Who is responsible for your personal data?
Ashurst is responsible for your personal data. Ashurst comprises:
Ashurst LLP, (OC330252) London Fruit & Wool Exchange, 1 Duval Square, London E1 6PW, United Kingdom; Ashurst Australia, (ABN 75 304 286 095) a general partnership constituted under the laws of Australian Capital Territory at 5 Martin Place, Sydney, New South Wales 2000 and their respective representatives and affiliates (including affiliates providing non-legal services) (the "Ashurst Entities").
Specifically, your data will be controlled by the Ashurst Entity that you have instructed or that is providing services or communication to you in your region.
What personal data do we collect?
The personal data we collect may include:
- Contact information, such as your name, job title, postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address, IP addresses and device IDs;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further business information necessarily processed in a project or client contractual relationship with Ashurst or voluntarily provided by you, such as instructions given, payments made, requests and projects;
- Identification Data (including the personal data of relevant third parties) necessary for purposes of business acceptance processes;
- Ashurst website password for the Ashurst website or other password protected platforms or services, where you have one. We will also collect information about how you use our website so that we can improve your experience;
- Mobile Applications details about your access to and use of our mobile applications; and other online services and tools, including information you provide by completing registration or application forms; or when you contact us, for example, to report an issue with one of our mobile applications or online services or to raise a query;
- Public Information collected from publicly available resources, integrity data bases and credit agencies;
- Compliance Purposes If legally required for compliance purposes, information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes;
- Special categories of personal data. In connection with the registration for and provision of access to an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions;
- Preferences other personal data regarding your preferences where it is relevant to legal services that we provide; and/or
- Attendance/visits details of your visits to our premises and attendance at events.
- Other From time to time, it may include personal data about your membership of a professional or trade association or union, health personal data, details of dietary preferences when relevant to events to which we invite you and details of any criminal record you may have.
How do we collect your personal data?
We may collect personal data about you in a number of circumstances, including
- Directly from you when you provide personal information to us;
- When you or your organisation seek legal advice from us or use any on-line client products or services;
- When you or your organisation browse, make an enquiry or otherwise interact on our website or our mobile applications, or via any digital tools that we make available;
- When you attend a seminar or another Ashurst event or sign up to receive personal data from us, including training; or
- When you or your organisation offer to provide or provide services to us.
- If you are a former employee and join our alumni network, we may collect personal information such as your email address, current employment and basic details relating to your time with us.
- In some circumstances, we collect personal data about you from a third party source. For example, we may collect personal data from your organisation, other organisations with whom you have dealings, government agencies, a credit reporting agency, an information or service provider or from a publicly available record.
Are you required to provide personal data?
As a general principle, you will provide us with your personal data entirely voluntarily; there are generally no detrimental effects for you if you choose not to consent or to provide personal data.
However, there are circumstances in which Ashurst cannot take action without certain processing of your personal data, for example because this personal data is required to process your instructions or orders, provide you with access to a digital product, web offering or newsletter or to carry out a legally required compliance screening.
In these cases, it will unfortunately not be possible for us to provide you with what you request without the relevant personal data and we will notify you accordingly.
For which purposes will we use your personal data?
We may use your personal data for the following purposes only ("Permitted Purposes"):
- Providing legal advice or other services or things you may have requested, including on-line, digital or legal technology products, services or solutions as instructed or requested by you or your organisation;
- Managing and administering your or your organisation's business relationship with Ashurst, including processing payments, responding to you, accounting, auditing, billing and collection, support services;
- Compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
- To test (typically to check pre-production environments), analyse and improve our services, business operations, systems (including diagnosis of server issues and administration of our website(s)) and communications to you;
- To facilitate events and meetings and provide you with an acceptable service;
- Protecting the security of and managing access to our premises (including security cameras), IT and communication systems, online platforms and mobile applications, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- For insurance purposes;
- For monitoring and assessing compliance with our policies and standards;
- To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- To comply with court orders and exercises and/or defend our legal rights; and
- For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
- Communicating with you through the channels you have approved to keep you up to date on the latest developments relevant to your areas of interest, announcements, and other information about Ashurst services, products and technologies (including client briefings, newsletters and other information) as well as Ashurst events and projects;
- Customer surveys, creating website content, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events; or
- Collecting information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
With regard to marketing-related communication, we will - where legally required - only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related communication from us. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
Depending on for which of the above Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:
- Because processing is necessary for the performance of a client instruction or other contract with you or your organisation;
- To comply with our legal obligations (e.g. to keep pension records or records for tax purposes); or
- Because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
In addition, the processing may be based on your consent where you have expressly given that to us.
With whom will we share your personal data?
We may share your personal data in the following circumstances:
We may share your personal data between the Ashurst Entities on a confidential basis where required for the purpose of providing legal advice or other products or services and for administrative, billing and other business purposes. This may include Ashurst Entities which provide non-legal services. A list of the countries in which Ashurst Entities are located can be found on our website;
If you are a client of Ashurst, or are contracted to or are an agent of a client of Ashurst, we may disclose your personal data to:
- Barristers, other legal specialists (including mediators), consultants or experts engaged in your matter; or foreign law firms for the purpose of obtaining foreign legal advice;
- If we have collected your personal data in the course of providing services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
- We may disclose your contact details on a confidential basis to third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve and promote our services;
- We may share your personal data with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
- We may share your personal data with any third party to whom we assign or novate any of our rights or obligations;
- We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
We may also instruct service providers within or outside of Ashurst, domestically or abroad, e.g. shared service centres/IT service providers including cloud service providers such as data storage platforms, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Ashurst will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and to improve our services.
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities. Ashurst does not sell any personal data.
Personal data about other people which you provide to us
Keeping personal data about you secure
We have implemented and will take appropriate technical and organizational (including administrative and physical) measures to keep your personal data confidential and secure from unauthorized access, use and disclosure in accordance with our internal policies and procedures covering the storage, transfer, disclosure of and access to personal data. Personal data may be kept on our personal data technology systems, those of our contractors or suppliers, or in paper files.
We also require our business partners, suppliers, and third parties to implement appropriate safeguards, such as contract terms and access restrictions, to protect information from unauthorized access, use, and disclosure.
Transferring your personal data abroad
Ashurst is a globally active law firm. We may transfer your personal data abroad if required for the Permitted Purposes as described above. This may include countries which do not provide the same level of protection as the laws of your home country (for example, the laws within the European Economic Area or Australia).
We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the General Data Protection Regulation (EU) 2016/679 or other relevant laws. This includes entering into the EU Standard Contractual Clauses which are available here. Where appropriate, data transfers from the UK will be covered by the UK IDTA which can be found here. You may contact us anytime using the contact details below if you would like further information on such safeguards.
All Ashurst offices throughout the world will at all times ensure a level of data protection at least as protective as that required in the European Economic Area and Australia. We will also require our agents, consultants and sub-contractors and others who are outside the European Economic Area or Australia and to whom we transfer your personal data to ensure a similar level of data protection.
Updating personal data about you
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to firstname.lastname@example.org . We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that
For how long do we retain your personal data?
Your personal data will be deleted when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We will, in particular, retain your personal data where required for Ashurst to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
Subject to certain legal conditions, you have the right to request a copy of the personal data about you which we hold, to have any inaccurate personal data corrected and to object to or restrict our using your personal data. You may also make a complaint if you have a concern about our handling of your personal data.
If you wish to do any of the above please send an email to email@example.com. We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data, and for any additional copies of the personal data you request from us.
We will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator. We will provide you with details of your relevant regulator upon request.
How to get in touch with Ashurst