Data protection policy

 

1. INTRODUCTION

References in this Policy to the “firm”, “we”, “our”, “us” or “LALIVE” are references to LALIVE SA (IUD: CHE-482.506.012), a Swiss limited company, and its related entity, LALIVE (London) LLP, a UK limited liability partnership regulated by the Solicitors Regulation Authority (SRA no. 648533).

This Data Protection Policy (“Policy”) describes the manner in which we control and process personal data that we collect in the course of our professional activities. It also sets out the rights of those whose personal data we collect and process.

For the purpose of this Policy, references to “you” are to all those persons whose data we collect, control and process in the course of our professional activities and “your data” is a reference to such personal data belonging or relating to

2. HOW AND WHY DO WE COLLECT YOUR DATA?

We collect and process your personal data in the course of our professional activities for a number of different reasons and purposes that are outlined in this Section 2. LALIVE is the data controller of any personal information collected in the course of our professional activities.

If you provide us with data relating to other persons (e.g., members of your family, your representatives, opposing parties or other related persons), you confirm and agree that you are authorised to do so, that this data is correct and that, to the fullest extent possible, you have ensured that these persons are informed of this Policy.

We may retain your personal data for as long as the purpose for which it was collected is continuing and for the purposes of complying with any legal, regulatory, accounting or reporting requirements.

2.1 Client Acceptance

We collect and retain personal data about prospective and existing clients, their beneficial owners, personnel and/or directors for clarifying any possible conflicts of interest and for our business acceptance process. The type of personal data we may collect includes, but is not necessarily limited to, name, contact details, nationality, government issued identification documents, employment history and business interests. We obtain this data from you or your employer directly and from publicly available open sources either directly or through a third party. This data is also collected to prepare and conclude mandates with you or the organisation you work for.

We collect this data as is necessary to comply with our legal or regulatory obligations. When this basis does not apply, collecting such data is in our legitimate interests (to detect and prevent, among other things, potential conflicts of interest, the commission of fraud, money laundering and terrorism offences). We consider this use to be necessary for our legitimate interests. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.

2.2 Performing of Legal Services

We collect and process personal data in order to fulfil our contractual obligations towards our clients and other contractual partners (e.g., suppliers, service providers and experts) and, in particular, to provide and demand contractual services. This also includes data processing for the management of mandates (e.g., legal advice and representation of our clients before courts and authorities).

To this end, we process personal data that we receive or have collected in the course of pre-mandate procedures, the conclusion and performance of the matter, as well as data that we establish in the course of our services or that we collect from public sources or other third parties (e.g., courts, authorities, opposing parties, arbitral tribunals, companies providing information or the media).

This data may include, but is not necessarily limited to, reports of interviews and consultations, notes, internal and external correspondence, contractual documents, documents that we draw up and receive in the course of proceedings before courts, authorities and arbitral tribunals (e.g. documents relating to complaints, applications, appeals or appeals, judgments, decisions and awards), general information about you, opposing parties and other persons, as well as other information relating to the matter, proof of services, invoices and financial and payment information.

The legal basis for us to collect this data is to ensure our performance of the contract with you. In cases where this legal basis does not apply, we collect this data as it is necessary for our legitimate interests (to deliver our services, manage payments, enforce our terms and recover debts due to us). We consider this use to be necessary for our legitimate interests and to be proportionate.

2.3 Website

In order to be able to operate our Website in a secure and stable manner, we collect technical data, such as IP addresses, information on the operating system and parameters of your terminal, region, duration and type of use. In order to continuously improve our Website and our digital offerings, we collect data about your habits and preferences, e.g., by analysing how you browse our site. We are currently not using any cookies technology in our Website. For further information, see our Online Privacy Policy. It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.

2.4 Recruitment

If you apply for a job with the firm, we collect and process the relevant data for the purposes of examining your application, conducting the selection procedure and, where applicable, preparing and concluding the relevant contract. To this end, we process not only your contact data and information from the corresponding communication, but also and in particular the data contained in your application file, as well as additional data that we may obtain about you, e.g., from professional social networks, the Internet, the media and references. Certain aspects of this data is collected as a regulatory requirement (e.g., reporting to be done to regulatory authorities in United Kingdom and Switzerland) and so is necessary for compliance with our legal obligations; where this legal basis does not apply, it is otherwise in our legitimate interests to collect relevant data about our prospective employees. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

2.5 Business Development and Marketing

Your personal data may be collected in the firm’s contact database when you register to receive legal updates, or we otherwise receive your contact details.

We use a third-party service provider to manage the firm’s contact database and deliver emails to inform you about our services, legal developments and updates, news about our firm and invite you to LALIVE events (including those we may jointly host with other organisations).

It is in our legitimate interests to market our services in order to promote and grow our business. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

If you no longer wish to receive marketing emails relating to our services by email or post, you can unsubscribe at any time by using the “Unsubscribe” option on the email footer or by contacting marketing@lalive.law.

2.6 Compliance with laws, instructions and recommendations from authorities and internal regulations

We may need to collect or process personal data in order to comply with the laws in force (e.g. for anti- money laundering, tax obligations or our professional obligations), self-regulatory compliance, certifications, industry standards, our corporate governance as well as for internal and external investigations in which we are a party (to the proceedings), e.g., by a criminal prosecution or supervisory authority, or a mandated private body.

We collect this data as is necessary to comply with a legal or regulatory obligation.

3. WHO DO WE SHARE YOUR DATA WITH?

Internally: We may share your personal data within and across our offices (including between LALIVE SA and LALIVE (London) LLP), due to, for example, our shared IT systems and/or cross jurisdictional working on a matter.

Service providers: During the course of working with you or the organisation you work for we may use certain third-party technology services to assist with our work on the matter. These services are integral to our work for you, i.e., running the firm’s business. These services include, amongst other things, cloud-based document management, email, word-processing and other systems. The use of these services may require your personal information to be held in the cloud on infrastructure managed by the relevant service provider.

In view of the above, some of your personal data may be stored in the cloud managed by a third-party service provider located within Switzerland, the United Kingdom or the European Economic Area. In adopting this approach, the privacy and confidentiality of your personal information is of key importance to us; we conduct careful due diligence on the security of any third-party technology systems we use and enter into agreements with those third-party providers regarding the use and protection of personal data.

Authorities and courts: We may also be required to share your personal data with regulators, government and enforcement agencies, courts and other third parties, in particular for the management of the matter, or if we are legally obliged or authorised to do so, or if it appears necessary to protect our interests. These recipients process the data under their own responsibility.

Opposing parties and other persons involved: Insofar as this is necessary for the performance of our contractual obligations and provision of our services, in particular for the management of a matter, we also transmit your personal data to opposing parties and other persons involved (arbitrators, other law firms, or experts, etc.).

Events management and publications: We may share your personal data with third parties when we are hosting events or communicating with industry organisations, associations and publications.

4. PERSONAL DATA SENT ABROAD

Further to our sharing of data as set out in Section 3, it is possible that your personal data may be transferred outside Switzerland, the United Kingdom or European Economic Area.

If a recipient of the data we share is located in a country that does not have adequate data protection, where feasible, we contractually oblige the recipient to respect an adequate level of data protection (in accordance with applicable data privacy laws). However, we may also communicate personal data to a country that does not have adequate protection, without entering into a specific contract, if we can rely on an exception under applicable data privacy laws. Such an exception may apply in particular in the event of legal proceedings abroad (or the need for legal advice in a particular jurisdiction), but also if necessary for important reasons of public interest or when the performance of a contract requires such communication in your interest (e.g., when we communicate data to a third party).

5. YOUR RIGHTS

You have certain rights that you can exercise under certain circumstances in relation to the personal data that we hold. These rights are to:

  • request access to your personal data (known as a subject access request) and request certain data in relation to its processing;
  • receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person, in certain circumstances;
  • request rectification of your personal data;
  • request the erasure of your personal data;
  • request that we restrict the processing of your personal data;
  • object to the processing of your personal data.

Where our processing is based on consent as a legal basis, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.

We kindly note that such rights are not absolute and certain exceptions may apply under applicable law which may entitle us to refuse requests (wholly or partly). You have the right to lodge a complaint to your national data protection authority. If you are in Switzerland, information on how to contact the Federal Data Protection and Information Commissioner is available at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html. If you are in the United Kingdom, information on how to contact the Information Commissioner is available at ico.org.uk.   If you are located in the European Union, further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, please contact us in the first instance.

6. CONTACT

We have appointed a data privacy manager for our firm who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy or our privacy practices, please contact our data privacy manager by email.

We keep our Data Protection Policy under regular review and may change it from time to time. The version published on our Website is the current version.