications will be made either via email, post or telephone. 

Back to the top

How long we keep Your Information

We will only keep your Personal Information in an accessible form which can identify you for as long as we need to for the Permitted Purposes.

As retention periods can vary significantly depending on the Permitted Purpose and the relevant jurisdictions concerned, it is not possible for us to commit to an overall retention period for all of your Personal Information held by us. For example, we are under legal obligations to keep certain records for specific periods which will usually extend after the end of a contractual relationship (including minimum statutory retention periods in respect of tax, immigration and payroll records; and client due diligence documents - which vary from jurisdiction to jurisdiction).  

As a result, we use certain categories and criteria to determine how long we keep certain of your Personal Information, and these are set out below. Where your Personal Information is used for more than one Permitted Purpose (and/or in more than one jurisdiction), there will be overlapping retention periods in respect of that Information. In such cases, we will retain your Information for the longer of those overlapping retention periods. We will also transfer paper files into, and store them in, electronic format where appropriate.

Type of Personal Information Retention Period
Personal Information Processed in connection with client matters Up to 13 years after the date of our final bill for the relevant matter, unless: 
(a) otherwise required by applicable law; 
(b) where required for regulatory, compliance or insurance purposes; 
(c) where a longer limitation period applies in respect of specific types of actions/documents; and/or in the event of a dispute which requires it to be kept for longer; 
(d) where  you ask that we retain some of your original documents (such as wills and trust documents) on your behalf for safekeeping - in such circumstances, we will retain the documents for such period (and on such terms) as agreed between us; or             
(e) there is another legitimate reason which requires it to be kept for longer. 
Personal Information Processed in connection with your application for a role Unsuccessful applicants - up to 2 years after the date of notification that their application has not been successful, unless: 
(a) otherwise required by applicable law; 
(b) you consent to us storing it for longer (for example to consider you for future roles); or 
(c) in the event of a dispute or other legitimate reason which requires is to be kept for longer.

Hired applicants – it will be necessary to retain most of your Personal Information together with the information processed in connection with your employment/engagement or partnership.  Please see our Staff Privacy Notice for details. 
Personal Information relating to suppliers and the services they provide to us Up to 13 years following the end of our business relationship, unless: 
(a) otherwise required by applicable law; 
(b) you consent to us storing it for longer; 
(c) the Information forms part of files which are required to be kept for longer (for example where you were involved in one of our client matters); or 
(d) where a longer limitation period applies in respect of specific types of actions/documents; and/or in the event of a dispute or other legitimate reason which requires it to be kept for longer.    
Personal Information used for marketing purposes For as long as you have not opted out of our marketing. If you ask us to no longer use your Personal Information for marketing purposes, we will need to retain certain of your details in our database to ensure that we do not accidentally send you marketing material.
Personal Information held in our electronic backups Our electronic backups are retained for 12 months (28 days for our US and certain other offices) for business continuity reasons, following which they are deleted. 

 

Where we no longer require your Personal Information, we will take steps to delete or anonymise it. There will be circumstances where certain Information cannot be permanently deleted or anonymised, for example because it is stored in our back-ups for business continuity purposes.

In such cases, we will take appropriate steps to minimise (and pseduonymose where technically practicable) the Personal Information that we hold, and to ensure that it is: (a) not used in connection with any decision involving you; (b) not shared with anyone, except where we are legally required to do so (e.g. following a court order); (c) kept secure and virtually inaccessible; and (d) permanently deleted if, or when, this becomes technically possible.

Further information for clients >

Back to the top

Your rights

The following privacy rights apply under the GDPR. Although applicable data protection legislation in relevant jurisdictions afford similar rights, there may be circumstances where some of these rights do not apply under or are modified by, local law. Further information can be sought from our privacy contacts. In the event of any inconsistency, the applicable local legislation will prevail.   

Right to be informed You can ask us to provide you with privacy information about how we Process your Personal Information. That information is set out in this Privacy Notice, together with any other specific notices which are provided to you at the  time of collection of your Information.
Right of access

You can request us to confirm whether we Process your Personal Information. 

You can also ask us to access your Personal Information. 

Right to rectification and erasure

In the event that we hold inaccurate or incomplete Personal Information, you can ask us to rectify or complete that Information.

You can also ask us to erase your Personal Information. This right is not absolute and only applies in certain circumstances.  

Right to restrict processing You can ask us to restrict the Processing of your Personal Information (or to suppress it) for a certain period of time. This right is not absolute and only applies in certain circumstances.
Right of data portability

You can ask us to move, copy or transfer your Personal Information back to you or to another person under certain circumstances. This right only applies: (a) to Personal Information you have provided to us as a Data Controller; (b) where the Processing is based on your consent or for the performance of a contract; and (c) when processing is carried out by automated means. 

Right to object

You can ask us at any time to stop Processing your Personal Information for marketing purposes. 

Where there are legitimate grounds to do so, you can also object to us Processing your Personal Information on the basis of our legitimate interests and in certain other situations.

Right to withdraw consent Where we are Processing your Personal Information on the basis of your consent, you can withdraw that consent at any time.  
Rights in relation to automated decision-making and profiling

You have the right to: (a) ensure that any significant decisions affecting you are not made purely by automated means based on an online profile or other information (i.e. a person is involved in the decision-making), and (b) that you can express your views and to challenge the decision. 

We are also under obligations to ensure that any profiling is undertaken in a fair and transparent way. 

 

For further details about these privacy rights under GDPR (including their limitations), please see the European Commission’s website.

To exercise your rights, please send a written and dated request (a “Request”) to privacy@blplaw.com, or speak to the relevant contact. Please note that:

  • We will need to verify your identity in order to be able to comply with certain of your Requests.
  • When you Request access to your Personal Information, there will be some Personal Information which we are not able to disclose to you, such as documents which include confidential or personal information about another entity or person; documentation relating to management forecasting or planning; legally privileged documents; and copies of references.  
  • We will not be able to comply with your Request in certain circumstances, for example where your Request is manifestly unfounded or excessive.

We hope to address any enquiry or Request to your satisfaction, but if we do not, you have the right to lodge a complaint with the relevant data protection regulator in the country where you normally live or work, or where an alleged breach of data protection is said to have occurred (such as the Information Commissioners’ Office in England

Back to the top

Contacts and other important privacy information

The identity of the BCLP Firm which is the Data Controller for each of our offices is on our website legal notices. For contact details, please see Our Locations

BCLP UK acts as the representative of those relevant BCLP Firms established outside the EEA for the purposes of the GDPR, and we have elected the UK Information Commissioner’s Office as the BCLP Group’s lead data protection regulator for GDPR purposes.

We have appointed a Compliance Officer for Data Protection for the BCLP Group, supported by our Regional Privacy Officers. Where required by local law, we have also appointed statutory Data Protection Officers for certain of our offices. Their details are as follows:

  Location Offices Responsible for
The Compliance Officer for Data Protection / Regional Privacy Officer for Europe and the Middle East

London office

UK, Brussels, Paris, Moscow, United Arab Emirates, Tel Aviv

The Data Protection Officer, Berwin Leighton Paisner (Germany) LLP

Berlin office

Berlin, Frankfurt (An der Welle 3 office)
The Data Protection Officer, Bryan Cave Leighton Paisner LLP

Hamburg office

Frankfurt (Taunusanlage 18 office), Hamburg

The Data Protection Officer, Singapore / Regional Privacy Officer for Asia Singapore office Singapore, PRC, Hong Kong
The Regional Privacy Officer for the United States Boulder office US


If you have any queries regarding this Privacy Notice or our processing of your Personal Information, please email us at privacy@bclplaw.com. You may also:

  • Write a letter to the ‘Privacy Officer’ (or the ‘Data Protection Officer’ where applicable) at the relevant office; or
  • Speak directly to the Compliance Officer for Data Protection in our London office.  

Back to the top

This site uses cookies to help us manage and improve the website, your browsing experience, and the material/information we send to our subscribers. For further information about cookies, including how to change your browser settings to no longer accept cookies, please view our Privacy Notice. Otherwise we will assume you are OK to continue.