Why and How We Handle Personal Information

Many countries have data protection laws that protect the privacy of individuals by regulating the way in which businesses handle personal information, as well as requiring businesses to be open and transparent about why and how they handle personal information, among other things.  

Our Client Privacy Notices, linked below, provide a general explanation of why and how we handle personal information relating to our clients, business contacts and other persons in connection with the client-facing business we conduct:

Our Website Privacy Notice, linked below, explains why and how we handle personal information relating to visitors to our website:

Our Job Applicant Privacy Notice, linked below, describes how we handle personal information relating to job applicants:

The Assurances We Offer Where We Act As a 'Processor'

In European countries, where the General Data Protection Regulation (GDPR) and equivalent legislation applies, businesses that engage a service provider that acts as a 'processor' are legally required to ensure that the service contract contains certain contractual assurances.  

Our Data Processing Addendum, linked below, contains the assurances we offer to our clients in accordance with Article 28 of GDPR, and, unless specifically agreed otherwise, it applies from 25 May 2018 to all client engagements of our European entities where we act as a 'processor' in providing our services.

Where appropriate and necessary, the aforementioned Data Processing Addendum can also be offered to our clients outside Europe who are serviced by our non-European entities.  This may be the case, for example, where such clients trigger the extra-territorial effect of GDPR by offering their products / services to European residents.

Please note that when we provide legal services, director services, AML services, fund management services and similar services where we act as a 'controller' in our own right for the purposes of GDPR and equivalent legislation, we will not enter into addendums or agreements that seek to impose the requirements of Article 28 of GDPR on us.

European Restriction on Cross-border Data Transfer

In European countries where GDPR and equivalent legislation applies, businesses that wish to allow personal information to be handled outside Europe are generally required to take steps to ensure that the personal information sent outside Europe (or accessed from outside Europe) continues to be protected to the same European standard.

We can offer to enter into the relevant, prevailing form of EU standard contractual clauses (either the 'controller-to-controller' form or the 'controller-to-processor' form) to address this restriction, where it is appropriate and necessary to do so.  This may be the case where our clients inside Europe need to share personal information with our non-European entities, or where our clients outside Europe need to share personal information that was sourced from Europe with our non-European entities.


Want to get in touch ?

Contact Us