Last updated May 2018
DLA Piper is a global law firm operating through a number of separately constituted and regulated legal entities which provide legal and other client services in accordance with the relevant laws of the jurisdictions in which they respectively operate. Details of the different DLA Piper entities that provide legal services or other services to clients can be found here.
DLA Piper UK LLP and DLA Piper LLP (US) are the joint data controllers responsible for your personal information processed via the Site.
Please note that depending on which DLA Piper entity you contract with to provide Services, the following entities may also be data controllers responsible for processing your personal information in relation to the Services:
We may collect personal information from you in the course of our business, including through your use of our Site, when you contact or request information from us, when you engage our legal or other services or as a result of your relationship with one or more of our staff or clients.
Our primary goal in collecting personal information from you is to help us:
- verify your identity
- deliver our Services
- improve, develop and market new Services
- carry out requests made by you on the Site or in relation to our Services
- investigate or settle inquiries or disputes
- comply with any applicable law, court order, other judicial process, or the requirements of a regulator
- enforce our agreements with you
- protect the rights, property or safety of us or third parties, including our other clients and users of the Site or our Services
- with recruitment purposes, and
- use as otherwise required or permitted by law.
To undertake these goals we may process the following personal information:
- If you are a visitor to the Site:
- Name and job title.
- Contact information including the company you work for, email address and social media account where appropriate.
- Demographic information such as your address, preferences and interests.
- Other information relevant to the provision of Services.
- If you are an individual client in receipt of our Services or prospective individual client:
- Name and job title.
- Contact information including the company you work for and email address, where provided.
- Payment information.
- Information that you provide to us as part of us providing the Services to you, which depends on the nature of your instructions to DLA Piper.
- Relevant information as required by Know Your Client and/or Anti-Money Laundering regulations and as part of our client intake procedures. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from you or through the use of online sources or both.
- Information you provide to us for the purposes of attending meetings and events, including dietary requirements which may reveal information about your health or religious beliefs.
- Other information relevant to provision of Services.
DLA Piper is primarily engaged by corporate entities and as such those instructors are not data subjects. However, as part of such instructions personal information may be provided to us (e.g. personal information relating to any of our corporate clients' or prospective clients' officers or personnel, any opponent or vendor or purchaser or personal information relating to their legal advisors or personnel, as relevant or similar).
If you are an individual whose personal information is processed by us as a result of providing the Services to others (including individual clients and corporate clients) we will process a variety of different personal information depending on the Services provided.
This may include personal information relating, without limitation, to any of our corporate clients' or prospective clients' officers or personnel, any opponent or vendor or purchaser personal information including personal information relating to their legal advisors, other advisors or personnel as relevant or similar.
For instance, if we are providing pensions advice to trustees, we may be provided with and then process (amongst other information) details of benefit entitlement, pensionable service, pensionable salary, contact information, date of birth and gender in respect of members of pension schemes.
We might also need to process personal information in relation to other third parties instructed either by our own clients or other persons or companies involved with us providing the Services to our client (for instance other law firms, experts etc.).
This is a non-exhaustive list which is reflective of the varied nature of the personal information processed as part of a law firm providing legal services.
For clients and prospects, we also collect information to enable us to market our products and Services which may be of interest to you. For this purpose we collect:
- Name and contact details.
- Other business information such as job title and the company you work for.
- Areas or topics that interest you.
- Additional information may be collected such as events you attend and if you provide it to us, dietary preferences which may indicate data about your health or religious beliefs.
If you are a potential recruit to join DLA Piper:
- Name and job title.
- Contact information including email address.
- Curriculum vitae, including your age and/or gender if you provide it to us, your education, employment history and similar matters and similar information that you may provide to us.
- Other information relevant to potential recruitment to DLA Piper.
We may use your information for the following purposes:
- Marketing communications
We carry out the following marketing activities using your personal information:
- Postal marketing
- Email marketing
We use information that we observe about you from your interactions with our Site, our email communications to you and/or with Services (see the Client Insight and Analysis section below for more details of the information collected and how it is collected) to send you marketing communications.
- What is our legal basis?
It is in our legitimate interest to use your personal information for marketing purposes.
We will only send you marketing communications where you have consented to receive such marketing communications, or where we have a lawful right to do so.
- Client insight and analysis
We analyse your contact details with other personal information that we observe about you from your interactions with our Site, our email communications to you and/or with our Services such as the Services you have viewed.
Our web pages contain "cookies" "web beacons" or "pixel tags" ("Tags"). Tags allow us to track receipt of an email to you, to count users that have visited a web page or opened an email and collect other types of aggregate information. Once you click on an email that contains a Tag, your contact information may subsequently be cross-referenced to the source email and the relevant Tag.
- an IP address to monitor Site traffic and volume;
- a session ID to track usage statistics on our Site;
- information regarding your personal or professional interests, demographics, experiences with our products and contact preferences.
In some of our email messages, we use a "click-through URL" linked to certain website administered by us or on our behalf.
By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of offers our registered users like to see.
We also use this information for marketing purposes (see the marketing section above for further details).
- What is our legal basis?
Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients.
Any other purposes for which we wish to use your personal information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details, where available.
It is necessary for us to use your personal information;
- To perform our obligations in accordance with any contract that we may have with you.
- It is in our legitimate interest or a third party's legitimate interest to use personal information in such a way to ensure that we provide the Services in the best way that we can.
- It is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
DLA Piper is a global law firm and any information that we collect or that you provide to us may be shared and processed by any DLA Piper entity. You can find out more about the DLA Piper entities and locations here.
We may also share personal information with a variety of the following categories of third parties as necessary:
- Our professional advisers such as lawyers and accountants.
- Government or regulatory authorities.
- Professional indemnity or other relevant insurers.
- Regulators/tax authorities/corporate registries.
- Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers.
- Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, court, opposing party and their lawyers, document review platforms and experts such as tax advisors or valuers.
- Third party service providers to assist us with client insight analytics, such as Google Analytics.
- Third party postal or courier providers who assist us in delivering our postal marketing campaigns to you, or delivering documents related to a matter.
- Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can.
As mentioned above, we may appoint sub-contractor data processors as required to deliver the Services, such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers, who will process personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers where necessary to deliver the Services (for example, but without limitation, accountants, barristers or other third party experts including but without limitation DLA Piper LLP (US) and other DLA Piper firms or entities). When doing so we will comply with our legal and regulatory obligations in relation to the personal information, including but without limitation, putting appropriate safeguards in place.
- What is our legal basis?
It is necessary for us to perform our obligations in accordance with any contract that we may have with you.
It is in our legitimate interest or a third party's legitimate interest to use personal information in such a way to ensure that we provide the Services in the best way that we can.
In order to provide the Services we may need to transfer your personal information to locations outside the jurisdiction in which you provide it.
If you are based within the European Economic Area (EEA), please note that where necessary to deliver the Services we will transfer personal information to countries outside the EEA (including to DLA Piper LLP (US) and other DLA Piper entities).
All the DLA Piper entities have signed a data sharing agreement which is based on the EU standard contractual clauses to ensure we will comply with our legal and regulatory obligations in relation to personal information, including having a lawful basis for transferring personal information and putting appropriate safeguards in place to ensure an adequate level of protection for the personal information.
For visitors to the Site, we will retain relevant personal information for at least three years from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation or similar legislation around the world, or for longer if we are required to do so according to our regulatory obligations or professional indemnity obligations.
For Service provision to any client, we will retain relevant personal information for at least six years from the date of our last interaction with that client and in compliance with our obligations under the EU General Data Protection Regulation or similar legislation around the world, or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations. We may then destroy such files without further notice or liability.
If personal information is only useful for a short period e.g. for specific marketing campaigns we may delete it.
We are committed to keeping the personal information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.
You have the following rights in relation to the personal information we hold about you:
- Your right of access
If you ask us, we'll confirm whether we're processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Your right to rectification
If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we've shared your personal information with others, we'll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.
- Your right to erasure
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we've shared your personal information with others, we'll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.
- Your right to restrict processing
You can ask us to 'block' or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we've shared your personal information with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.
- Your right to data portability
You have the right, in certain circumstances, to obtain personal information you've provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- Your right to object
You can ask us to stop processing your personal information, and we will do so, if we are:
- relying on our own or someone else's legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
- processing your personal information for direct marketing purposes.
- Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
- Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you can report it to the relevant Supervisory Authority.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
The Site contains links to other sites whose information practices may be different than ours. Visitors should consult the other sites' privacy notices as DLA Piper has no control over information that is submitted to, or collected by, these third parties
This Privacy Statement applies to the "Explore the GDPR" application ("App") provided by DLA Piper UK LLP ("DLA Piper") and available for download on Apple's App Store. This Privacy Statement is intended to disclose what information is collected through the App, by whom and how this information is used.
The App only collects the following information:
the last content section you visited within the App;
the chosen language for the App's contents.
The aforementioned information is stored on your mobile device only, and it does not leave the device. This means that such information is not processed in any way (within the meaning of the EU General Data Protection Regulation or any other applicable data protection legislation) by DLA Piper or by any third-party acting on behalf of DLA Piper.
The App contains (visually distinctive) hyperlinks, which will re-direct you to other websites. These websites are not covered by this Privacy Statement and are subject to their own separate data processing rules and privacy policies.