Allen & Overy values your privacy and cares about the way in which your personal information is treated.
This policy describes:
- what personal information we collect about you
- how we obtain your personal information
- how we use your personal information
- on what basis we use your personal information
- how long we keep your personal information
- who we share your personal information with
- how we protect your personal information
- which countries we transfer your personal information to
- your rights regarding your personal information
Please click on the relevant heading below for more information on each of these areas.
Allen & Overy refers to Allen & Overy LLP, its subsidiaries and other partnerships, corporations, undertakings and entities which are authorised to practice using the name ‘Allen & Overy’, including A&O Consulting. See ‘Data controllers’ below for more information on the entities that control and process personal data in Allen & Overy.
- What personal information do we collect about you?
- How we obtain your personal information
- How we use your personal information
- On what basis we use your personal information
- How long we keep your personal information
- Who we share your personal information with
- How we protect your personal information
- Which countries we transfer your personal information to
- Your rights regarding your personal information
- Data controllers
What personal information do we collect about you?
We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal or other services or as a result of your relationship with one or more of our staff and clients.
The personal information that we process includes:
- Basic information, such as your name (including name prefix or title), the company you work for, your title or position and your relationship to a person
- Contact information, such as your postal address, email address and phone number(s)
- Professional information, including your photograph, from LinkedIn or the website of the organisation you work for
- Financial information, such as payment-related information
- Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically, collected through cookies and other tracking technologies
- Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements
- Identification, background and financial verification information provided by you or collected as part of our business acceptance and ongoing monitoring processes
- Personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data
- Any other information relating to you which you may provide to us
How we obtain your personal information
- We collect information directly from you as part of our business acceptance processes and about you and others as necessary in the course of providing legal services
- We collect your personal information while monitoring and analysing our technology tools and services, including our website, email and other communications sent to and from Allen & Overy
- We gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff or registering on one of our digital platforms, applications or training courses
- We may collect or receive information about you from other sources, such as keeping the contact details and professional information we already hold for you accurate and up to date using publically available sources, including LinkedIn, or collecting information from third party sources as part of our business acceptance procedures
How we use your personal information
Allen & Overy collects and processes personal information about you in a number of ways, including through your use of our website and in the provision or promotion of services by us. We use that information:
- To provide and improve this website, including auditing and monitoring its use, and ensure content is provided in the most effective way for you and the devices you are using
- To provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients, and to monitor compliance with our policies and standards
- To manage access to our premises and for security purposes
- To provide information requested by you
- To promote our services, including sending legal and business updates, publications and details of events
- To manage and administer our business and our relationship with you and our clients
- To better understand our clients’ or potential clients’ services and marketing requirements and our own business and to develop our services and offerings
- For professional networking purposes
- To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims, complying with our legal obligations, preventing crime or fraud and protecting the rights of third parties
- For the purposes of recruitment (for more detailed information see our Recruitment Privacy Policies available on our website)
Use of Allen & Overy website
A number of facilities on our website invite you to provide us with personal information, such as the vacancy application facility in the ‘Careers’ section of our website and our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal information and we only use that information for those purposes.
Marketing and other emails
To ensure that we provide content that is of interest, we use technology in our marketing emails and on our websites that logs whether you click on the links in our emails and, if you follow a link to one of our websites, the time and date you access the websites and how long you spend on the website. We may use this information to determine what future marketing is likely to be of interest to you. If you would prefer that we don't record this information, please don't click on the links.
We will log your response to our marketing emails and may use this to determine what future marketing is likely to be of interest to you and what future marketing we send you. For example, if you accept an invitation to a seminar, we will record this and may send you marketing emails relevant to that seminar and the topics it covers in the future.
We may also use a relationship management tool, where permitted by applicable local law, to assess the strength of the relationship between individuals in Allen & Overy and our clients or potential clients based on the frequency of email contact between them. We use that information in order to assess, analyse and improve the services that we provide.
If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by sending an email to email@example.com.
Meetings, Events and Seminars
We will collect and process personal information about you in relation to your attendance at our offices or at an event, training or seminar organised by Allen & Overy or its business partners. We will only process and use special categories of personal information about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your information with IT and other service providers or business partners involved in organising or hosting the relevant event.
Legal and other services
We collect, create, hold and use personal information in the course of and in connection with the services we provide to our clients. We will process identification and background information as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks. We will also process personal information provided to us by or on behalf of our clients or generated by us for the purposes of the work we do for them. The information may be disclosed to third parties to the extent reasonably necessary in connection with that work. Please also see ‘Who we share your personal information with’ and ‘Which countries we transfer your personal information to’ below.
On what basis we use your personal information
Under EU and UK data protection law, the use of personal data must be justified under one of a number of legal grounds. The principal legal grounds that justify our use of your personal data are:
- To perform a contract, such as engaging with an individual to provide legal or other services
- For the establishment, exercise or defence of legal claims or proceedings
- To comply with our legal and regulatory obligations
- For legitimate business purposes. Please see ‘How we use your personal information’ for more detail
- Consent, where your consent is required by law
How long we keep your personal information
Your personal information will be retained in accordance with our global data retention policy which categorises all of the information held by Allen & Overy and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and Allen & Overy’s business purposes.
Who we share your personal information with
We are an international business and any information that you provide to us may be shared with and processed by any entity in the worldwide network of Allen & Overy and our associated firms. You can see a list of our offices here.
We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Our professional advisers and auditors
- Our insurers and insurance brokers
- Suppliers to whom we outsource certain support services such as word processing, translation, photocopying and document review
- IT and other service providers to Allen & Overy Third parties engaged in the course of the services we provide to clients and with their prior consent, such as barristers, local counsel and technology service providers like data room and case management services
- Third parties involved in hosting or organising events or seminars
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new Allen & Overy entities or to third parties through which the business of Allen & Overy will be carried out.
How we protect your personal information
We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
This includes the use of data loss protection tools in order to protect A&O, our employees, clients and suppliers, from cyber threats and the loss of sensitive information.
Allen & Overy LLP holds the internationally recognised security standard BS ISO/IEC 27001:2013 in respect of its document management and email systems and the supporting infrastructure for Allen & Overy’s offices globally. This is an independently verified certification that information security is managed in line with international best practice.
Which countries we transfer your personal information to
The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. EU standard contractual clauses are in place between all Allen & Overy entities that share and process personal data. Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses.
Please contact us using the details at the end of this privacy notice if you would like to see a copy of the safeguards applied to the export of your personal data.
Your rights regarding your personal information
The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You may also have the right to lodge a complaint in relation to Allen & Overy’s processing of your personal information with a local supervisory authority.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal information’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by email to firstname.lastname@example.org.
There are a number of entities through which Allen & Overy provides legal and other services. Most of the firm’s main IT systems are located in the UK and controlled by Allen & Overy LLP. Depending on the location where legal or other services are provided, another undertaking or entity in the Allen & Overy group may be the data controller in relation to your personal data. Please click here for details of which Allen & Overy entity will be the data controller in which country and, where necessary having regard to local applicable data protection or privacy laws, a country-specific privacy notice.
Get in touch
Chief Privacy Officer
Allen & Overy LLP
68 Donegall Quay