Privacy Policy

Last Updated: September 3, 2024

Morrison & Foerster LLP and its affiliates (“Morrison Foerster,” “we,” “us,” or “our”) want you to be familiar with how we collect, use and disclose Personal Information. This Privacy Statement describes our practices in connection with Personal Information that we collect through:

  • Our websites (“Websites”);
  • The software applications we make available for use on computers and mobile devices (“Apps”);
  • Social media properties (“Our Social Media”) from which you are accessing this Privacy Notice;
  • HTML-formatted email messages or other communications that we send to you that link to this Privacy Notice (“Emails”);
  • SharePoint sites made available to our clients and third parties (“SharePoint Sites”);
  • Services we provide to our corporate, institutional, and other clients (“Client Services”); and
  • Any other offline business interactions you may have with us (“Offline Interactions”).

Collectively, we refer to the Websites, Apps, our Social Media, Emails, SharePoint Sites, Client Services and Offline Interactions as the “Services.”

PERSONAL INFORMATION COLLECTED

Personal Information” is information that identifies an individual or relates to an identifiable individual. We collect the following categories of Personal Information:

Personal Information we receive from you:

Name & Contact Details

Such as first and last name, title, prefix, email address, telephone number, postal address.

Identity information

Such as driver’s licenses, identity cards, government issued IDs, passports, professional or trade-related information and proof of residential address.

Business Contact Details

Such as company name, name of employer, job title, business email address, business telephone number, business postal address, country of business.

User Content

Such as reviews about our work products and Services that we have provided to you, and other content you may create or share with us during our work relationship, including posts on our Social Media, and comment sections.

Preferences

Such as language, interests, and other feedback/preferences that you might express during your use of our Services.

Marketing Data

Such as your choices regarding our newsletters, surveys, and other marketing/advertising displayed or provided to you, and preferred methods of such promotional communication.

Relationship History

Such as details of your communications with us, and details of your claims, complaints, and queries in general.

Matter Information

Such as details of work products and Services we have provided to you, including invoicing / billing information.

Involved Individuals Information

Such as information about employees of clients that engage us, adverse parties, and other individuals involved or in any way covered in each matter handled for a client.

Visitor and Event Information

Such as dietary restrictions, travel, and accommodation details, issued identification pass to access the premises, and other details specific to a particular event or conference that you share with us.

User Photographs and Videos

Such as photos and videos submitted by you while using our Services.

Recordings

Such as audio and/or video recordings of online webinars, and other events, conferences and meetings provided by us.

Personal Information we collect through your use of our Services or from other sources, such as publicly available databases, joint marketing partners, event sponsors, partner Client Services organizations, Clients, service providers, public and/or government and/or regulatory authorities, including courts, tribunals, regulators, and government authorities.

IP Address

Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems, and administering the Services. We may also derive your approximate location from your IP address.

Social Media Information

Such as profile pictures, social media account ID, and other public social media profile information.

Anti-Fraud Information

Such as share ownership structures and sources of funding, and information that is available publicly and/or via third party sources such as due diligence and screening databases, for example court judgments and details on sanctions lists.

Event Photographs and Videos

Such as photos and videos taken at one of our events/conferences.

CCTV and Site Security Information

Such as images or video footage captured or recorded by CCTV and other security measures on our premises.

Device Information

Such as information about your devices and your use of our Services. This includes data obtained through cookies and similar technologies, as described in our Cookies Policy.

We need to collect Personal Information to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.

[Back to Top/Main Menu]

PERSONAL INFORMATION PROCESSING PURPOSES

We use Personal Information for legitimate business purposes, including:

Purpose

Examples of Processing Activities

Administering the Services

Verifying your information; responding to your inquiries and fulfilling your requests, such as when you contact us via one of our online contact forms or otherwise (e.g., when you send us questions or comments, or when you request other information about our Services); to send you administrative information, such as information regarding the Services and changes to our terms, conditions and policies; to allow you to send Services-related content to another person through the Services if you choose to do so.

Providing Client and Legal Services

Validating authorized signatories when concluding agreements and transactions, contacting individuals (including employees of institutional clients) in connection with providing Client Services, responding to inquiries and fulfilling requests from our clients, administering client file(s), providing legal services and managing our relationships, preparing, sending or receiving invoices and managing credit control.

Operations and general business

Administering online Services (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and hosting data; and facilitating mergers, acquisitions and other reorganizations and restructurings of our business (including prospective transactions).

Conferences, visits, and other events

Facilitating and participating in conferences and events, welcoming guests and visitors to our premises.

Marketing

Sending you our newsletters, publications, legal updates, event invitations, and mailings that we think may be of interest to you; fulfilling your event registration requests and providing services, including the providing seminars and other events.

Relationship building and engagement

Facilitating and responding to any social sharing and posts on our Services, communicating with clients on various issues, such as organizing client events, and other client relationship building activities.    

Personalizing our Services

Personalizing our interactions with you and providing you with information and/or offers tailored to your interests, such as delivering content via our Services that we believe will be relevant and interesting to you.    

Improving and developing new work product and Services that we may provide to you

Conducting data analysis, for example, monitoring and analyzing Services use and using data analytics to improve the efficiency of our Services; developing new Services; considering ways to enhance, improve, repair, maintain or modify our Services; identifying usage trends, for example, understanding which parts of our Services are most interesting to users; determining the effectiveness of our promotional campaigns, so we can adapt our campaigns to the needs and interests of our users; and operating and expanding our business activities.

Aggregation and/or anonymization

Aggregating and/or anonymizing Personal Information so that it will no longer be considered Personal Information.

Security and fraud prevention

Conducting audits, verifying that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements; monitoring for and preventing fraud; and for security purposes, including maintaining system security and on-site security of our premises.

Legal and compliance

Fulfil our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; meeting national security or law enforcement requirements, compliance with requirements set by industry-specific supervisory bodies, such as, bar associations.

Enforcing our terms and conditions and standards; protecting our operations; protecting the rights, privacy, or property of the Company; responding to auditors; and allowing us to pursue available legal remedies and make insurance claims, defend claims, and limit the damages that the Company may sustain.

See the EU/UK Supplement for more information regarding our processing for legal and compliance purposes.

Emergency and incident response

Ensuring the safety of on-site personnel and visitors; responding to, handling, and documenting on-site accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response, and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio-visual device prompts, etc.).

Client and counterparty due diligence and anti-fraud checks

Conducting fraud, sanctions, credit and anti-money laundering checks, KYC checks (where required by applicable law) and sharing your Personal Information with fraud prevention agencies databases, where required by applicable law.

For more information on our use of Personal Information subject to the EU or UK General Data Protection Regulation for the purposes described above, please see the “EEA/UK SUPPLEMENT” section.

[Back to Top/Main Menu]

DISCLOSURE OF PERSONAL INFORMATION

We disclose Personal Information to third parties and for the purposes described below, depending on each specific jurisdiction and applicable law:

Recipients

Purpose

MoFo affiliates 

  • For all of the purposes listed above

Morrison & Foerster LLP and the relevant MoFo affiliate are responsible for the management of any jointly-used Personal Information.

Website hosting service providers

  • Improving the Services
  • Operations and general business
  • Providing the functionality of the Services

Information technology and related infrastructure service providers

  • Fraud prevention and security
  • Improving the Services
  • Operations and general business
  • Providing the functionality of the Services

Email delivery service providers

  • Communicating important changes
  • User-care service
  • Improving the Services
  • Marketing
  • Personalizing our Services
  • Providing the functionality of the Services
  • Relationship building and engagement
  • Visits, conferences, and events

Advertising networks

  • Improving the Services
  • Marketing
  • Personalizing our Services
  • Relationship building and engagement

Client service or related benefits (including special promotions) service providers

  • Communicating important changes
  • User-care service
  • Improving the Services
  • Marketing
  • Providing the functionality of the Services
  • Personalizing our Services
  • Relationship building and engagement

Analytics providers for our Services

  • Aggregating and/or anonymizing Personal Information
  • User-care service
  • Fraud prevention and security
  • Improving the Services
  • Marketing
  • Operations and general business
  • Personalizing our Services
  • Relationship building and engagement

Law enforcement, public, regulatory and government authorities, courts, or tribunals

  • Due Diligence and Anti-Fraud
  • Emergency and Incident Response
  • Fraud prevention and security
  • Legal and compliance
  • Responding to a request or providing information to public and government authorities (including authorities outside your country or region of residence)
  • Responding to law enforcement requests and orders or provide information to law enforcement
  • For dispute resolution purposes
  • To enforce our terms and conditions
  • To protect our rights, privacy, safety, property, and/or that of our affiliates, you or others

Emergency services

  • Emergency and Incident Response
  • Legal and compliance

Professional advisors, such as accountants, actuaries, auditors, experts, consultants, lawyers, banks, and financial institutions

  • Due Diligence and Anti-Fraud
  • Fraud prevention and security
  • Legal and compliance
  • Improving and developing new products and Services

Other services, including, without limitation, our Social Media Pages

  • Individual user/customer public interactions and communications, such as message boards, chat, profile pages, blogs and other services to which you choose to post information and content
  • Social sharing activities

To comply with applicable law and regulations

This may include laws outside your country or region of residence that could legally require us to process your Personal Information. 

To a third party, such as an acquiring entity and its advisors, in connection with a sale or business transaction

We may disclose or transfer your Personal Information in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your Personal Information in accordance with applicable law and the ‘Updates to This Privacy Notice’ section.

By using the Services, you may elect to disclose Personal Information on message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our Social Media), or through which you are able to send messages through the Services. Please note that any information you post or disclose in this context will become public and may be available to other users and the general public.

[Back to Top/Main Menu]

COOKIES AND SIMILAR TECHNOLOGIES

Please read our Cookies Policy to learn how we use information that we and our service providers collect automatically, including through cookies, pixel tags, and similar tracking technologies and to understand your choices with respect to such collection and use.

[Back to Top/Main Menu]

SECURITY

We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

[Back to Top/Main Menu]

EMAIL MARKETING CHOICES

You have choices regarding marketing-related communications. Where required by applicable law, we will ask for your prior opt-in consent. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the unsubscribe instructions in any such message or by contacting us by email at compliance@mofo.com.

We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.

[Back to Top/Main Menu]

RIGHTS REQUESTS

If you would like to request to access/review, correct, update, suppress/delete, object to, restrict or opt out of the processing of Personal Information, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), please use our online form which you can find here, or feel free to contact us in accordance with the Contacting Us section below. We will respond to your request consistent with applicable law. If you are a California resident, please refer to the “California Supplement” section at the end of this Policy for more information about the requests you may make under California law.

In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion). Further, certain Personal Information may be exempt from requests pursuant to applicable data protection laws or other laws and regulations.

You may also lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. A list of EEA data protection authorities is available at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Information regarding the UK data protection authority is available at: https://ico.org.uk/.

[Back to Top/Main Menu]

RETENTION PERIOD

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained as outlined in this Privacy Notice unless a longer retention period is required or permitted by applicable law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have a relationship with us or keep using the Services);
  • The length of time we have an ongoing relationship with you as our client and provide you with Client Services;
  • Whether there is a legal obligation to which we are subject (for example, certain laws, including bar rules or rules on providing legal services, require us to keep records of matter files or communications for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

Where we are subject to a legal obligation or retention is recommend in light of our legal position, we will retain certain Personal Information even after we no longer provide the Services to you, for example:

  • To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Information subject to such order or warrant after you delete your Services account.
  • To comply with legal requirements: We may retain your Personal Information, such as Relationship History, and/or Transaction Information after you delete your Services account, as required by tax law and to comply with bookkeeping requirements. We also may retain your Personal Information to comply with specific local retention requirements imposed on law firms, such as the German Federal Lawyers Act (requiring that client files are maintained for six years following completion of an assignment).
  • To pursue or defend a legal action: We may retain relevant Personal Information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Information, or if we reasonably believe there is a prospect of litigation.

[Back to Top/Main Menu]

THIRD PARTY SERVICES

This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties. This includes any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media.

[Back to Top/Main Menu]

USE OF SERVICES BY MINORS

The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 16.

[Back to Top/Main Menu]

CROSS-BORDER TRANSFER

Your Personal Information may be stored and processed in any country or region where we have facilities or in which we engage service providers. By using the Services, you understand that your Personal Information will be transferred to countries outside of your country or region of residence, including the United States, which may have data protection rules that are different from those of your country or region. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries or regions may be entitled to access your Personal Information.

As required by applicable law, we implement safeguards to protect your Personal Information when we transfer it outside your country or region of residence. For example:

  • For transfers from within the UK and/or EEA to outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

    • Adequacy Decisions: Some countries outside of the European Economic Area (the “EEA”), are recognized as providing an adequate level of data protection (the full list of these “specified countries” for the EEA is available here and for the UK is available here).

    • For transfers from the EEA, Switzerland, and/or the UK to countries not considered adequate, we have put in place adequate measures, such as standard contractual clauses adopted by the relevant authority, to protect your Personal Information. You may obtain a copy of these measures by emailing us at compliance@mofo.com.

  • For transfers from Japan to countries not considered adequate by the Japanese government (as applicable), we have also put in place adequate measures, such as data transfer agreements containing provisions required under Japanese law, to protect your Personal Information.

[Back to Top/Main Menu]

SENSITIVE INFORMATION

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.

[Back to Top/Main Menu]

UPDATES TO THIS PRIVACY POLICY

The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services. 

[Back to Top/Main Menu]

CONTACTING US

Morrison & Foerster LLP, located at 425 Market Street. 32nd Floor, San Francisco, CA USA 94105, is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Notice. If you have any questions about this Privacy Notice, please contact us.

You can reach us at Compliance@MoFo.com or at:

Morrison Foerster
Human Resources – Data Compliance
425 Market Street, 32nd Floor
San Francisco, CA 94105

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

You may also contact our Data Protection Officer (DPO) responsible for Germany at compliance@mofo.com.

[Back to Top/Main Menu]

OUR AFFILIATES

For purposes of this Privacy Notice, these entities are considered “affiliates” of Morrison & Foerster LLP:

  • Morrison & Foerster (UK) LLP
  • MoFo Secretaries, Limited
  • Morrison & Foerster, a Hong Kong general partnership
  • MoFo China Corporate Services Limited
  • MoFo China Notices Limited
  • Morrison & Foerster Gaikokuho Jimu Bengoshi Jimusho
  • Morrison & Foerster Asia Services, LLP
  • Morrison Foerster Horitsu Jimusho
  • Morrison & Foerster (Singapore) LLP, a Singapore limited liability partnership
  • Morrison & Foerster (International) LLP

[Back to Top/Main Menu]

CALIFORNIA SUPPLEMENT

Pursuant to the California Consumer Privacy Act (CCPA), we are providing the following additional details regarding the categories of Personal Information about California residents that we collect, use, and disclose. This section supplements the information provided above in this Privacy Statement.

We collect and disclose to affiliates and service providers for our operational business purposes (including in the preceding 12 months) the following categories of Personal Information about California residents:

  • Identifiers such as name, postal address, online/device identifier, IP address, email address and social media account.
  • Personal information as defined in the California customer records law, such as name, signature, contact information, and social media account handle and other information you may share or make public on social networks.
  • Characteristics of protected classifications under applicable law, which we may collect in order to provide you with our Client Services, such as age.
  • Commercial information, such as Client Services transaction history, financial details, and payment information.
  • Internet or other electronic network activity information, such as browsing history and interactions with our Websites, applications, systems, and emails.
  • Geolocation data, such as device location and IP location.
  • Audio, electronic, visual, and similar information, such as call recordings and CCTV footage created for safety and security purposes, and audio and video recordings of events, conferences, and meetings.
  • Professional or employment-related information, such as employer name and role/title.
  • Sensitive Personal Information. Personal Information that reveals an individual’s Social Security, driver’s license, state identification card, government-issued ID or passport number.

We retain each category of Personal Information, including Sensitive Personal Information, as described above under “Retention Period”.

We do not “sell” Personal Information, including Sensitive Personal Information, and we do not “share” Personal Information, including Sensitive Personal Information, for purposes of cross-context behavioral advertising, as defined under the CCPA. We have not engaged in such activities in the preceding 12 months. Without limiting the foregoing, we do not sell or “share” Personal Information, including Sensitive Personal Information, of minors under 16 years of age.

We collect, use, and disclose Personal Information for the purposes described above under “Personal Information Processing Purposes”.

We collect, use and disclose Sensitive Personal Information for purposes of performing services for our business, providing goods or performing services as requested or reasonably expected by you, ensuring safety, security and integrity, countering wrong or unlawful actions, short term transient use, servicing accounts, providing customer service, verifying customer information, processing payments, activities relating to quality and safety control or product improvement, and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use Sensitive Personal Information for additional purposes.

We collect Personal Information from a number of sources as described above under “Personal Information Collected”.

Individual Rights and Requests

You may request that we:

  1. Disclose to you the following information:

    1. The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;

    2. The business or commercial purpose for collecting Personal Information about you; and

    3. The categories of Personal Information about you that we disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).

  2. Correct inaccuracies in your Personal Information.
  3. Delete Personal Information we collected from you.
  4. Provide the specific pieces of your Personal Information, including a copy in a portable format.

To make a request, please use our online form available here, or contact us in accordance with the Contacting Us section above or by calling toll-free at 1-866-734-0477.

We will verify and respond to your request consistent with applicable law, considering the type and sensitivity of the Personal Information subject to the request. For your protection, we may need to request information such as your name, email address, mailing address, and relationship with us in order to verify your identity and protect against fraudulent requests. If you make a deletion request, we may ask you to verify your request before we delete your Personal Information.

You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted above. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described above or confirm that you provided the agent permission to submit the request.

De-Identified Information

Where we maintain or use de-identified information, we will continue to maintain and use that information only in a de-identified form and will not attempt to re-identify the information.

Sharing your Personal Information with Third Parties for Direct Marketing Purposes.

If you prefer that we discontinue sharing your Personal Information on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing by emailing us at compliance@mofo.com. If you would prefer that we discontinue sharing your Personal Information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by emailing us at compliance@mofo.com.

[Back to Top/Main Menu]

EEA/UK SUPPLEMENT

Processing of Personal Information

We and our service providers use Personal Information for legitimate business purposes, including:

Processing Purpose

Personal Information Categories

Legal Basis

Third-Party Sources

Providing the functionality of the Services

Name & Contact Details; Identity Information; Business Contact Details; User content; Preferences; Marketing Data; Relationship History; Transaction Information; Visitor and Event Information; Device Information; Recordings; IP Address; and Social Media Information.

Performance of the contract, including fulfilling the terms and conditions of our Letter of Engagement we enter into with you to provide the Services.

Legal obligations*, such as to inform you of material changes to our terms and conditions to comply with applicable consumer and/or data protection laws.

Publicly available databases, joint marketing partners and event sponsors, when they share the information with us, partner Client Services organizations (such as pro bono groups and non-profits), Clients.

Providing Client Services

Name & Contact Details; Identity Information; Business Contact Details; User content; Preferences; Marketing Data; Relationship History; Transaction Information; Visitor and Event Information; Device Information; Recordings; IP Address; and Social Media Information.

Personal information about third parties in connection with the legal services we are instructed to provide.

Performance of the contract, including fulfilling the terms and conditions of our Letter of Engagement we enter into with you to provide the Services.

Legitimate interests, such as responding to inquiries or complaints.  

Legal obligations*, such as when you submit a request to access your Personal Information.

N/A

Operations and general business

Personal Information as relevant for the specific business operation.

Legitimate interests, such as responding to complaints and concerns.

Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records.

Third party organizations, for example, to facilitate mergers, acquisitions and other business reorganization and restructurings. 

Visits, conferences, and other events

Name & Contact Details; Business Contact Details; Preferences; Relationship History; Transaction Information; Device Information; and Social Media Information; event photographs and videos; IP Address; CCTV and Site Security information.

Performance of a contract with you, such as collecting information regarding a planned event in which you participate. 

Legitimate interests, such as responding to customer complaints or concerns relating to an event.

Event management service providers.

Marketing

Name & Contact Details; Business Contact Details; Relationship History; Transaction Information; Preferences; Marketing Data; Event Photographs and Videos; User Content; Device Information; IP Address; and Social Media Information.

Legitimate interests, such as to promote our Services.

Consent, for example, where we would like to send you direct email marketing communications, but do not have an existing relationship with you.

Publicly available databases.   

Marketing / advertising service providers.    

Personalizing our Services

Name & Contact Details; Business Contact Details; Marketing Data; Social Media Information; Relationship History; IP Address; Transaction Information; Device Information; and Preferences.

Consent, for example, where we would like to send you alerts tailored to your specific interests.      

Legitimate interests, such as providing tailored Services based on past usage and/or preferences, and such tailoring would be based on basic and privacy-non-intrusive segmentation.

Improving and developing new work product and Services

Name & Contact Details; Business Contact Details; Relationship History; Transaction Information; Preferences; User Content; Device Information; IP Address; Recordings; and Social Media Information.     

Legitimate interests, such as developing new Services.

Consent, such as when we collect Personal Information through use of cookies and similar technologies.

Relationship building and engagement

Name & Contact Details; Business Contact Details; Marketing Data; Social Media Information; IP Address; and User Content.

Legitimate interests, such as when we engage with individuals who post on Our Social Media.

Marketing / advertising service providers.

Aggregation and/or anonymization

Personal Information as relevant for the specific business purpose.

Legitimate interests, such as to generate non-personal data that we may use and disclose for any purpose.

N/A

Fraud prevention and security

Name & Contact Details; Business Contact Details; Device Information; Anti-Fraud Information; Relationship History; Recordings; CCTV and Site Security Information; IP Address; and Transaction Information.

Legal obligations*, such as to detect and prevent cyberattacks.

Legitimate interests, such as to identify and/or prevent fraudulent transactions.

Legal and compliance

Personal Information as relevant for the specific legal action, regulatory investigation, and/or legal processes in question, which may include:

Name & Contact Details; Business Contact Details; User Content; Preferences; Marketing Data; Relationship History; Transaction Information; IP Address; Visitor and Event Information; User Photographs and Videos; Social Media Information; Event Photographs and Videos; CCTV and Site Security Information; Recordings; Device Information; IP Address; Anti Fraud Information.

Legal obligations*, such as to comply with legal processes and corporate governance obligations.

Legitimate interests, such as to enforce terms and conditions, to protect trademarks, and to bring or defend legal claims.

Public and/or government and/or regulatory authorities, including courts, tribunals, and regulators.

Third persons relevant to the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms etc.).

Emergency and incident response

Name & Contact Details; CCTV and Site Security Information; IP Address; and Visitor and Event Information.

Legal obligations*, for example, relating to health and safety regulations and to document on‑site accidents.

Legitimate interests, such as to monitor properties through CCTV to ensure individuals’ safety.

Protecting individuals’ vital interests, such as contacting medical or emergency services where an individual’s life is at risk.

N/A

Client and Counterparty Due Diligence and Anti-Fraud Checks

Name & Contact Details; Business Contact Details; Identity Information; IP Address; and Anti-Fraud Information.

Legal obligations*, for example, relating to regulatory requirements, such as sanctions limitations.

Legitimate interests, such as to ensure compliance with our policies, standards, and risk mitigation procedures.

Publicly available databases, such as, anti-fraud databases, sanctions lists, and court judgments.

In addition, we process Personal Information:

  • To comply with applicable law and regulations. This may include the following:
    • Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters or equivalent UK law.
    • Criminal matters: to comply with requests and orders from EU and EU Member State or UK law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.
    • Consumer matters: to comply with requests from competent authorities under EU or EU Member State or UK consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States or equivalent UK law.
    • Corporate and taxation matters: to comply with our obligations under applicable EU Member State or UK corporate and tax legislation, such as where a national tax law of an EU Member State or the UK requires collection of specific transactional personal information for tax purposes.
    • Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State or UK data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our Company. These can include authorities outside of your country or region of residence.
    • Compliance and internal investigations: to comply with whistleblowing requirements under Directive (EU) 2019/1937 and its implementing laws in EU Member States.
    • Health and safety regulations: to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.

  • To cooperate with public and government authorities and law enforcement, and for other legal reasons:
    • When we respond to a request or provide information to public and government authorities (these can include authorities outside your country or region of residence);
    • When we respond to law enforcement requests and orders or provide information to law enforcement;
    • For dispute resolution purposes;
    • To enforce our terms and conditions; and
    • to protect our rights, privacy, safety, property, and/or that of our affiliates, you, or others.

  • In connection with a sale or business transaction based on our legitimate interests.

[Back to Top/Main Menu]