Bird & Bird is responsible for your personal data. Bird & Bird comprises Bird & Bird LLP (an LLP incorporated in England & Wales, registered number OC340318) and its subsidiary undertakings (referred to collectively as "Bird & Bird" or "we" or "our"). Information on our subsidiaries can be found here. For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 (the "GDPR")), your data will be controlled by the Bird & Bird affiliate or subsidiary undertaking that you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data. This Notice applies to all such entities.
Questions, comments and requests regarding this Notice are welcomed and should be addressed to Privacy Team, [email protected], or send a letter to Bird & Bird LLP, Privacy Team, 12 New Fetter Lane, London EC4A 1JP.
In Germany please send an email to our Data Protection Officer for Germany, Valerian Jenny: [email protected], or Bird & Bird LLP, Datenschutzbeauftragter, Carl-Theodor-Strasse 6, 40213 Düsseldorf Germany.
Bird & Bird GDPR Representative SRL (in the EEA or the UK) acts as a EU and/or UK GDPR Representative for several global clients, if you wish to contact your representative, email them at [email protected].
Personal data we collect
We collect and process the following personal data from you:
Identity and Contact Data, including your name, address, telephone number, date of birth, marital status, passport number, employment history, educational or professional background, tax status, employee number, job title and function, and other personal data concerning your preferences relevant to our services;
Financial and Payment Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
Business Information, including information provided in the course of the contractual or client relationship between you or your organisation and Bird & Bird, or otherwise voluntarily provided by you or your organisation;
Information relevant to our legal advice, including personal data relevant to any dispute, grievance, investigation, arbitration, or other legal advice we have been asked to provide to our client;
Technical Data, including information collected during your visits to our website(s), the Internet Protocol (IP) address, login data, browser type and version, device type, time zone
When we use analytic cookies, Profile and Usage Data and Technical Data (as defined above) are collected and used.
Physical Access Data, relating to details of your visits to our premises;
Sensitive personal data: In the course of our client services, we may represent you and/or your organisation in legal matters that require us to collect and use sensitive personal information relating to you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life and sexual orientation or details of criminal offences, or genetic or biometric data).
For example, if we represent you in a criminal case, we will collect information about the alleged offences and any related criminal history and or international sanctions. In some employment representations, such as disputes involving alleged discrimination, information about medical conditions, race, religion and/or sexual orientation may be relevant to the representation. Similarly, representations in tax or social security matters may also require us to collect sensitive personal information, such as if we are advising on whether certain disabilities qualify for social security or tax benefits. Where we process sensitive personal information in the course of these and other similar client services, we do so to assist you and/or your organisation to establish, exercise or defend legal claims or to assist you and/or your organisation in fulfilling the rights and obligations of applicable employment or social security laws.
Information about other people
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
How do we collect your personal data?
The circumstances in which we can collect personal data about you include:
when you or your organisation seek legal advice from us or use any of our online client services;
when you or your organisation offer to provide, or provides, services to us;
when it is provided to us by a third party because you are the subject of, or your data is otherwise included in, legal advice we are asked to provide to that third party client (for example, where we are asked to provide advice in an employment dispute, or where you are the subject of an investigation we are asked to conduct)
when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our lawyers, consultants and staff;
when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms;
when you attend our seminars or other events or sign up to receive personal data from us, including training;
by making enquiries from your organisation, other organisations with whom you have dealings such as former employers and educational institutions, or from third party sources such as government agencies, a credit reporting agency, information service providers or from publicly available records.
If you fail to provide personal data
Where we need to collect personal data by law or in order to process your instructions or perform a contract we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.
How will we use your personal data?
We use your personal data only for the following purposes:
To fulfil a contract, or take steps linked to a contract, with you or your organisation. This includes:
to register you as a client of Bird & Bird;
to provide and administer legal services or other services or solutions, as instructed by you or your organisation;
to process payments, billing and collection; and
to process applications for employment.
As required by Bird & Bird to conduct our business and pursue our legitimate interests, in particular:
to administer and manage our relationship with you, including accounting, auditing, and taking other steps linked to the performance of our business relationship including identifying persons authorised to represent our clients, suppliers or service providers;
to carry out background checks, where permitted;
to analyse and improve our services and communications and to monitor compliance with our policies and standards;
to manage access to our premises and for security purposes;
to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
for insurance purposes;
to exercise or defend our legal rights or to comply with court orders;
to provide legal advice and legal services to our clients; and
to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives; to send you details of client surveys, marketing campaigns, market analysis, or other promotional activities; and
to collect information about your preferences to personalise and improve the quality of our communications with you.
For purposes required by law, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws). This can include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity, or making records of our communications with you for compliance purposes.
Save as otherwise set out in this Privacy Notice, where personal data is collected as part of our customer due diligence processes, such personal data will only be used for the purposes of preventing money laundering, terrorist financing or proliferation financing. It will not be used for any other purpose without your consent. We will not use your personal data for taking any automated decisions affecting or creating profiles other than as described above.
Disclosure of your personal data
We share your personal data, in the following circumstances:
with our subsidiary undertakings and/or affiliates for the purposes of providing you with our services as described in this Privacy Notice. You can see more about our group entities here;
with third parties including certain service providers we have retained in connection with the legal services we provide, such as barristers, consultants, mediators, or experts and other legal specialists such as law firms for obtaining specialist or foreign legal advice, translators, education evaluation services, couriers, or other necessary entities;
if we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
on a confidential basis with third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve our services
with companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
with service providers who we engage within or outside of Bird & Bird, domestically or abroad, e.g. shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only;
if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
Information we transfer
When we transfer your information to other countries, we will use, share and safeguard that information as described in this Notice. To provide legal and other services, we may transfer the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses.
All Bird & Bird offices throughout the world ensure a level of data protection at least as protective as that required in the European Economic Area.
For further information, including obtaining a copy of the documents used to protect your information, please contact us on [email protected].
Security of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Updating personal data about you
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to [email protected]. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
You have various rights with respect to our use of your personal data:
Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us.
Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
Erasure: You have the right to [ask/require] us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.
You may, at any time, exercise any of the above rights, by contacting [email protected] together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.
Right to withdraw consent
If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
To opt-out of receiving our marketing communications t please follow the opt-out links on any marketing message sent to you or contact [email protected]. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our legal services.
How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Bird & Bird to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at [email protected].
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
Changes to our Privacy Notice
We reserve the right to update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Notice.
Supplemental privacy provisions concerning Australia
The following provisions apply in Australia in addition to the provisions of the Privacy Notice set out above.
Personal data we collect
In Australia, sensitive personal data also includes philosophical beliefs or membership of a political association or a professional or trade association.
Information we transfer
We may share your personal information with offices of Bird & Bird LLP and its affiliated and associated businesses outside Australia. The locations of those offices can be found at www.twobirds.com.
Right to withdraw consent
If you choose not to provide personal information, or withdraw consent to our use or disclosure of such information, we may not be able to provide some of the services you have requested from us.
Your Rights: Additional Australian contact
If you have any queries or wish to make a complaint about our privacy practices or our compliance with the Australian Privacy Principles, then please contact the privacy officer at [email protected], and we will use our reasonable efforts to promptly address your concerns or complaint.