Allen & Overy values your privacy and cares about the way in which your personal information is treated.
This policy describes:
- what personal information we collect about you
- how we obtain your personal information
- how and on what basis we use your personal information
- marketing and other emails
- how long we keep your personal information
- who we share your personal information with
- how we protect your personal information
- which countries we transfer your personal information to
- your rights regarding your personal information
- who to contact with questions or concerns
Allen & Overy refers to Allen & Overy LLP, its subsidiaries and other partnerships, corporations, undertakings and entities which are authorised to practice using the name ‘Allen & Overy’. See the section entitled ‘Who are the data controllers’ below for more information on the entities that control and process personal data in Allen & Overy.
- How we obtain your personal information
- What personal information do we collect about you?
- How we use analytics and cookies
- How we use your personal information and on what basis we use your personal information
- Marketing and other emails
- How long we keep your personal information
- Who we share your personal information with
- How we protect your personal information
- Which countries we transfer your personal information to
- Your rights regarding your personal information
- Who are the data controllers?
- Who to contact with questions or concerns
How we obtain your personal information
- We collect personal information about you and others as necessary in the course of your interactions with Peerpoint regarding the provision of services to you, which may include through your use of the Peerpoint website
- We collect personal information from you when you contact or communicate with us (including through the website, by email, phone or otherwise)
- We collect your personal information while monitoring the Peerpoint website and our other technology tools (such as email)
- We gather personal information about you when you provide it to us, or interact with us directly, for instance engaging with our staff
- We may collect or receive personal information about you from other sources, such as from our clients or from publically available sources (such as LinkedIn)
- If you apply to join Peerpoint, we also obtain your personal information as follows:
- We collect your personal information when you apply to join Peerpoint
- We collect your personal information during interviews and assessment exercises
What personal information do we collect about you?
If you contact us as a client, prospective client, applicant or prospective applicant regarding the provision of our services or, to a lesser extent if you use our website, the personal information that we process may include:
- Basic information about you, such as your full name (including name prefix or title), the company you work for, your title or position and your relationship to a person
- Contact information, such as your postal address, email address and phone number(s)
- Financial information, such as payment-related information
- Technical information to the extent that it constitutes personal information, including your IP address and other online identifiers, and information about your access to and use of the Peerpoint website (such as your access dates/times or what areas of the website you have visited)
- Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements, and information generated by us in connection with your attendance, such as CCTV and access records
- Identification and background information provided by you or collected as part of our business acceptance processes
- Information provided to us by or on behalf of our clients or generated by us in the course of providing services to them, which may include special categories of data
If you use the Peerpoint website as an applicant or otherwise apply to join Peerpoint, then the personal information that we process will also include:
- Applicant information, such as your educational and employment history, CV, information about qualifications and training, skills and experience, results, hobbies and interests, language skills, professional licenses and memberships, personal statements, answers to questions relevant for the role you have applied for, interview notes, references and outcome of application
- Employment preferences, such as willingness and eligibility to relocate, desired remuneration, availability, job specifications and requirements
- General information, such as your date of birth, gender, marital and family status, maiden name, place of birth, residency, nationality, immigration status and work authorisation
- Information necessary to complete background checks (to the extent permitted in your jurisdiction) and information obtained as a result of the check, which may include criminal records information
- Government and other official identification numbers, such as social security or national insurance number, passport number, tax identification number or other government issued identification number
- Other identification and background information provided by you or collected as part of our application, hiring and placement processes, which may include photographs
- Health-related information, as permitted or required by applicable law, for instance where we need to know this information to make adjustments to our application processes
- Diversity-related information including in relation to disabilities, ethnicity, sexuality, religion and social background. The diversity data collected and processed will depend on, and only be collected in accordance with, applicable local laws. Where applicable, it will form part of the application process and will be apparent at the point of collection
- Information you provide to us for the purposes of attending interviews and other events, including access and dietary requirements
If we do not collect, or you do not provide, your personal information to us, we may not be able to receive or process your application, provide the Peerpoint services to you or respond to your communications.
How we use analytics and cookies
Our website uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the Peerpoint website is used to help us to improve it. Google Analytics does this by placing small text files called ‘cookies’ on your device. Cookies enable a website to recognise and remember your device when you visit the site. The information that the Google Analytics cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and anonymous.
How we use your personal information and on what basis we use your personal information
For diversity and equality monitoring purposes
We may process diversity information for our legitimate interests (ie to ensure the diversity of our consultants and employees) and for compliance with legal obligations to which we are subject
- We will request your consent in circumstances where it is required by applicable law
To audit and monitor the use of the Peerpoint website and Peerpoint services, and our other technology tools
For our legitimate business purposes (ie the provision of the Peerpoint website and Peerpoint services, as well as to improve and ensure the security of these resources)
We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law (eg in relation to the use of certain cookies)
To provide information requested by you and to communicate with you
For our legitimate business purposes (ie to provide information that you request and otherwise communicate with you in connection with Peerpoint)
We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law
To organize and host seminars, training and other events
For our legitimate business purposes (for example, we run events to enable potential applicants to better understand the application process and what it is like to work for Allen & Overy as a Peerpoint consultant; we will also collect data to facilitate your visit to our premises and maintain the security of our premises)
We may also process personal information to ensure compliance with the firm's legal obligations to provide appropriate access to its premises and comply with health and safety requirements
To improve the Peerpoint website, Peerpoint services and application process for you and our clients and prospective clients
For our legitimate business purposes (ie the provision and improvement of our Peerpoint website, Peerpoint services and application process)
To manage and administer our relationship with our Peerpoint clients and prospective clients
For our legitimate business purposes (ie to build and maintain strong relationships with our clients)
To provide information about our users and related usage information to third parties providing support for the Peerpoint website, Peerpoint services and application process
For our legitimate business purposes (ie the provision and support of the Peerpoint website, Peerpoint services and application process)
To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims
For our legitimate business purposes and for compliance with legal obligations to which we are subject
Marketing and other emails
From time to time, we may wish to send you information about Peerpoint and the products and services which Allen & Overy offers and we believe you may be interested in. We will use personal information for this purpose. If you do not wish to receive this information, or if you are already receiving this information from us or third parties acting on our behalf and you no longer wish to do so, please email us at email@example.com.
We may also use a relationship management tool, where permitted by applicable local law, to assess the strength of the relationship between our personnel and our clients or potential clients based on the frequency of email contact between them. We use that information in order to assess, analyse and improve the services that we provide.
How long we keep your personal information
Your personal information will be retained in accordance with our global data retention policy which categorises all of the information held by Allen & Overy and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and Allen & Overy’s business purposes.
Who we share your personal information with
We are an international law firm and any information that you provide to us may be shared with and processed by any entity in the worldwide network of Allen & Overy and our associated firms. You can see a list of our offices at http://www.allenovery.com/locations/.
Allen & Overy and Peerpoint’s recruitment applications website is powered by IBM® Kenexa® BrassRing. IBM serves as a processor for Allen & Overy and will have access to personal information.
We also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Our professional advisers and auditors
- IT and other service providers
- Third parties involved in hosting or organising interviews, training or other events
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new Allen & Overy entities or to third parties through which the business of Allen & Overy will be carried out.
We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.
How we protect your personal information
We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws. Allen & Overy LLP holds the internationally recognised security standard BS ISO/IEC 27001:2013 in respect of its document management and email systems and the supporting infrastructure for Allen & Overy’s offices globally. This is an independently verified certification that information security is managed in line with international best practice.
When we engage a third party service provider to collect or otherwise process personal information on our behalf, the third party is selected carefully and will be required to have appropriate security measures in place.
Which countries we transfer your personal information to
The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. EU standard contractual clauses (as contemplated by Article 46(2) of the European Union’s General Data Protection Regulation) are in place between all Allen & Overy entities that share and process personal data. Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses. For more information about the measures in place, please contact us (see section below 'Who to contact with questions or concerns').
Your rights regarding your personal information
The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request a copy of the information we hold about you and information about how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict or suspend our processing of that information, to object to our processing of your information and, in some circumstances, to request receipt or transmission to another organisation, in a machine-readable form, of personal information relating to you that you have provided to us. You also have the right to lodge a complaint in relation to Peerpoint's processing of your personal information with a local supervisory authority.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see section entitled ‘How we use your personal information’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us at firstname.lastname@example.org. You may also update certain categories of information using your account on our recruitment application website (where applicable).
Who are the data controllers?
There are a number of entities through which Allen & Overy provides legal services. Most of the firm’s main IT systems are located in the UK and controlled by Allen & Overy LLP. Depending on the location where legal or other services are provided, another undertaking or entity in the Allen & Overy group may be the data controller in relation to your personal data. Please click here for details of the Allen & Overy entity through which we practise law in each jurisdiction and, where necessary having regard to local applicable data protection or privacy laws, a country-specific privacy notice.
Who to contact with questions or concerns
Peerpoint Questions: If you have questions about Peerpoint or need additional assistance with the Peerpoint website or application process, please contact email@example.com.