Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Datenschutzhinweise

Last updated: May 2018

Introduction

  • We are an international law firm that is committed to safeguarding the privacy and security of the personal information provided to us.
  • This policy sets out how we collect your personal information, what we do with it, how we keep it secure and explains your rights in relation to any personal information we hold about you.
  • More information can be provided upon request. Please contact us by sending an email to PrivacyTeam@pinsentmasons.com.
  • This is our global privacy policy.  You can find a list of our offices and the jurisdictions in which we operate as well as country specific information here.

Who we are

Pinsent Masons provides legal services globally via a number of entities. Most of the firm’s main IT systems are located in the UK and controlled by Pinsent Masons LLP. We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers, employees and partners comply with data protection laws in relation to the information we handle. 

Depending on the location where legal or other services are provided, another entity in the Pinsent Masons group may be the data controller in relation to your personal information.  For country specific information please click here.

When we say ‘we’ or ‘us’ in this policy, we’re generally referring to Pinsent Masons LLP, its subsidiaries and any affiliates which it or its partners operate as separate businesses, such as Out-Law, Vario, MPillay and other Pinsent Masons affiliates worldwide. Reference to ‘Pinsent Masons’ is to Pinsent Masons LLP and/ or one or more of those subsidiaries or affiliates as the context requires.

Our privacy team oversees our compliance with data protection laws and this policy and provides guidance and advice to the firm, our employees and partners as required.

In addition, our Compliance Officer for Legal Practice (COLP) oversees compliance with our professional responsibilities and the reporting of any failures to comply with legislative requirements, including data protection.

Why do we process your personal information?

We process your personal information where:

  • it is necessary for the performance of a contract with you (eg. to provide legal services to you);
  • you have provided us with your consent to use your personal information (eg. in the course of subscribing to our newsletter or Out-Law.com);
  • we are required or authorised by law to do so; or 
  • it is necessary to pursue our legitimate interests in a way which is reasonably expected as part of running our business, which is not detrimental to you and would have minimal impact on your privacy.

Examples of where our use of personal information is necessary to pursue our legitimate interests include:

  • monitoring and recording information relating to your browsing behaviour on our website to make personalised content available to you;
  • monitoring and recording information relating to web based services including how and when the system is accessed and how data is uploaded for the purposes of analysing the performance of and improving the quality of the products and services we provide to you;
  • processing information relating to our client contacts to send them information about our products and services.  This helps to facilitate our business development activities including building relationships with current and prospective clients; and
  • using our CRM system to analyse how our contacts interact with the firm which helps to inform our business development activities and determine how we grow our business.

Collection, use and disclosure of your personal information

We collect and process personal information:

  • relating to online service users, subscribers to our newsletters and other promotional materials;
  • obtained or created in relation to the legal services we provide;
  • relating to individuals who apply for a job or work placement with us;
  • relating to our employees, partners and contractors;
  • relating to Varios and prospective Varios; and
  • relating to other third parties.

Information about collection, use and disclosure of personal information relating to our employees and partners can be found in our Data Protection Policy.

The personal information we collect will include the types of data shown below. If you would like to access the personal information we hold about you, please contact us in writing at DataSubjectRequest@pinsentmasons.com.  

Online service users, subscribers to our newsletters and other promotional material

 
Types of personal data Identification information (eg. title, name, the company you work for, or your job title).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. in relation to paying for an event).

Technical information (eg.  IP address, browsing preferences, details of visits made to our online services, online registration details and login credentials).

Health or religious beliefs information (eg. access and dietary requirements for our events).

Images (eg. CCTV/ photos taken when attending our events).

Any other information relating to you which you may provide to us.
Collection Via CRM system

when you register to receive legal updates, or we otherwise receive your contact details.

Via Out-Law

Data collected by us on our Out-Law.com website is stored in and processed by our CRM system.
Use To complete any request you may make in relation to your marketing preferences.

To provide and improve our services and products to you.

To promote our services and to contact you with communications about legal updates, breaking news, newsletters and event invitations.

To improve website user experiences.

To facilitate our internal business operations.

Monitoring and analysing our interactions with you to improve our relationship with you and help us to grow our business.

Make users' experiences more efficient and understand how we can improve your browsing experience and the services Pinsent Masons provides.

Analyse what subjects are of interest to particular users so that we can improve the content in our newsletters and promotional material.

For the prevention and detection of criminal activity.
Disclosure Your personal information:

  may be transferred worldwide to our affiliates, and to service providers who support the operation of our business;

  which is shared with service providers will be limited to the minimum required for providing the service and will be adequately protected; and

  will not be given to other third parties, apart from in limited circumstances including where we run a joint seminar and you book onto it. 

Providing legal services

 
Types of personal data Identification information (eg. title, name, the company you work for, your job title or position).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. in relation to paying for services).

Technical information (eg.  IP address, details of visits made to our online services such as the volume of traffic received, logs, online registration details and login credentials).

Health or religious beliefs information (eg. access and dietary requirements for our events).

Images (eg. CCTV/ photos when attending our meetings or events).

Personal information provided to us by or on behalf of our clients or generated by us in the course or providing legal services to you, which may include special categories of data.

Any other information relating to you which you may provide to us. 
Collection Directly from you

Relationship management and file opening information is collected from you directly.

Where we have direct contact with you as an individual identified in a matter on which we are advising our client, we may collect information directly from you.

From Third Parties

Some further information (eg. to verify your identity) may be collected from third parties, such as publicly available sources.

Where you are named in or connected with matters on which we are advising our client, we will collect information about you directly from our client.

Via web based services

Some information may be collected via a web based service you are using (eg. document production services on SmartDelivery).
Use Provide and improve our legal services to you.

Manage and administer our relationship with you.

Meet our commercial requirements (eg. creditworthiness).

Facilitate our internal business operations.

Establish, exercise or defend legal claims.

As required by law and to comply with our statutory/ regulatory obligations (eg. anti-money laundering).

In relation to our web based services we will monitor and record information relating to use of the services. This will include how and when the system is accessed and how data is uploaded.

For the prevention and detection of criminal activity.

Health and safety and the application, audit and enforcement of our policies.
Disclosure Your personal information: 

  may be transferred worldwide to our affiliates, and to service providers who support the operation of our business; 

  which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected; and

  may be transferred to other third parties such as our insurers, legal and other professional advisors, regulators, administrators and government departments, who may be acting as data controller.

Applicants who apply for a job, work placement or vacation scheme with us

 
Types of personal data Personal data such as name, address, contact details, education and employment history; background checks (financial and criminal), ID and right to work status; information relating to next of kin/ dependants.

Financial information including bank details and identifiers (eg. National Insurance numbers).
Collection Personal data will be collected from a number of sources including your application form/ CV; providers of background checks (eg. Experian) and referees.
Use Human resources administration.

Assessing suitability, eligibility and/ or fitness to work. 

Health and safety and the application, audit and enforcement of our policies.
Disclosure Your personal information may be:

  transferred worldwide to our affiliates, and to service providers who support the operation of our business; and

  stored within Pinsent Masons' information systems and within third party software applications and services which have been procured to support the operation of the HR function. When information is shared with service providers it is limited to that which is required for providing the service and will be adequately protected.

Varios, including prospective Varios

 
Types of personal data Identification information (eg. title, name, the company you work for, your job title or position).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. payment-related information).

Technical information (eg.  IP address, browsing preferences, details of visits made to our online services such as the volume of traffic received, logs, online registration details and login credentials).

Health or religious beliefs information (eg. access and dietary requirements for our events).

Images (eg. CCTV/ photos taken when attending our events) and swipe card access.

Diversity information (eg. sex, gender, ethnicity in diversity questionnaires).

Employment and education history, background checks and character suitability references (eg. criminal records checks and psychometric tests).

Any other information relating to you which you may provide to us.
Collection Directly from you 

Application forms and CVs.

Interviews.

Catch-ups and any other communication with you.

Events and networking.

From Third Parties 

Providers of background checks and referees.

Providers of psychometric testing.

Public domain (eg. LinkedIn or other social media).

Clients of a relevant assignment.

Pinsent Masons' information systems.
Use Administration and management purposes including connecting Varios with suitable clients.

Assessing suitability, eligibility and/or fitness to work.

Performance management.

Training and development.

Pay and remuneration.

Health and safety and the application, audit and enforcement of our policies and other terms and conditions relating to you working as a Vario.

Ensuring our information and offices are secure.

Monitoring use of the @pinsentmasonsvario.com email address and other information systems made available to you by Pinsent Masons.

For the prevention and detection of criminal activity.

Any other purposes connected with you being a member of the Vario hub.
Disclosure Your personal information may be:

  stored worldwide within Pinsent Masons' information systems and within third party software applications and services which have been procured to support the operation of the Vario team. When information is shared with service providers it is limited to that which is required for providing the service and will be adequately protected;

  transferred to other third parties such as our insurers, legal and other professional advisors, regulators, administrators and government departments, who may be acting as data controller; and

   shared with Pinsent Masons' clients who are considering a Vario assignment. Once you have established an interest in a particular assignment, that client may make such information available to their advisers, insurers or suppliers, regulatory authorities, governmental or quasi-governmental organisations. The client's privacy policies will detail how it may further process your personal data.

Third Parties, including suppliers, experts and other service providers

 
Types of personal data Identification information (eg. title, name, the company you work for, your job title or position).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. payment-related information).
Collection Directly from you

Relationship management information is collected from you directly.

From Third Parties

Some further information may be collected from third parties, such as publicly available sources.
Use Manage and administer our relationship with you.

Meet our commercial requirements (eg. creditworthiness).

Facilitate our internal business operations.

As required by law and to comply with our statutory/ regulatory obligations (eg. anti-money laundering).
Disclosure Personal information: 

  may be transferred worldwide to our affiliates, and to other service providers who support the operation of our business; 

  which is shared will be limited to that which is required to enable us to facilitate our internal business operations and will be adequately protected; and

  transferred to other third parties such as our insurers, legal and other professional advisors, regulators, administrators and government departments, who may be acting as data controller.

How long do we keep your information for?

We will always retain your personal information in accordance with applicable law, regulation and our data retention schedule which sets out the appropriate retention period for the information held by Pinsent Masons.  We will never retain your information for longer than is necessary, taking account of factors such as:

  • how long we need to keep the data for in the event of any claims or litigation;
  • guidance from official bodies such as the ICO and SRA;
  • how long we need to keep the data to fulfil the original purpose for which it was collected;
  • the nature and sensitivity of personal data; and
  • compliance with legal obligations (eg. to preserve data relevant to official investigations).

If you want to learn more about our specific retention periods please contact us at PrivacyTeam@pinsentmasons.com.

How do we protect your data?

The protection and security of your personal information is a number one priority for Pinsent Masons. We have a dedicated team who enforce and assure good industry security practices across all the countries we operate in. This enables us to secure and protect personal data from loss or unauthorised disclosure or damage in a consistent and appropriate manner. The firm adheres to ISO 27001, NIST and PCI DSS standards to ensure the relevant controls are in place across the business and they are certifiable.

Your rights

We process the personal information we hold about you in line with your rights under applicable law. You have the right:

  • to request a copy of your personal information;
  • for your information to be processed by us fairly and in a transparent way;
  • to object to decisions that we take solely by automated means in relation to your personal information which may have a legal or similarly significant effect on you;
  • to object to processing of your personal information where we do so for the purposes of our legitimate interests; 
  • to request that any inaccurate personal information we hold about you is corrected or deleted;
  • to request that we delete your personal information under certain circumstances; and
  • to opt out of receiving electronic communications from us.

Should you wish to make a request in line with your rights as an individual, please send it in writing to DataSubjectRequest@pinsentmasons.com.

How to change your marketing preferences

You will receive an email from us when your contact details are added to our contacts database. You can access your profile at any time to amend your information or preferences and to unsubscribe from our marketing communications by visiting our preference centre via the link provided at the foot of each marketing email. 

Alternatively, if you no longer want to receive any marketing from us, please send an email to InterActionTeam@pinsentmasons.com and we will action your request. Please note it can take up to 72 hours for your request to take effect.

How to make a complaint

You should direct any complaint relating to how the firm has processed your personal information to PrivacyTeam@pinsentmasons.com.

We hope that we can resolve any query or concern you raise about our use of your personal information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns.

Cookies and other technologies

Information on how we use cookies can be found here.

Links to other websites

We sometimes provide you with links to other websites, but these websites are not under our control. We will not be liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by these websites.

We recommend that you check the privacy policy and terms and conditions on each website to see how each third party will process your information.

Transfer of data between jurisdictions

As an international law firm, personal information may be transferred between our various offices worldwide (as listed on www.pinsentmasons.com) due to, for example, our shared IT systems and/or cross border working. We also use a number of suppliers in connection with the operation of our business and they may have access to the personal information we process for the purposes of supporting our business processes.  For example, an IT supplier may see your personal information when providing software support or a company which we use for a marketing campaign may process contacts' personal information for us.

When contracting with suppliers and/or transferring personal information to a different jurisdiction, the firm takes appropriate steps to ensure that your information is treated securely and the means of transfer provide adequate safeguards in accordance with applicable law.

Contact information

Privacy Team, 19 Cornwall Street, Birmingham, B3 2DT, United Kingdom

PrivacyTeam@pinsentmasons.com

Glossary of terms

In this policy these terms have the following meanings:-

"client" any person or organisation to whom the firm provides a service and who is identified as a client on the firm's practice management system, regardless of whether time is recorded or a fee is charged; 
"contact"  an individual who is a contact of the firm, including any client, any potential or former client, any supplier, any consultant, or any another professional advisor and any other contact of the firm; 
"CRM" the firm's client relationship management system, InterAction;
"data" recorded information whether stored electronically, on a computer, or in certain paper-based filing systems; 
"data controller" a person who or organisation which determines how personal information is processed and for what purposes. The equivalent term under the data protection law applicable to Hong Kong is "data user"; under the law applicable to Singapore it is simply referred to as an "organisation"; and under Australian law it is an "agency" or "organisation";
"individual" or "you" the person whose personal information is being collected, held or processed; 

"personal information" information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which the firm has or is likely to have in its possession. These individuals are sometimes referred to as data subjects;
"policy" the global privacy policy as amended from time to time;

"process" or "processing" any activity that involves personal information. It includes obtaining, recording or holding the personal information, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal information to third parties as a result of those third parties having access to it;
"Vario"

consultant lawyer working for Pinsent Masons' freelance legal resource business.