Privacy Policy

If you use our website or other online services (e.g., our sector-specific blogs and tech-based client solutions), attend our webinars, seminars or events, or subscribe to our newsletters, email services or other promotional services.

Data controller

In relation to our global website and online services, and our global initiatives, such as webinars, seminars and events, newsletters, email services or other promotional services, Pinsent Masons LLP ordinarily acts as data controller.

In relation to local initiatives, the Pinsent Masons entity organising or delivering these may be the data controller.

Legal bases for processing

• You have provided us with your consent to use your personal information, e.g. in the course of subscribing to our newsletters, completing a survey of ours, signing-up to an event or creating an online account via our website (Article 6(1)(a) EU GDPR).
• It is necessary to pursue our legitimate interests for the purposes set out in the 'Use' section of this table (Article 6(1)(f) EU GDPR).
• It is necessary for the performance of a contract with you, e.g. in connection with the provision of legal or other professional services to you involving our online tools, products and systems (Article 1(6)(b) EU GDPR).

We process special category personal data, as necessary, with your consent (Article 9(2)(a) EU GDPR).

Types of personal data

• Identification information, e.g. title, name, the company you work for, and your job title or position.
• Contact information, e.g. your address, email address, phone number, and marketing preferences.
• Personal data contained in documents and correspondence exchanged with you or relating to you, including statements and opinions of yours or statements about you or opinions of you.
• Financial information, e.g. bank and payment card details.
• Technical information, e.g. IP address, details of visits made to our premises such as turnstile/ swipe card access logs, and details of visits made to our online services such as the volume of traffic, online registration details and login credentials.
• Diversity, health, religious beliefs or other special category personal information.
• Images, e.g. CCTV footage taken at our premises and photos taken at our seminars or events.
• Any other information relating to you which you may provide to us.

Collection

• Directly from you, e.g. when you register for our online or in-person events, seminars, or webinars, or to receive communications from us, or when you subscribe to our online services or provide information through electronic platforms made available to you in connection with services that we provide to you.
• Via our website, e.g. connection data sent to our webserver by your browser when you connect to our website.
• Via web based services such as our tech-based client solutions and sector-specific blogs, e.g. some analytical information may be collected through electronic platforms made available to you in connection with services that we provide to you.
• Other publicly available sources, subject always to our obligations under applicable law.

Use

• To complete any request you may make in relation to your marketing preferences, or other preferences relating to our communications with you.
• To provide and improve our services and products, e.g. by monitoring and recording information relating to web based services such as how and when systems are accessed and how data is uploaded, to analyse performance, subject always to our obligations under applicable law.
• To promote our services and to contact you with communications about legal updates, breaking news, newsletters and events.
• For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.
• Subject always to our obligations under applicable law, to improve your experience of our website, newsletters and other services, e.g. by monitoring and recording information relating to your browsing behaviour to make personalised content available to you more efficient and relevant.
• To facilitate our internal business operations, e.g. internal record keeping and accounting.
• Subject always to our obligations under applicable law to monitor and analyse our interactions with you to improve our relationship with you and help us to grow and develop our business.
• For information and physical security and the prevention and detection of criminal and dishonest activity, including to ensure the security of our website and premises, and protect our information systems against data breaches, viruses and similar threats, e.g. by monitoring patterns of activity, and scanning communications for appropriate content, attachments and viruses.

Disclosure

Your personal information may be transferred worldwide:

• across the Pinsent Masons group;
• to service providers who support the operation of our business;
• to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where and to the extent that we are compelled to do so by law, regulation or professional obligations; and
• to other third parties in limited circumstances, e.g. where we run a joint seminar/ webinar with a third party that you wish to attend (and where the event is a webinar, your registration name may be visible to other attendees during the event).  

Some of these recipients may be acting as data controllers. In all cases, the personal information of yours that we share will be limited to the minimum required for the relevant purpose and subject to the appropriate provisions and safeguards regarding data subjects’ rights, information security, disclosure, confidentiality and data protection. For more information about personal data transfers, please see section 3 of this policy.

Where we are instructed on a legal matter or are engaged  for other professional services we may process the personal information of clients and client contacts, counterparty contacts and litigants in person, advisors, experts, counsel, witnesses, and other individuals named in or connected with the services that we provide to our clients.

Data controller

In relation to client matter data we act as data controller, rather than as a data processor, subject to local laws and relevant data protection/ supervisory authority guidance in the jurisdictions where we operate.   The Pinsent Masons entity that is instructed on a matter will typically be the data controller in this context.

As a professional services company, we are subject to the professional codes of conduct and regulations which apply to all law firms and we are not able to agree to act only on our clients' instructions in relation to the data we process.

In relation to our global communications and business development initiatives, Pinsent Masons LLP ordinarily acts as data controller (please refer to section 2.1 of this policy for more information). For to local communications and initiatives, the Pinsent Masons entity organising or delivering these may be the data controller.

Legal bases for processing

• It is necessary to pursue our legitimate interests for the purposes set out in the 'Use' section of this table (Article 6(1)(f) EU GDPR).
• It is necessary for the performance of a contract with our client, e.g. in connection with the provision of legal or other professional services to our client (Article 1(6)(b) EU GDPR).
• To meet our legal and regulatory obligations (Article 6(1)(c) EU GDPR).
• You have provided us with your consent to use your personal information, e.g. in the course of completing a survey or signing-up to an event (Article 6(1)(a) EU GDPR).
  
  

We process special category personal data, as necessary:

• To establish, exercise or defend legal claims (Article 9(2)(f) EU GDPR).
• With your consent (Article 9(2)(a) EU GDPR).
• In relation to personal data which has been made public by you (Article 9(2)(e) EU GDPR).
• For reasons of public interest in connection with a statutory provision (Article 9(2)(g) EU GDPR).

We process criminal offence data, where necessary:

• With your consent.
• Which has been manifestly made public by the data subject.
• In relation to legal claims.
• To prevent or detect unlawful acts.
• To comply with regulatory requirements relating to unlawful acts and dishonesty and/or for reasons of public interest combined with a statutory provision (e.g., to protect the public against dishonesty, to prevent fraud).
• In relation to our obligations concerning suspicion of terrorist financing or money laundering.

We may process criminal offence data relating to:

• individuals who are involved in corporate crime cases, matters concerning victims of crime or other matters for which criminal offence information of our clients and/or their people informs our work for the client;
• non-corporate clients; and
• individuals who are connected to or involved in the structure of our corporate client entities, such as directors, beneficial owners and Politically Exposed Persons.

In respect of personal information provided to us by you or our clients in certain of the jurisdictions in which we operate, additional national data protection lawful basis requirements may apply.

Types of personal data

• Identification information, e.g. title, name, date of birth, the company you work for, your job title or position, and your passport or other official forms of ID.
• Contact information, e.g. your address, email address, phone number, and marketing preferences.
• Financial information, e.g. bank details and identifiers, and fees information.
• Professional information, e.g., your expertise and experience, feedback on your services (including opinions) from our people and/ or our clients and other information relevant and connected to how you may have performed any service referred to you by us.
• Technical information, e.g. IP address, records of your visits to our online services, your online registration details and login credentials, records of your visits to our premises (e.g. turnstile/ swipe access logs).
• Personal data contained in documents and correspondence exchanged with you or relating to you, including statements and opinions of yours or statements about you or opinions of you.
• Special category personal data, e.g. diversity, health and religious/philosophical beliefs.
• Images, e.g. CCTV footage taken at our premises and photos taken at our meetings or events.
• Other personal information provided to us by you, by our client, or by third parties on our client's behalf to inform our work for our client, or generated or sourced by us in the course or providing legal or other professional services to our client, which may include special categories of personal data and personal data relating to criminal convictions and offences or related to security measures.

   

• Any other information relating to you which you or our client may provide to us.

Collection

• Directly from you or our client, e.g. to inform our work for our client and for connected purposes such as relationship management and file opening procedures.
• From third parties, .e.g. further information to verify your identity or inform our work for our client may be collected from other professional advisers and third parties connected to a matter, publicly available resources, for example, courts and public records, company registers, official insolvency announcements, press releases published by clients, information published by media outlets including social media.
• Directly from you, e.g. when you register for our online or in-person events, seminars, or webinars, or to receive communications from us.
• When you subscribe to our online services or provide information through electronic platforms made available to you in connection with services that we provide to you.
• Via our website, e.g. connection data sent to our webserver by your browser when you connect to our website.
• Via web based services, e.g. analytical information collected through electronic platforms made available to you in connection with services that we provide to you or our client.

Use

• To deliver our services to you or our client.
• To manage and administer our relationship with you or our client, e.g., communicating with you, instruction, and conflict checking, file opening and billing procedures, and credit checks.
• To facilitate our internal business operations, e.g. internal record keeping, procurement and accounting practices.
• To establish, exercise or defend legal claims.
• As required by law and to comply with our statutory and regulatory obligations, e.g. anti-money laundering, disclosure obligations and court orders.
• To complete any request that you may make in relation to your marketing preferences, or other preferences relating to our communications with you.
• Subject always to our obligations under applicable law, to improve our services and products, e.g. by monitoring and recording information relating to web based services such as how and when systems are accessed and how data is uploaded, to ensure the integrity of documents and data files and information security.
• To promote our services and to contact you with communications about legal updates, breaking news, newsletters and events.
• For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.
• Subject always to our obligations under applicable law, to improve your experience of our website, newsletters and other services, e.g. by monitoring and recording information relating to your browsing behaviour to make personalised content available to you more efficient and relevant.
• Subject always to our obligations under applicable law, to monitor and analyse our interactions with you to improve our relationship with you and help us to grow and develop our business.
• For information and physical security and the prevention and detection of criminal and dishonest activity, including to ensure the security of our website and premises, and protect our information systems against data breaches, viruses and similar threats, e.g. by monitoring patterns of activity and scanning communications for appropriate content, attachments and viruses.
• So that you may provide a reference for us, in connection with a bid or tender, where we have agreed that you are happy to do so.
• For referral purposes: we maintain a database of legal services providers and personal information relating to other third parties such as experts for similar purposes.

Disclosure

Your personal information:

• may be transferred worldwide:
• across the Pinsent Masons group;
• to service providers who support the operation of our business, e.g., postal, courier and telecommunication service providers, financial institutions and other payment services providers, and providers of debt management services;
• to other third parties connected to, involved in or engaged by us to support our work for our client, e.g. courts and authorities, professional advisers (including accountants, financial auditors and tax advisers), legal counsel, experts, and witnesses;
• to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where and to the extent that we are compelled to do so by law, regulation or professional obligations; and
• to other third parties in appropriate circumstances, e.g. to our clients during the course of our work with them, and where we run a joint seminar/ webinar with a third party that you wish to attend (and where the event is a webinar, your registration name may be visible to other attendees during the event); and
• will be stored in:
• Pinsent Masons' information systems; and
• third party software applications and services which have been procured to support the management of the information in our care.

Some of these recipients may be acting as data controller.  In all cases, personal information of yours that is shared or stored outside of the Pinsent Masons group will be limited to the minimum required for the relevant purpose and subject to the appropriate provisions and safeguards regarding data subjects’ rights, information security, disclosure, confidentiality and data protection.  For more information about personal data transfers, please see section 3 of this policy.

If you apply for a job, work placement or vacation scheme with us, including if you proceed to the onboarding stage having been successful in your application (excluding Vario applicants; see 4.4).

In certain of the jurisdictions in which we operate, we carry out pre-employment vetting checks. For details of our pre-employment vetting practices in respect of criminal offences (UK only), please refer to section 13 of this Policy.

Data controller

For applications made to Pinsent Masons via our website, Pinsent Masons LLP is usually the data controller. If your online application is for a position in another Pinsent Masons entity, that entity may also be a data controller of the personal information that you provide via our website.

For applications made by other means, the Pinsent Masons entity to which the application is made may be data controller.

Legal bases for processing

• It is necessary to pursue our legitimate interests for the purposes set out in the 'Use' section of this table (Article 6(1)(f) EU GDPR).
• It is necessary in order for us to takes steps, at your request, to enter into a contract with you (Article 1(6)(b) EU GDPR).
• To meet our legal and regulatory obligations (Article 6(1)(c) EU GDPR).
• You have provided us with your consent to use your personal information (Article 6(1)(a) EU GDPR).

We process special category personal data, as necessary:

• With your consent (Article 9(2)(a) EU GDPR).
• In relation to personal information which has been made public by you (Article 9(2)(e) EU GDPR).
• For the purposes of carrying out the obligations and exercising specific rights of ours or yours in the field of employment and social security and social protection law (Article 9(2)(g) EU GDPR).

We process criminal offence data, where necessary, e.g., as part of the recruitment process for particular roles:

• With your consent.
• In relation to legal claims.
• To prevent or detect unlawful acts.
• To comply with regulatory requirements relating to unlawful acts and dishonesty and/or for reasons of public interest combined with a statutory provision (e.g., to protect the public against dishonesty, to prevent fraud).
• To protect the public against dishonesty.
• To prevent fraud.

For details of the pre-employment vetting practices in respect of criminal offences that we carry out in the UK only, please refer to section 13 of this Policy.

Types of personal data 

• Personal information, including name, date of birth, address, contact details, qualifications, and education and employment history.
• Next-of-kin and dependants' information.
• Special category personal data, e.g. ethnicity, health and religious/philosophical beliefs.
• Pre-employment vetting information including the results of financial and criminal records checks, verification of address and qualifications, references, official forms of ID and right to work status. For details of the pre-employment vetting practices in respect of criminal offences that we carry out in the UK only, please refer to section 13 of this Policy.
• Financial information including bank details and identifiers (e.g. National Insurance numbers).
• Personal data contained in documents and correspondence exchanged with you or relating to you, including statements and opinions of yours or statements about you or opinions of you.
• Technical information, e.g. IP address, records of your visits to our website, your online registration details and login credentials (for our website application facility), records of your visits to our premises (e.g. turnstile/ swipe access logs).
• Any other information relating to you that you may provide to us.

Collection

• Directly from you, e.g. via your application, submission of your CV, completing our diversity questionnaires, in interviews, and at recruitment events and networking occasions.
• From third parties, including recruitment agencies, our own staff by way of the Staff Introduction scheme, providers of background checking services, former employers or other referees, academic institutions, professional bodies, and publicly available resources, including professional social media such as LinkedIn. For details of the pre-employment vetting practices in respect of criminal offences that we carry out in the UK (only), please refer to section 13 of this Policy.

Use

• For our recruitment processes, including vetting and background checks where appropriate, and to assess suitability, eligibility and fitness to work. For details of the pre-employment vetting practices in respect of criminal offences that we carry out in the UK (only), please refer to section 13 of this Policy.
• For human resources administration, in respect of your application and our onboarding process (if applicable).
• For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements and the application, audit and enforcement of our policies in respect of in person meetings/ interviews and, if applicable, for your future role at Pinsent Masons.
• For information and physical security and the prevention and detection of criminal and dishonest activity, including to ensure the security of our website and premises, and protect our information systems against data breaches, viruses and similar threats, e.g. by monitoring patterns of activity and scanning communications for appropriate content, attachments and viruses.
• For reporting purposes when required to do so by law or regulation.

Disclosure

Your personal information:

• may be transferred worldwide:
• across the Pinsent Masons group;
• to service providers who support the operation of our business;
• to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where we are compelled to do so by law, regulation or professional obligations; and
• to other third parties in limited circumstances;
• will be stored in:
• Pinsent Masons' information systems; and
• third party software applications and services which have been procured to support the operation of our human resources functions.

Some of these recipients may be acting as data controller (in respect of Pinsent Masons entities, please see the ‘Data controller’ paragraph of this section 5.3).  In all cases, personal information of yours that is shared or stored outside of the Pinsent Masons group will be limited to the minimum required for the relevant purpose and subject to the appropriate provisions and safeguards regarding data subjects’ rights, information security, disclosure, confidentiality and data protection.  For more information about personal data transfers, please see section 3 of this policy.

If you apply to become, or are working with us as, a Vario.

In certain of the jurisdictions in which we operate, we carry out pre-joining vetting checks. For details of our pre-joining vetting practices in respect of criminal offences (UK only), please refer to section 13 of this Policy.

Data controller

Pinsent Masons LLP is usually the data controller in respect of processing of the personal information of Varios and applicants to the Vario business.

Legal bases for processing

• It is necessary pursue our legitimate interests for the purposes set out in the 'Use' section of this table (Article 6(1)(f) EU GDPR).
• It is necessary for the performance of a contract with you or in order for us to takes steps, at your request, to enter into a contract with you (Article 6(1)(b) EU GDPR).
• To meet our legal and regulatory obligations (Article 6(1)(c) EU GDPR).
• You have provided us with your consent to use your personal information (Article 6(1)(a) EU GDPR).

We process special category personal data, as necessary:

• With your consent (Article 9(2)(a) EU GDPR).
• In relation to personal information which has been made public by you (Article 9(2)(e) EU GDPR).
• For the purposes of carrying out the obligations and exercising specific rights of ours or yours in the field of employment and social security and social protection law (Article 9(2)(g) EU GDPR).

We process criminal offence data, where necessary, e.g., as part of the recruitment process for particular roles:

• With your consent.
• In relation to legal claims.
• To prevent or detect unlawful acts.
• To comply with regulatory requirements relating to unlawful acts and dishonesty and/or for reasons of public interest combined with a statutory provision (e.g., to protect the public against dishonesty, to prevent fraud).
• To protect the public against dishonesty.
• To prevent fraud.

For details of the pre-joining vetting practices in respect of criminal offences that we carry out in the UK (only), please refer to section 13 of this Policy.

Types of personal data

• Personal information, including name, date of birth, address, contact details, qualifications, and education and employment history.
• Next-of-kin information (where applicable, e.g. emergency contact information for Vario’s placed at Pinsent Masons).
• Special category personal data, e.g. diversity, ethnicity, health and religious/philosophical beliefs.
• Pre-employment vetting information including the results of financial and criminal records checks, verification of address and qualifications, references, official forms of ID and right to work status. For details of the pre-joining vetting practices in respect of criminal offences that we carry out in the UK (only), please refer to section 13 of this Policy.
• Character suitability information, including the results of psychometric tests.
• Financial information including bank details and identifiers, e.g. National Insurance numbers.
• Technical information, e.g. IP address, browsing preferences, online registration details and login credentials, records of your visits to our premises (e.g. turnstile/ swipe access logs).
• Personal data contained in documents and correspondence exchanged with you or relating to you, including statements and opinions of yours or statements about you or opinions of you.
• Any other information relating to you that you may provide to us.

Collection

• Directly from you, e.g. via your application to become a Vario, submission of your CV, completion of our diversity questionnaires, populating your information in our CRM System, when you visit our premises, in interviews, in catch-ups, and at events and networking occasions.

• From third parties, including recruitment agencies, clients of ours with whom you may be placed, providers of background checking services, providers of psychometric testing, former employers or other referees, academic institutions, professional bodies, and publicly available resources, including professional social media platforms such as LinkedIn. For details of the pre-joining vetting practices in respect of criminal offences that we carry out in certain of the jurisdictions in which we operate, please refer to section 13 of this Policy.

Use

• For recruitment purposes, including vetting and background checks where appropriate, and to assess suitability, eligibility and fitness to work. For details of the pre-joining vetting practices in respect of criminal offences that we carry out in the UK (only), please refer to section 13 of this Policy.
• For human resources administration and management purposes including remuneration, managing all aspects of our relationship with you, and connecting and placing Varios with suitable clients.
• For health and safety reasons (e.g. to inform access, adjustment and dietary requirements for interviews, placements and for our meetings and events), and for the application, audit and enforcement of our policies and other terms and conditions relating to you becoming or working as a Vario.
• For information security and the prevention and detection of criminal and dishonest activity, including to ensure the security of our website and premises, and protect our information systems against data breaches, viruses and similar threats, e.g. by monitoring patterns of activity and scanning communications for appropriate content, attachments and viruses.
• For any other purposes connected with you being or becoming a Vario.

Disclosure

Your personal information:

• may be transferred worldwide:
• across the Pinsent Masons group;
• to service providers who support the operation of our business;
• with Pinsent Masons' clients who are considering, or have contracted for, a Vario assignment;
• to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar, where and to the extent we are compelled to do so by law, regulation or professional obligations; and
• to other third parties in limited circumstances, e.g. where we run a joint seminar/ webinar with a third party that you wish to attend (and where the event is a webinar, your registration name may be visible to other attendees during the event);
• will be stored in:
• Pinsent Masons' information systems; and
• third party software applications and services which have been procured to support the operation of the Vario team.

Some of these recipients may be acting as data controller.  In all cases, personal information of yours that is shared or stored outside of the Pinsent Masons group will be limited to the minimum required for the relevant purpose and subject to the appropriate provisions and safeguards regarding data subjects’ rights, information security, disclosure, confidentiality and data protection.  Once your information has been shared with a client in respect of a Vario assignment in which you have expressed an interest, that client may make your personal information available to other third parties. The client's privacy policies will detail how it may further process your personal data.

For more information about personal data transfers, please see section 3 of this policy.

If you are: a supplier or other service provider, or you work for or represent a supplier or service provider; an individual named in or connected with matters on which we are advising a client, including counterparty contacts and litigants in person, advisors, experts, counsel, witnesses, and other individuals named in or connected with the services that we provide to our clients; or you work from a sublet area of a building that we own or for which Pinsent Masons has the main tenancy. 

Data controller

In relation to services procured for the global Pinsent Masons group, Pinsent Masons LLP ordinarily acts as data controller.  For services procured locally, the Pinsent Masons entity engaging you for those services may be the data controller.

In relation to individuals named in or connected with maters on which we are advising a client, the Pinsent Masons entity that is instructed on the matter will typically be the data controller.

Legal bases for processing

• It is necessary to pursue our legitimate interests for the purposes set out in the 'Use' section of this table (Article 6(1)(f) EU GDPR).
• It is necessary for the performance of a contract with you (Article 6(1)(b) EU GDPR).
• To meet our legal and regulatory obligations (Article 6(1)(c) EU GDPR).
• You have provided us with your consent to use your personal information (Article 6(1)(a) EU GDPR).

We process special category personal data, as necessary:

• To establish, exercise or defend legal claims (Article 9(2)(f) EU GDPR).
• With your consent (Article 9(2)(a) EU GDPR).
• In relation to personal data which has been made public by you (Article 9(2)(e) EU GDPR).
• For reasons of public interest in connection with a statutory provision (Article 9(2)(g) EU GDPR).

We process criminal offence data, where necessary:

• With your consent.
• Which has been manifestly made public by the data subject.
• In relation to legal claims.
• To prevent or detect unlawful acts.
• To comply with regulatory requirements relating to unlawful acts and dishonesty and/or for reasons of public interest combined with a statutory provision (e.g., to protect the public against dishonesty, to prevent fraud).
• To protect the public against dishonesty.
• To prevent fraud.
• In relation to our obligations concerning suspicion of terrorist financing or money laundering.

We may process criminal offence data relating to individuals who are:

• involved in corporate crime cases, matters concerning victims of crime or other matters for which criminal offence information informs our work for our clients;
• client counterparties; and
• connected to or involved in the structure of our corporate client entities, our corporate client counterparty entities and our suppliers and service providers, such as directors, beneficial owners and Politically Exposed Persons.

Types of personal data

• Personal identifiers e.g. title, name, date of birth, address, email address and phone number.
• Professional contact information, e.g. the organisation you work for, your job title or position, address, email address and phone number.
• Professional information, e.g., your expertise and experience, feedback on your services (including opinions) from our people and/ or our clients and other information relevant and connected to how you may have performed any service referred to you by us.
• Financial information, e.g. bank details and identifiers, and fees information.
• Personal data contained in documents and correspondence exchanged with you or relating to you, including statements and opinions of yours or statements about you or opinions of you.
• Where you are named in or connected with matters on which we are advising a client, any personal information about you provided to us by or on behalf of our clients or generated by us in the course or providing legal services to our clients, which may include special categories of data.
• Diversity, health or religious beliefs information.
• Images, e.g. CCTV footage taken at our premises and photos taken at our meetings or events.
• Technical information, e.g. IP address, details of visits made to our premises such as turnstile/ swipe card access logs, and details of visits made to our online services such as the volume of traffic, online registration details and login credentials.
• Any other information relating to you which you may provide to us.

Collection

• Directly from you.
• From the organisation that you work for.
• From our clients.
• From third parties, such as other professional advisers and third parties connected to a matter, and through publicly available sources including court and public records and social media.

Use

• To deliver our services to our clients.
• For referral purposes: we maintain a database of legal services providers and personal information relating to other third parties such as experts for similar purposes.
• To manage and administer our relationship with you e.g. communicating with you, and instruction and billing procedures.
• To facilitate our internal business operations, e.g. internal record keeping, and procurement and accounting practices (in respect of suppliers and other service providers).
• To establish, exercise or defend legal claims.
• As required by law and to comply with our statutory and regulatory obligations, e.g. anti-money laundering, disclosure obligations and court orders.
• For the prevention and detection of criminal activity.
• For information and physical security and the prevention and detection of criminal and dishonest activity, including to ensure the security of our website and premises, and protect our information systems against data breaches, viruses and similar threats, e.g. by monitoring patterns of activity and scanning communications for appropriate content, attachments and viruses.
• So that you may provide a reference for us, in connection with a bid or tender, where we have agreed that you are happy to do so.

• For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.

Disclosure

Your personal information:

• may be transferred worldwide:
• across the Pinsent Masons group;
• to service providers who support the operation of our business;
• to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where we are compelled to do so by law, regulation or professional obligations;
• to other third parties in appropriate circumstances, e.g. to our clients during the course of our work with them and where we run a joint seminar/ webinar with a third party that you wish to attend (and where the event is a webinar, your registration name may be visible to other attendees during the event); to an organisation that sublets space in our premises upon that organisation’s request in respect of building access information (subject always to our obligations under applicable law); and
• will be stored in:
• Pinsent Masons' information systems; and
• third party software applications and services which have been procured to support the management of the information in our care.

Some of these recipients may be acting as data controller.  In all cases, personal information of yours that is shared or stored outside of the Pinsent Masons group will be limited to the minimum required for the relevant purpose and subject to the appropriate provisions and safeguards regarding data subjects’ rights, information security, disclosure, confidentiality and data protection.  For more information about personal data transfers, please see section 3 of this policy.