Award Mouse thought multimedia interface book medal screen monitor

Privacy Notice Regarding the Processing of Personal Data About Clients and Other Business Contacts in the UK, EU and Switzerland

Czech / French / German / Slovak / Spanish / Printer Friendly



Privacy Notice Regarding the Processing of Personal Data About Clients and Other Business Contacts in the UK, EU and Switzerland

This Privacy Notice, which is effective as of 20 September 2024, amends the prior version which was effective as of 24 April 2023. The changes made by this Privacy Notice can be found here. 

EFFECTIVE DATE:  20 September 2024

  1. Data Controllers
  2. Data Protection Officer ("DPO");
  3. Categories and Sources of Personal Data That We Process, Why We Do So, and Lawful Bases for Processing;
    a) To Provide Legal Services to Our Clients
    b) To Comply With Know-Your-Client ("KYC") Rules
    c) To Perform Credit Checks
    d) To Carry Out Conflict-of-Interest Checks
    e) To Engage with Our Vendors
    f) To Market Our Services to Clients and Business Contacts
    g) To Facilitate Communications with our Clients, Vendors and Business Contacts
  4. Data Sharing – Purposes and Recipients;
  5. International Transfers and Safeguards;
  6. Records Retention Policy;
  7. Individuals’ Rights in Relation to Their Personal Data; and
  8. Definitions

Introduction

More information [1]

This Privacy Notice describes the ways in which Squire Patton Boggs, through its United Kingdom and European Union and Switzerland branch offices and legal entities ("our UK, EU and Switzerland Offices") listed in Annex 1, processes and protects the personal data of our clients, individuals related or adverse to our clients and other business contacts in accordance with Applicable Data Protection Laws.

As an international law firm, we take very seriously our legal, professional and ethical duties and obligations to protect personal data. We have a robust information security management program in place to protect the personal data and other information that we process and have achieved ISO:27001 certification of the firm’s technical and organisational controls across a broad spectrum of systems and processes. These measures are monitored, reviewed and regularly enhanced in order to meet our professional responsibilities and the needs of our clients.

1. Data Controllers

More information [2]

Squire Patton Boggs (UK) LLP or Squire Patton Boggs (US) LLP, as applicable.

The main establishment for our UK, EU and Switzerland Offices for purposes of compliance with the Applicable Data Protection Laws is Squire Patton Boggs (UK) LLP, 60 London Wall, London EC2M 5TQ, England.

2. Data Protection Officer

More information [3]


Email:

DataProtectionOfficer@squirepb.com

Post:

Data Protection Officer
Squire Patton Boggs
60 London Wall
London EC2M 5TQ
England

3. Categories and Sources of Personal Data That We Process, Why We Do So and Lawful Bases for Processing

More information [4]

Our UK, EU and Switzerland Offices process various categories of personal data for the purposes identified below.

a) To Provide Legal Services to Our Clients

i. Provide, charge for and manage the delivery of legal services and communicate with our corporate clients in relation to the same.

More information [5]


Categories of Personal Data Source Lawful Basis under the GDPR
  • Business contact details
  • Bank account details and related personal data
  • Account management information
Usually provided to us by our client. Art. 6(f) - Our legitimate interests as a law firm, and those of our clients, to process personal data relevant to the legal services we provide them.

ii. Provide legal services to our clients where third-party data is necessary and relevant to the legal matter.

More information [6]

Categories of Personal Data Source Lawful Basis under the GDPR
Personal data about a client's employees, customers or suppliers or about individuals employed or otherwise associated with an adversary or counterparty. Our clients, public sources or third parties, depending on the relevant circumstances. Art. 6(f) - Our legitimate interests as a law firm, and those of our clients, to process personal data relevant to the legal services we provide them.

iii. Provide legal services to our clients where the processing of special categories of personal data relevant to the legal issues is involved.

More information [7]

Categories of Personal Data Source Lawful Basis under the GDPR
Dependent on the nature of the services. Usually provided to us by our client. Depending on the circumstances of each case, processing may be
  • Necessary for the establishment, exercise or defence of legal claims;
  • Based on the explicit consent of the individual concerned; or
  • Based on personal data which are manifestly made public by the data subject.

iv. Provide legal services to our clients that necessitates the processing of information about individuals associated with our clients or adverse parties relating to alleged criminal offenses or convictions.


Categories of Personal Data Source Lawful Basis under the GDPR
Information about criminal offenses or convictions Usually provided to us by our client. As authorized under applicable national law.

b) To Comply With Know-Your-Client ("KYC") Rules

i. Compliance with applicable KYC legislation, including laws on UK, European and Swiss anti-money laundering (“AML”), anti-terrorism, anti-bribery, anti-corruption, contravention of international trade rules and other crimes.

During our client inception procedures, we process:

  • Personal data concerning individual clients; and
  • Personal data of the officers, shareholders, trustees, beneficial owners, authorised signatories, and other individuals associated with our corporate clients

as necessary to perform the required due diligence.

More information [8]


Categories of Personal Data Sources
More information [9]
Lawful Basis under the GDPR
  • Identification documentation
  • Personal contact details
  • Employment and credit history
  • Other information as necessary to complete required background checks
  • The individuals themselves;
  • The potential client with which they are associated;
  • Third party sources
Art. 6(1)(c) – Legal obligation

ii. Compliance with applicable KYC obligations in jurisdictions outside the UK, EU and Switzerland, such as checks against the U.S. Office of Foreign Asset Controls Sanctions Lists.


Categories of Personal Data Sources
More information [9]
Lawful Basis under the GDPR
  • Identification documentation
  • Personal contact details
  • Employment and credit history
  • The individuals themselves;
  • The potential client with which they are associated;
  • Third party sources
Art. 6(f) - Our legitimate interests as a law firm to ensure compliance with our legal and ethical obligations, as necessary to perform these checks.

iii. Where necessary, and as authorized by applicable law, we may also need to collect information pertaining to alleged criminal offenses or convictions of individuals related to the potential client.

c) To Perform Credit Checks

i. Evaluate the creditworthiness of potential clients.

During our client inception procedures, we process personal data about individuals associated to a potential client, such as, shareholders, non-executive directors, and officers.


Categories of Personal Data Sources
More information [10]
Lawful Basis under the GDPR
  • Bank account details
  • Personal financial information, such as asset ownership;
  • Credit histories
  • The individuals themselves;
  • Public sources
  • Third party sources
Art. 6(f) - Our legitimate interests to evaluate the merits of engaging with a potential client.

d) To Carry Out Conflict-Of-Interests Checks

i. Compliance with legal, regulatory and ethical requirements OR

More information [11]

ii. Ensure our services are provided free from any conflicts.

During our client inception procedures, we may sometimes process personal data about individuals related or adverse to our clients.

In either case, we may not be able to move forward with providing legal services if the personal data are not provided to enable us to complete checks required by law.

More information [12]


Categories of Personal Data Sources Lawful Basis under the GDPR

Limited personal data to establish whether conflicts are present, such as:

  • Records of litigation;
  • Board memberships;
  • Shareholdings.
  • The individuals themselves;
  • Public sources
  • Subscription services such as legal directories
Art. 6(c) – Legal obligation

OR

Art. 6(f) - Our legitimate interests clients to ensure that our services are provided free from any conflicts of interest, where a legal obligation does not apply.

e) To Engage With Our Vendors

i. Communicate and otherwise conduct business with our suppliers.

More information [13]


Categories of Personal Data Source Lawful Basis under the GDPR
  • Business contact details
The vendor Art. 6(f) - Our legitimate interests as a law firm to manage our suppliers.

f) To Market Our Services to Clients and Business Contacts

The information contained in this subsection supplements our Global Website Privacy Notice, which may be found here. In the event of any inconsistencies between the provisions of our Global Website Privacy Notice and this Privacy Notice, the provisions of this notice shall take precedence in regard to the website and marketing-related processing activities carried out by our UK, EU and Switzerland Offices.

i. Provide clients, prospective clients and other business contacts with news, alerts and events opportunities on topics of interest to them.

More information [14]


Categories of Personal Data Source Lawful Basis under the GDPR
  • Business contact details
  • Individuals’ subscription preferences
  • Event registration details
Directly from the individual with whom we communicate or who registers to attend our events. Art. 6(1)(f) - Our legitimate interests as a law firm to keep our clients and contacts informed on relevant legal topics.

OR

Art. 6(1)(a) – Consent, where we do not have an existing business relationship with a prospective client.

ii. Record information about our business development and marketing activities, such as meetings and other interactions with clients and prospective clients.

More information [15]


Categories of Personal Data Source Lawful Basis under the GDPR
  • Notes of business interactions
Firm personnel interacting with the individual. Art. 6(f) - Our legitimate interests as a law firm to keep to keep records of our business development activities.

iii. Evaluate usage and improve visitors’ experience on our website.

We use “cookies” and similar applications for the purposes of enabling us to evaluate the use of our website and improve the experience of visitors to it. For information on the way in which we use cookies to monitor and manage our website performance, please see our Cookie Notice.


g) To Facilitate Communications With Our Clients, Vendors and Other Business Contacts

More information [16]

i. We use audio and video conferencing services provided by third parties for the purposes of providing legal advice, training, client service and to deliver webinars.


Categories of Personal Data Source Lawful Basis under the GDPR
  • Audio/video recordings
Directly from the individuals participating in the audio/video conference Art. 6(a) – Consent, subject to notification prior to recording;

OR

Art 6(f) -- Our legitimate interests to maintain evidence of a business communication.

4. Data Sharing – Purposes and Recipients

The purposes for which we share personal data relating to our clients and business contacts among our UK, EU, Switzerland and global offices, and also with trusted third-party vendors and business partners, are set out below.

a) Intra-group transfers

Lawyers and staff in our UK, EU and Switzerland Offices work collaboratively with colleagues in Squire Patton Boggs offices around the globe on cross-border matters, marketing and business development activities and to share experience, knowledge and resources.


Purpose of the Transfers Recipients
i. To deliver legal services to our clients, for example when a particular matter involves legal issues in multiple jurisdictions. More information [17] Squire Patton Boggs offices worldwide
ii. Financial management, client billing, firm management and administration. More information [18] Squire Patton Boggs offices worldwide
iii. Marketing communications and business development activities. More information [19] Squire Patton Boggs offices worldwide
iv. Use of e-discovery software or virtual data rooms hosted on the Firm’s United States servers, subject to the client’s prior authorization; More information [20] Squire Patton Boggs offices worldwide
v. For security purposes, including backup/failover and business continuity. More information [21] Squire Patton Boggs offices worldwide

b) Transfers to Third Parties

Our UK, EU and Switzerland Offices may also share personal data with clients in the course of delivering legal services and with trusted suppliers and business partners pursuant to our contractual arrangements.

More information [22]


Purpose of the Transfers Recipients (examples)
i. To deliver legal services to our clients Third-party consultants or experts, local counsel, barristers, opposing counsel, matter management platform services providers, clients for whom we are conducting investigations or when otherwise necessary for the provision of legal services on a particular matter.
ii. To comply with legal obligations Courts, tribunals, regulatory authorities, tax authorities and law enforcement. More information [23]
iii. Firm operations and management IT service providers, telecommunications operators, banking institutions, auditors, and professional indemnity insurers together with their appointed legal and other advisors.
iv. Business intake and KYC checks Credit vetting agencies, background check firms, legal directories.
v. Financial management, client billing E-billing platform service providers.
vi. Assess creditworthiness, check your identity, manage your account, trace and recover debts and prevent criminal activity; Experian More information [24]
vii. Marketing communications and business development activities; Marketing and events management platforms More information [25]
viii. Provision of e-discovery services and virtual data rooms. Data room administrators, document review service providers
ix. For business continuity purposes. Tertiary email backup provider.
x. For business expansion Potential merger partners More information [26]

We will never sell personal data collected for the purposes of client retainers, or otherwise obtained from third parties, nor knowingly permit it to be used for marketing purposes by any person outside Squire Patton Boggs.

5. International Transfers and Safeguards

We transfer personal data intra-group and externally to third countries outside the UK, EU and Switzerland that are not considered to provide an adequate level of data protection. You may request a copy of the EU SCCs or other relevant international transfer documentation by contacting the DPO using the contact details provided in Section 2 above.


Type of International Transfer Contractual Safeguards
a) Intra-group transfers from our UK, EU and Switzerland Offices to Squire Patton Boggs offices in the United States, Australia, the Asia-Pacific region, the Middle East and other locations outside the UK, EU and Switzlerand Intra-group data transfer agreement incorporating EU SCCs, the UK Addendum, and the Swiss Addendum, as applicable.
b) Transfers to Third Parties More information [27]
  • Data transfer agreements based on the applicable EU SCCs, the UK Addendum, or the Swiss Addendum, as applicable; or
  • Other available data transfer mechanisms (Binding Corporate Rules, approved Certifications or Codes of Conduct); or
  • In exceptional cases, we may rely on statutory derogations for international data transfers.

6. Records Retention Policy

Our UK, EU and Switzerland Offices (and other Squire Patton Boggs offices that are recipients of personal data received from them) retain personal data only for as long as necessary for the purposes for which the data was collected, except where necessary to meet our legal obligations (for example, in relation to AML requirements) or in order to establish, exercise or defend potential legal claims or to pursue our legitimate interests.

7. Individuals’ Rights in Relation to Their Personal Data

The Applicable Data Protection Law provides certain rights to data subjects in relation to their personal data under certain circumstances. These include the rights to:


Access Request details about and a copy of the personal data we hold about them. More information [28]
Rectification Correct or update their personal data. More information [29]
Portability Port personal data that the data subject has provided to us, in machine readable format.
Erasure Erase the data that we hold about them. More information [30]
Restriction Restrict processing in some cases. More information [31]
Objection Object to processing in some cases. More information [32]
Consent Decline to consent or withdraw consent. More information [33]

These rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation and the laws and regulations to which we are subject in the performance of legal services.

In some cases, the exercise of these rights (for example, erasure, objection, restriction or the withholding or withdrawing of consent to processing) may make it impossible for us to achieve the purposes identified in Section 3 of this Privacy Notice and provide effective legal services.


Any individual wishing to assert their rights under the Applicable Data Protection Laws should address the relevant request to:

More information [35]

By post:

DSAR Manager
Squire Patton Boggs (UK) LLP
Room 4.65
6 Wellington Place
Leeds LS1 4AP
England

By email:

DataSubjectRequests@squirepb.com

Further information and a form that can be used by a data subject at his discretion to exercise these rights may be downloaded here.

Data subjects also have the right to submit a complaint concerning our processing of their personal data to the appropriate supervisory authority.

8. Definitions


“Applicable Data Protection Law”

 

means the EU GDPR, the FADP, the UK GDPR, the UK Data Protection Act 2018 and any national laws governing the protection of personal data as may be amended from time to time.

"Client"

 

means an individual or legal entity that is or was a client of Squire Patton Boggs pursuant to an existing or past retainer, or that makes or made contact with or has or had discussions with Squire Patton Boggs with a view to such a retainer being established (whether or not such a retainer was or is subsequently established).

"Controller"

 

means an individual or entity who or which, alone or jointly, determines the purposes and means of processing of personal data (and, where relevant, this term shall have the specific meaning attributable to it for the purposes of the Applicable Data Protection Law).

"DSAR"

 

means Data Subject Action Request, relating to the rights of data subjects under the Applicable Data Protection Law.

"EU"

 

means the European Union or, where relevant in the given context, the European Economic Area.

"EU GDPR"

 

means the General Data Protection Regulation, (EU) 2016/679, and applicable national implementing legislation.

“EU SCCs”   means the standard contractual clauses as approved by the European Commission (“EC”) pursuant to its decision 2021/914 of 4 June 2021, as may be amended by the EC from time to time.
“FADP”
  means the 235.1 Federal Act of 25 September 2020 on Data Protection in Switzerland.

“GDPR”

 

means the EU GDPR and/or the UK GDPR, as applicable.

"Individual"

 

means a human person (also sometimes referred to as a "natural" person).

"Legal Notices"

 

means the Legal Notices page on the Squire Patton Boggs website which hosts this Privacy Notice.

"Personal data"

 

means any information relating to an identified or identifiable individual (a "data subject"). An identifiable individual is one whose identity can be established by one or more identifiers (for example, their name) specific to that individual.

"Processing"

 

means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Processor"

 

means an individual or entity who or which processes personal data on behalf of a controller.

"Recipient"

 

means an individual or entity to whom or to which personal data are transmitted or disclosed.

"Retainer"

 

means a contract, established under the laws and regulations of the relevant jurisdiction, for the provision of legal services by Squire Patton Boggs to a client.

“Swiss Addendum”
  means the Swiss addendum to the EU SCCs set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021 as recognised and adopted by the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) pursuant to Article 16(2)(d) of the FADP, as may be amended by the FDPIC from time to time.
“Switzerland”
  means the Swiss Confederation.

"Third party"

 

when used to describe a data subject, means an individual who is not a client.

"Third-party data"

 

means personal data of a third party.

“UK”

 

means the United Kingdom of Great Britain and Northern Ireland.

“UK Addendum”
  means the International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner’s Office (“ICO”) under section 119A(1) of the Data Protection Act 2018 as may be amended by the ICO from time to time.

“UK GDPR”

 

means UK legislation incorporating the provisions of the EU GDPR into the body of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018.


MORE INFORMATION

[1]

Squire Patton Boggs is a global law firm operating under a Swiss verein structure that comprises Squire Patton Boggs (UK) LLP, Squire Patton Boggs (US) LLP and other constituent legal entities. A full description of our organisation listing all of our offices worldwide is provided in our Legal Notices page.

We provide legal services primarily to corporate clients. The types of personal data that we process are those necessary for us to provide our clients with effective legal representation locally, regionally and globally and to carry out various ancillary activities.

Back


[2]

Our UK, EU and Switzerland Offices are branch offices of, or are otherwise associated with, either Squire Patton Boggs (UK) LLP or Squire Patton Boggs (US) LLP. These are listed in Annex 1 to this Privacy Notice.

If you are a client of one or more of our UK, EU and Switzerland Offices, or an individual related or adverse to one of our clients, the relevant data controller is the Squire Patton Boggs legal entity retained by our client. If you contract with our UK, EU and Switzerland Offices in any other capacity, your data controller will be the Squire Patton Boggs entity with which you contract.

For cross-border matters, and in relation to personal data shared by several of our UK, EU and Switzerland Offices, the relevant entities may operate as joint controllers that will collaborate with one another, as necessary, to comply with our obligations under the Applicable Data Protection Laws, including to address requests by data subjects to exercise their rights, as set out in Section 7.

Back


[3]

The core business of Squire Patton Boggs is the provision of legal services to corporate clients and does not involve the large-scale processing of personal data. Squire Patton Boggs has nonetheless elected to appoint a DPO who acts on behalf of all of our UK, EU and Switzerland Offices in order to support our firmwide data protection compliance efforts.

Please direct all general communications or queries relating to this Privacy Notice or the firm’s compliance with Applicable Data Protection Laws to our DPO. With regard to the exercise of data subject rights under the Applicable Data Protection Laws, a specific email address is provided in Section 7.

Back


[4]

The information that we collect and process in relation to our clients for the purposes of providing legal services to them is primarily company data and business information.

In some cases, it may be necessary for us to process personal data specific to the matter at hand in order to properly advise and act for our clients. It is not possible to identify every potential category of personal data that we may process as lawyers acting for our clients, since these are as diverse as the legal issues that we are retained to address. The most typical categories are identified in the tables, along with the relevant sources, purpose and lawful bases for processing.

Where we obtain personal data from a client in relation to connected individuals or adverse parties, or other third-party data that is subject to the Applicable Data Protection Law, we do so on the basis that our client has satisfied its own obligations as a controller in its own right in relation to the collection, processing and transfer of such personal data to us.

In many cases, it would be impossible, or would require disproportionate effort on our part, to provide notice of processing directly to these third parties. In most circumstances, we will in any event be subject to a legal obligation of professional secrecy in relation to client data that are entrusted to us and, therefore, are not permitted to inform the relevant data subjects of our data processing.

Back


[5]

In order to provide, charge for and manage the delivery of legal services and communicate with our corporate clients in relation to the same, it is in our legitimate interests as a law firm, and those of our clients, to process personal data relevant to the legal services we provide them. When we are retained by individual clients, we process their data as necessary for us to provide legal services under the terms of our engagement with them and comply with relevant local bar rules.

The categories of personal data that we process for this purpose, which our clients usually provide to us, include the following:

  • Business contact details of clients (the individual business contact’s name, position, company affiliation, physical and email addresses, telephone numbers, etc.) – for purposes of communication in relation to our provision of legal services to them;
  • Bank account details and related personal data necessary for us to make and receive payments – in order to receive or pay out transaction completion monies or other transaction-related funds such as disbursements, to pay court fees, and to invoice our clients and receive payment; and
  • Account management information (which may include financial or account performance data related to individuals) – to enable us to assess the provision of our services to clients, for our own internal administrative purposes or at the request of our clients.

Back


[6]

We may process third-party data as necessary for the provision of legal services to our clients. This information may include personal data about a client's individual employees, customers or suppliers or about individuals employed or otherwise associated with an adversary or counterparty. We may obtain this information from our clients, from public sources or from third parties, depending on the relevant circumstances. For example:

  • In corporate or litigation matters, we may need to process the personal data of, or sent to us by, transactional counterparties or opponents in proceedings involving our clients, emails sent to or from employees of our clients or counterparties, and biographical data concerning witnesses and prospective witnesses and legal and other advisers to such third parties.
  • Where it is necessary for our lawyers to review large numbers of documents in relation to litigation matters or investigations, we may use automated systems to help us identify documents of interest, which may contain personal data.

Back


[7]

In some cases, the client personal data or third-party data that we process in relation to a particular matter may involve the processing of special categories of personal data where relevant to the legal issues involved (for example, in connection with immigration proceedings, data protection, pensions, health and safety regulation or labour and employment matters). The lawful basis upon which we process such data will depend on the circumstances of each case, and may be carried out on the basis that the processing is:

  • Necessary for the establishment, exercise of defence of legal claims;
  • Based on the explicit consent of the individual concerned; or
  • Based on personal data which are manifestly made public by the data subject.

Back


[8]

For these purposes, it may be necessary for us to obtain various types of information from the relevant individuals themselves or the potential client with which they are associated. The information required may include:

  • Identification documentation such as passports and national identity cards;
  • Personal contact details such as home address and other contact details;
  • Employment status and history;
  • Credit history; and
  • Other information as necessary to complete required background checks.

Where necessary, and as authorized by applicable law, we may also need to collect information pertaining to alleged criminal offenses or convictions of individuals related to the potential client.

The personal data is used to determine whether we are prohibited by applicable laws from engaging with the client or to identify and evaluate any risks associated with the individual’s economic circumstances, reliability or behavior. Depending on the outcome, we may elect, or be required, to decline to enter into a client relationship.

Back


[9]

To complete the required background checks, we may also rely on third-party sources such as:

  • Credit rating agencies;
  • Identity verification agencies;
  • Publicly accessible sources such as public registers and publicly available internet sites; and
  • Subscription services that provide screening against lists of politically exposed persons and prohibited and/or sanctioned persons identified by the UK, EU or Swiss governments.

Back


[10]

This data may be obtained directly from the individuals concerned as well as from public sources and third-party subscription services or credit vetting agencies.

Back


[11]

In most cases, we have a legal obligation to process limited amounts of personal data in order to perform "conflict checks" before incepting clients. Such conflict checks may be required by various laws, regulations and "best practice" ethical guidelines to which Squire Patton Boggs, as a law firm, is subject. These checks may sometimes involve the processing of personal data about individuals related or adverse to our clients, such as records of litigation in which they are involved, board memberships or shareholdings. We may obtain this information from the individuals concerned, from public sources or from subscription services such as legal directories.

Back


[12]

In circumstances where a legal obligation does not apply, we have a mutual legitimate interest with our clients to ensure that our services are provided free from any conflicts of interest, and rely on our clients to ensure that the individuals involved receive proper notice.

Back


[13]

For the purposes of dealing with suppliers, it is in our legitimate interests and those of our vendors for us to process the business contact details of the vendors' individual account representatives in order to communicate and otherwise conduct business with them.

The information that we typically process for this purpose is provided by the vendor and includes the appointed business contact’s:

  • Name
  • Position
  • Company affiliation
  • Physical and email addresses
  • Telephone numbers

Back


[14]

It is in our legitimate interest as a law firm to collect and process business contact data needed to provide requesting clients and contacts with copies of our newsletters on legal developments covering different practice areas, client alerts, blogs, invitations to seminars, online webinars and similar events that we offer and other marketing materials, where we believe this may be of interest.

The personal data that we collect for these purposes includes the following:

  • Business contact details, such as name, address, email address, phone number, company name, company address, title or position;
  • Individuals’ subscription preferences. Where relevant, information provided by these individuals about their preferences in relation to receiving updates from us on developments in particular practice areas and industry sectors, firm-sponsored events and the like.
  • Event registration details, such as name, company name, title or positon, and email address.

We generally obtain the business contact details and preference information that we use for marketing communications and business development activities directly from our clients or prospects. This includes visitors to our website, who may register online to opt-in to receiving client alerts, newsletters, invitations to events and other information from us.

We may also obtain your business contact details and information about your preferences in regard to the subject matter of newsletters and other materials or events that we offer when you provide us with your business card at conferences that we sponsor or network with our lawyers and staff at meetings or events.

We obtain the consent of prospective clients and others with whom we do not have an existing client relationship before sending them our marketing materials by electronic means, where required by applicable electronic marketing communications rules. We have in place an effective online tool for users to manage requests to opt out or modify their preferences in relation to the subject matter and categories of information they receive.

Back


[15]

We collect business contact data to record information about our business development and marketing activities, such as meetings and other interactions with clients and prospective clients. The personal data that we collect for these purposes includes the date and time of business interactions, notes of the meetings or events.

Back


[16]

We use audio and video conferencing services provided by third parties for the purposes of providing legal advice, training, client service and to deliver webinars. In some cases, we may record a call for evidentiary purposes or memorialise a webinar for further training use. In such cases, we will notify the participants that the call is being recorded. Depending on the circumstances, the lawful basis for recording the call will be either the participants’ consent or to provide evidence of a business communication.

Back


[17]

Transfers of personal data between and among our UK, EU and Switzerland Offices (see Annex 1), as well as with lawyers in other offices of the firm, may be necessary in order to deliver legal services to our clients efficiently and effectively or at the request of our clients. For example, a particular matter may involve legal issues or proceedings in multiple jurisdictions, and in these cases we may share personal data relating to the matter amongst selected Squire Patton Boggs colleagues based in our offices around the world, unless we are instructed otherwise by our client in relation to a particular matter. These cross-border transfers within the firm are governed by intra-group controller arrangements and processor agreements, as appropriate.

Back


[18]

Other firm functions that involve the transfer of client-related and business contact personal data to selected members of management and staff located in our offices within and outside the UK, EU and Switzerland include financial management, client billing, firm management and administration.

Back


[19]

Marketing data containing UK, EU and Swiss business contact details and client preferences in regard to legal developments in specific practice areas, client alerts, newsletters and events are accessible by selected members of the Squire Patton Boggs marketing team and may be shared with lawyers working in offices outside the UK, EU and Switzerland. Client-related and business contact information collected in the course of networking and business development activities may be shared among lawyers and staff in our UK, EU and Switzerland Offices and collaboratively with colleagues in Squire Patton Boggs offices around the globe.

Back


[20]

Subject to the client’s prior authorization, our contentious practice sometimes relies on e-discovery software that is operated by an expert team with the firm that is based in the United States and virtual data rooms that are hosted on the firm’s United States servers.

Back


[21]

For security purposes (in particular back-up and failover), all client data, which may include personal data, within the UK, EU and Switzerland are stored on servers based in the UK and mirrored on Squire Patton Boggs servers located in the United States, where certain firmwide applications are hosted.

Back


[22]

Our UK, EU and Switzerland Offices also share personal data with trusted suppliers and business partners pursuant to our contractual arrangements. The data recipients include, for example, IT service providers, marketing and events management platforms, telecommunications operators, banking institutions, data room administrators, document review service providers, credit vetting agencies, background check firms, legal directories, third-party consultants or experts, local counsel, barristers, opposing counsel, auditors, and professional indemnity insurers together with their appointed legal and other advisors. If requested by our clients, this may also include e-billing and matter management platform services providers.

Back


[23]

We may also share personal data collected for the purposes of client retainers with external recipients in circumstances where we have a legal obligation to do so, including but not limited to courts, tribunals, regulatory authorities, tax authorities and law enforcement.

Back


[24]

We provide information, which may include personal information to Experian, a credit reference agency (CRA) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with Experian on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html.

Back


[25]

In order to manage the preferences of our clients, website visitors and other business contacts efficiently and maintain the accuracy of the data we collect, we utilize third-party marketing and events management platforms and other solutions.

Back


[26]

It may be necessary for our UK, EU and Switzerland Offices from time to time to share client data with potential merger partners located in countries outside the UK, EU and Switzerland in cases where negotiations have reached a reasonably advanced stage. Any personal data that may be transferred to a potential merger partner will be limited to that which is necessary for the transaction to proceed, and will be safeguarded by protective contractual measures, including the EU SCC where required.

Back


[27]

Courts, tribunals, government authorities and related parties or counterparties with whom we share personal data, the third-party vendors identified in Section 4 and business partners are in some cases located outside the UK, EU and Switzerland. Unless the recipients are located in countries that have been deemed adequate by the European Commission, we put in place data transfer agreements based on the applicable EU SCCs, the UK Addendum or the Swiss Addendum or rely on other available data transfer mechanisms (Binding Corporate Rules, approved Certifications or Codes of Conduct) to protect the personal data so transferred. In exceptional cases, we may rely on statutory derogations for international data transfers.

Back


[28]

The right of access applies only to the extent this is not in breach of a legal obligation of professional secrecy to which we are subject in relation to client data entrusted to us and that would, therefore, prevent us from informing the relevant data subjects.

Back


[29]

The right to rectification applies only to the extent this is not in breach of a legal obligation of professional secrecy to which we are subject in relation to client data entrusted to us.

Back


[30]

The right to erasure applies in some cases and only to the extent this is not in breach of a legal obligation of professional secrecy to which we are subject in relation to client data entrusted to us.

Back


[31]

The right to restriction or objection applies in some cases, and only to the extent this is not in breach of a legal obligation of professional secrecy to which we are subject in relation to client data entrusted to us.

Back


[32]

The right to object may be exercised:

  • Based on grounds relating to the individual’s particular situation, where the processing is based on the legitimate interest of Squire Patton Boggs or our clients; or
  • Where personal data is being processed for direct marketing purposes.

Back


[33]

Where consent is the basis for processing their personal data, the individual may decline to give their consent, or withdraw consent to the processing at any time.

Back


[34]

The processing of requests for action by Squire Patton Boggs in regard to the exercise of a data subject’s rights under the Applicable Data Protection Law is overseen by an internal team consisting of the DSAR Manager, the Office of General Counsel, the DPO and other professionals as needed to respond to the particular request.

Back


ANNEX 1

Squire Patton Boggs branch offices and legal entities in the United Kingdom and the European Union

Squire Patton Boggs (UK) LLP
60 London Wall
London EC2M 5TQ
England
+44 20 7655 1000


Branch offices of Squire Patton Boggs (UK) LLP
Squire Patton Boggs (UK) LLP
Strawinskylaan 357
1077 XX Amsterdam
Netherlands 
Squire Patton Boggs (UK) LLP
Rutland House
148 Edmund Street
Birmingham B3 2JR
England
+44 121 222 3000
Squire Patton Boggs (UK) LLP
Avenue Louise 523
1050 Brussels
Belgium
+322 627 11 11
Squire Patton Boggs (UK) LLP
6 Wellington Place
Leeds LS1 4AP
England
+44 113 284 7000
Squire Patton Boggs (UK) LLP
Plaza Marques de Salamanca 3-4, 7th Floor
28006 Madrid
Spain
+34 91 426 4840
Squire Patton Boggs (UK) LLP
No. 1 Spinningfields
1 Hardman Square
Manchester M3 3EB
England
+44 161 830 5000     
Squire Patton Boggs (UK) LLP
Piazza San Fedele n. 2
4th Floor
20121 - Milan
Italy
+39 02 72 74 2001    
 

Squire Patton Boggs (US) LLP
60 London Wall
London EC2M 5TQ
England
+44 20 7655 1000


Branch offices of Squire Patton Boggs (US) LLP
Squire Patton Boggs (US) LLP
Rechtsanwälte, Steuerberater und Attorneys-at-Law
Unter den Linden 14
10117 Berlin
Germany
+49 30 7261 68 000
Squire Patton Boggs (US) LLP
Rechtsanwälte, Steuerberater und Attorneys-at-Law
Herrenberger Straße 12
71032 Böblingen
Germany
+49 7031 439 9600
Squire Patton Boggs (US) LLP
Avenue Louise 523
1050 Brussels
Belgium
+322 627 11 11
Squire Patton Boggs (US) LLP
Rechtsanwälte, Steuerberater und Attorneys-at-Law
Eurotheum, Neue Mainzer Straße 66-68
60311 Frankfurt am Main
Germany
+49 69 1739 2400
Squire Patton Boggs (US) LLP, Cleveland, Geneva
Rue du Rhône 67
1207 Geneva
Switzerland
 

Other constituent legal entities
Advokátska kancelária
Squire Patton Boggs s.r.o.
Zochova 5
811 03 Bratislava
Slovak Republic
+421 2 5930 3411
Squire Patton Boggs s.r.o.,
advokátní kancelář
Václavské náměstí 813/57
110 00 Prague 1
Czech Republic
+420 221 662 111
Haussmann Associés SELARL
trading under the name Squire Patton Boggs
7, rue du Général Foy
75008 Paris
France
+33 1 5383 7400
Squire Patton Boggs Krześniak sp.k.
Warsaw Financial Center
Emilii Plater 53
00-113 Warsaw
Poland 
+48 22 395 5500
Squire Patton Boggs Park Lane Limited
Rutland House
148 Edmund Street
Birmingham B3 2JR
England
+44 121 222 3000
Trinity Park Trustees Limited
Rutland House
148 Edmund Street
Birmingham B3 2JR
England
+44 121 222 3000
Devonshire Trustees Limited
Rutland House
148 Edmund Street
Birmingham B3 2JR
England
+44 121 222 3000
Farringdon Management Company
Rutland House
148 Edmund Street
Birmingham B3 2JR
England
+44 121 222 3000
Squire Patton Boggs Secretarial Services Limited
Rutland House
148 Edmund Street
Birmingham B3 2JR
England
+44 121 222 3000
The Trustee Corporation Limited
Rutland House
148 Edmund Street
Birmingham B3 2JR
England
+44 121 222 3000
Hammond Suddards Trustees Limited
6 Wellington Place
Leeds LS1 4AP
England
+44 113 284 7000
Devonshire Promotions Limited
60 London Wall
London EC2M 5TQ
England
+44 20 7655 1000
SHE Consultants Limited
60 London Wall
London EC2M 5TQ
England
+44 20 7655 1000
Squire Patton Boggs Directors Limited
60 London Wall
London EC2M 5TQ
England
+44 20 7655 1000
Squire Patton Boggs Secretaries Limited
60 London Wall
London EC2M 5TQ
England
+44 20 7655 1000
Squire Patton Boggs Ireland
Suite 39.4
Ella House
39 – 40 Merrion Square East
Dublin 2
D02 NP96
Ireland
+353 1 662 4578

Back to top