Privacy policy


Important information about your privacy

Any personal information we collect from you is processed in line with applicable data protection laws including the EU General Data Protection Regulation (GDPR) and this notice. When you use our website, our Privacy Policy located on our website applies.

Withers LLP (“we”, “us” and “our”) is the ‘data controller’ for the personal information you share with us.

If you have any specific concerns around the privacy of your personal information or require further information about how we manage your personal information, please get in touch with us directly:

By post: GDPR Office, 20 Old Bailey, London, EC4M 7AN

By phone: +44 (0) 20 7597 6303

By email: GDPROffice@withersworldwide.com


HOW WE COLLECT DATA

As a Withers LLP client, we collect personal information about you in connection with our legal products and services in the following ways:

  • from your application for a Withers LLP product or service; (either for yourself or for our client whom you represent)
  • through analysis of your transactions and activities with us
  • publicly available sources, such as Companies House
  • as part of our new business intake procedures in the course of providing you with legal services
  • your personal interactions with us, such as face to face meetings, telephone calls, correspondence, various forms of electronic communications and your use of our website
  • analysis of your dealings and transactions with us
  • by consulting third parties, such as credit reference agencies, market research, surveys, social networking sites, fraud prevention agencies, government and law enforcement agencies
  • reviewing information about you and third parties from sources which are publicly available, such as Companies House.

INFORMATION WE COLLECT

Personal information we collect may include:

  • basic data such as your name, surname, title, date of birth and gender and your relationship to other persons
  • contact data such as postal address, email address and telephone numbers
  • financial data such as your bank account details, and payments made to and received from you
  • new business intake data such as the numbers of your identity documents and other data provided by you or collected by us as part of our new business intake and client due diligence procedures
  • marketing and communications data such as your preferences in receiving marketing from us and our third parties and your communication preferences
  • matter related data such as Personal data provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data and criminal convictions and offences
  • business administration and administrative purposes.

HOW THE LAW PROTECTS YOU

We are allowed to use personal information only if we have a suitable legal basis to do so. We will only process your personal data on one of the following legal bases:

  • to fulfil a contract we have with you
  • when it is our legal duty
  • when it is in our legitimate interest and is not overridden by your interests, rights and freedoms
  • when you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information including but not limited to internal administrative purposes, product development and enhancement, preventing fraud, ensuring network and information security. However, this is only where our legitimate interests are not overridden by your interests, rights and freedoms.


HOW WE USE YOUR PERSONAL INFORMATION

We may use your personal information for the following purposes:

  • to create and administer your client account and administer your account to help tailor our services to you
  • to communicate with you, and provide information on specific products and/or services when you request it
  • to help us prevent, detect and investigate fraud and other financial crimes
  • in order to meet our legal obligations, such as conducting Anti-Money Laundering and Know Your Customer checks
  • to maintain the security of our services, as well as to detect and investigate activities that may be illegal or prohibited
  • to send you marketing information. You can unsubscribe from receiving these communications at any time by emailing unsubscribe@withersworldwide.com. Please see the section below “What rights and options do you have” for more information.
  • to profile you to enable us to personalise our service offerings and related communications.

SHARING YOUR PERSONAL INFORMATION

We may share your personal information with:

  • our service providers and third parties who provide services on our behalf
  • agents and administrators who we use to help run your accounts (credit referencing agencies, fraud prevention and law enforcement agencies, regulators, governments, courts, dispute resolution bodies, auditors)

We do this to:

  • prevent fraud and other financial crimes respond to enquiries and complaints
  • undertake transactional analysis
  • evaluate the effectiveness of marketing and for market research and training
  • support the provisions of service
  • comply with legal obligations, court orders, laws or regulations.

WHERE YOUR PERSONAL INFORMATION WILL BE SENT

Your data may be transferred outside of the European Union from time to time to members or businesses within the Withers LLP group of companies or to trusted service providers and third parties.

In all cases, the transfer will be on the basis of a European Commission adequacy decision or we will implement adequate safeguards to protect your personal information, such as the European Commission approved Standard Contractual Clauses or the EU-US Privacy Shield certification if your data is transferred to a Shield certificated organisation in the USA. To obtain further information on the data transfer mechanisms on which we rely, please contact us as set out below.

In some countries the law may require us to share certain information, for example with tax authorities. In these cases, we will only share the data with people who have the legal right to see it.


SECURITY

We take all reasonable precautions to keep your personal information secure, including safeguards against unauthorised access, use, or data loss. This includes ensuring our staff, partners and any third parties who perform work on our behalf comply with security standards as part of their contractual obligations.


RETAINING YOUR INFORMATION

We will retain your personal information for as long as is necessary for the purposes described above. Typically, we will retain your data to fulfil our business purposes, to comply with legal and regulatory requirements, or for any legal claims. We may keep your data for longer where this is necessary for statistical and historical research purposes. However, we will ensure all personally identifiable information is removed and at the appropriate time.


WHAT RIGHTS AND OPTIONS DO YOU HAVE

As well as our obligations, and commitment, to respect the privacy of your information, you also have certain rights relating to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations.
You can exercise these rights at any time by contacting us using the contact details above.

You may have some or all of the following rights in respect of the information about you that we process:

  • request us to give you access to it
  • request us to rectify and update it
  • request us to restrict our using it, in certain circumstances
  • request us to erase it, in certain circumstances object to our using it, in certain circumstances
  • withdraw your consent to our using it
  • data portability, in certain circumstances
  • request us not to use it for direct marketing.

HOW WE RESPOND TO YOUR RIGHTS

You can exercise these rights at any time by contacting us using the contact details provided.

  • we may need to validate your identity before we can respond to your request
  • if we are unable to confirm your identity, or have strong reasons to believe that your request is unreasonably excessive or unfounded, we may deny it
  • once we have validated your identity, we aim to respond to your requests within 30 days and no later than three months from receipt of complex requests. We will let you know if we need additional time to complete
  • we will always let you know whether we accept, or refuse, your request.

MAKING A DATA PROTECTION COMPLAINT

If you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint directly with us using the contact details provided.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with a relevant Supervisory Authority. The UK Information Commissioner’s Office via the details available on their website: www.ico.org.uk


CHANGES TO THIS FAIR PROCESSING NOTICE

We may update this notice (and any supplemental privacy notice) from time to time. We will notify you of the changes where required by law to do so. This notice was last modified on 24 May 2018.

Supplemental Privacy Statement for California residents under CCPA

Privacy CCPA Policy


Important information about your privacy

Any personal information we collect from you is processed in line with applicable data protection laws including the California Consumer Privacy Act (CCPA) and this notice. When you use our website, our Privacy Policy located on our website applies.

The Policy (the “California Residents Notice”) provides additional information for California residents, as required under the California Consumer Privacy Act of 2018 (“CCPA”). This section is effective January 1, 2020. We may update this section, our relevant data practices, or our processes for handling CCPA requests, in response to the final CCPA regulations or other CCPA legal developments.

Withers LLP (“we”, “us” and “our”) is the ‘data controller’ for the personal information you share with us.

If you have any specific concerns around the privacy of your personal information or require further information about how we manage your personal information, please get in touch with us directly:

By post: CCPA Officer, Withers Bergman LLP, 505 Sansome Street, 2nd Floor, CA 94111

By phone: +1 415 872 3237

By email: CCPAOffice@withersworldwide.com

Privacy Information for California Residents (Supplemental)

Scope

This California Residents Notice applies to the personal information we collect, both online and offline, about California consumers, including personal information that we collect:

  • from users of our Websites, including the services available via our Websites
  • about clients and individuals that use or inquire about our legal and related services that we make available
  • about individuals that attend events hosted or sponsored by us, reply to our emails or communications, visit our offices, or otherwise communicate or engage with us
  • about individuals from clients and others related to the Services we provide

Personal information

As used in this California Residents Notice, “personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household; it does not include publicly available information made lawfully available by state or federal governments or anonymised information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked directly or indirectly to a particular individual.

A list of what is defined under the CCPA as personal information includes:

  • Direct identifiers such as real name, alias, postal address, social security numbers, driver’s license, passport information and signature
  • Indirect identifiers such as cookies, beacons, pixel tags, telephone numbers, IP addresses, account names
  • Biometric data such as face, retina, fingerprints, DNA, voice recordings, health data
  • Geolocation data such as location history via devices
  • Internet activity such as browsing history, search history, data on interaction with a webpage, application or advertisement
  • Sensitive information such as personal characteristics, behavior, religious or political convictions, sexual preferences, employment and education data, financial and medical information

Categories of personal information that we may collect and disclose

Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. Pursuant to the CCPA, we may collect and disclose for a business purpose the following categories of personal information (as defined by the CCPA):

  • A. Identifiers. Collected [YES]
  • B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Collected [YES]
  • C. Protected classification characteristics under California or federal law. Collected [YES]
  • D. Commercial information. Collected [YES]
  • E. Biometric information. Collected [YES]
  • F. Internet or other similar network activity. Collected [YES]
  • G. Geolocation data. Not Collected [NO]
  • H. Sensory data. Not Collected [NO]
  • I. Professional or employment-related information. Not Collected [NO]
  • J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Not Collected [NO]
  • K. Inferences drawn from other personal information. Not Collected [NO]

Sources of personal information

We may collect the above categories of personal information directly from you, automatically about your use of our Websites, and from third parties such as clients of our legal services, government and public entities, public records, data aggregators and resellers, parties and related parties in litigation matters and others.

Purposes for collecting, using and disclosing personal information

We use these categories of personal information we collect to provide our legal and other Services (See the ‘HOW WE USE YOUR PERSONAL INFORMATION’ section above for more information)

Rights of California residents under the CCPA

The California Consumer Privacy Act (CCPA) provides California residents with five core rights to data privacy and autonomy, and an additional private right of action of compensation in the event of data breaches:

Right to Notice: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.

Right to Deletion: California residents have the right to request, at no charge, deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies. We will respond to verifiable requests received from California residents as required by law.

Right to Disclosure: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.

Right to opt out / Do-not-sell (opt-out/opt-in): California residents have the right to opt-out of our sale of their personal information. Further businesses may not knowingly sell personal information about minors under 16 years old without prior express consent.

Right to equal services and prices: We do not offer any such incentives at this time.

Not covered by this California Notice

This California Residents Notice does not address or apply to

  • our handling of personal information that is exempt under Section 1798.145 of the CCPA,
  • personal information we collect about employees, contractors or job applicants or other individuals who are not California residents, or
  • personal information we collect about individuals acting in their capacity as representatives (“B2B contacts”) of our clients, prospective clients, vendors and other businesses that we conduct business with, to the extent we use their personal information only in the context of conducting our business relationship with the respective business.

California residents may contact us directly using the information detailed under IMPORTANT INFORMATION ABOUT YOUR PRIVACY. We will respond to verifiable requests received from California residents as required by law.