Data protection & privacy policy

Taylor Wessing (“we”/”our” and as defined below under Who we are) is committed to safeguarding your privacy. 

This privacy policy sets out our approach to data privacy, explaining why and how we process your personal information ("personal data"), and your rights in relation to your personal data.

Questions relating to this privacy policy, including any requests to exercise your legal rights in relation to your personal data, can be conducted via the email address

 
Who we are

We are a global law firm. Taylor Wessing is the trading name used by the members of a Swiss Verein and their respective controlled, managed and affiliated entities in providing services to clients around the world. View the Taylor Wessing Firms. 

Information we collect about you

Personal data are data which contain individual information on personal or factual circumstances for instance, name, address, E-Mail-Address, telephone number, date of birth, age, sex, social security number, video footage, photos, voice recordings of persons and sensitive data such as health data or data regarding criminal proceedings may also be covered.

We may process your personal data (which we have either obtained directly from you or from somewhere else) if:

  • you are our prospective client, client or supplier;
  • you otherwise use our services;
  • you work for a client or a supplier of ours, or for someone who otherwise uses our services;
  • you are someone (or you work for someone) to whom we want to advertise or market our services, our events; or
  • you are alumni.

Personal data which is not collected directly from you may be collected from:

  • your employer in connection with your job and how it relates to us;
  • third parties we work closely with, including but not limited to family members, trustees, business partners, sub-contractors in technical, payment and delivery services, analytics providers, and search information providers;
  • Governmental bodies, regulators, institutions, courts or any other similar establishments; or
  • any websites or applications ("Apps") operated by us which you use.

Personal data collection methods we may use include:

  • communication in person;
  • communication by phone, email, fax, SMS or any other electronic communication method;
  • communication by letters, notices, information sheets or any other paper-based communication methods;
  • using our website, social media channels, Apps or other technologies; or
  • ·visiting us (for example, if you sign in or are recorded on CCTV while visiting our offices, or you give us the registration details of your vehicle).

Personal data relating to you that we may process includes:

  • “Identity data” including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your job function, your employer or department;
  • “Contact data” including billing address, postal address, email address and telephone numbers (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company that you work for);
  • “Financial data” including bank account and other payment method details;
  • “Transaction data” including details about payments to and from you and other details of services you have received from us;
  • “Profile data” including your username and password, your interests, preferences, feedback and survey responses. It also includes information you give us or that we obtain when you use our website, obtain or subscribe to our services, supply us with goods or services, enquire about a service, place a service request, enter a survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for;
  • “Client data” including information about how you use our services, website, and applications, as well as personal data which can include Identity, Contact, Financial, Transaction and Profile Data of you and/or your family members, beneficiaries, employees or employers, or other third persons about whom we need to collect personal data by law, or under the terms of a contract we have with you;
  • “Sensitive personal data”: Client Data may include sensitive personal data where it is relevant to the legal services that we provide, such as settlement of insurance claims which may require us to obtain health reports;
  • “Marketing and communications data” including your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your personal data and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements, but excluding sensitive data); and
  • “Technical data” including:
    •  The Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
    • Information about your visit to our website/Apps, such as the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our fee earners or other employees; and
    • Location data which we may collect through our website/Apps and which provides your real-time location in order to provide location services (where requested or agreed to by you) to deliver content or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the website/App. Delivery of location services will involve reference to one or more of the following: (a) the coordinates (latitude/longitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources; and/or (c) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier. See our cookie policy for more information on the use of cookies and device identifiers on the website/Apps.
Legal bases for processing of personal data

We will only process personal data if we have a lawful reason for doing so.  The legal basis for processing personal data by us will be one of the following:

  • the data subject (you) has given consent to the processing of personal data for one or more specific purposes (“consent”);
  • the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
  • the processing is necessary in order for us to comply with our legal obligations;
  • the processing is necessary for the pursuit of our legitimate business interests;
How do we use your information

We collect and use your personal data for the purposes described below: 

The below table sets out the purposes for which we obtain your personal data, alongside the legal basis for our processing such data:

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new client and complete Client Due Diligence ("CDD") and conflict checks

 

  • Identity data
  • Contact data
  • Client data
  • Performance of a contract with you
  • Legal and regulatory requirement

To process and deliver our legal service including but not limited to:

  • Entering into contracts
  • Manage payments, fees and charges
  • Collect and recover money owed to us
  • Identity data
  • Contact data
  • Financial data
  • Transaction data
  • Client data
  • Sensitive Personal Data
  • Performance of a contract with you
  • Necessary for our legitimate interests (for example; to recover debts due to us)

To manage our relationship with you which will include:

  • Notifying you about changes to our terms or privacy policy
  • Asking you to leave a review or take a survey
  • Identity data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Performance of a contract with you
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests (for example; to keep our records updated and to study how customers use or products/services)

To enable you to partake in an event or complete a survey

  • Identity data
  • Client data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Performance of a contract with you
  • Necessary for our legitimate interests (for example; to keep our records updated and to study how customers use or products/services)

To administer and protect our business and our website and Apps

  • Identity data
  • Contact data
  • Technical data
  • Necessary for our legitimate interests (for example; for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  • Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

  • Identity data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Technical data
  • Necessary for our legitimate interests (for example; to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use our data analytics to improve our website, products/services, marketing, customer relationships and experiences

  • Technical data
  • Necessary for our legitimate interests (for example; to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To provide you with the information and communications such as newsletters which are of interest to you.

  • Identity data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Your consent

 

Cookies and other technologies

Our use of cookies and other similar technologies to process personal data is explained in our cookie policy which you can read.

Our updates and communications
  • Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal data for marketing analysis and to provide you with newsletters and information about events and our services by email, letter, telephone or using our website or Apps.
  • You can object to receiving further marketing at any time by updating your contact details within your account, or selecting the "unsubscribe" link at the end of our marketing communications to you.
Who we give your personal data to

We may share your personal data with:

  • Any other member of the Taylor Wessing group, which means any Taylor Wessing firm and their subsidiaries and affiliates, who support our processing of personal data under this privacy policy. If any of these parties are using your personal data for direct marketing purposes, we will only transfer the personal data to them for that purpose with your prior consent;
  • Appropriate third parties including:
    • our business partners, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you;
    • our auditors, legal advisors and other professional advisors or service providers;
    • credit reference agencies for the purpose of assessing your credit score where this is in the context of us entering into a contract with you or the person that you work for; and
    • company data providers and similar information providers for the purpose of carrying out our client and matter acceptance checks (including client due diligence) in accordance with our legal and regulatory obligations.
  • In relation to personal data obtained via our website:
    • analytics and search engine providers that assist us in the improvement and optimisation of our website, subject to the cookie section of this privacy policy.

We may disclose your personal data to appropriate third parties:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets, subject to the terms of this privacy policy;
  • if a Taylor Wessing firm or substantially all of its assets are acquired by a third party, in which case personal data it holds about its clients will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contractual terms or other agreements with you; or
  • to protect the rights, property, or safety of Taylor Wessing, our clients, or others. This includes exchanging data with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
Where do we transfer/store your personal data?
As a global law firm, the data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent data protection laws. It may also be processed by staff situated outside the EEA who works for us or for one of our suppliers.
We may transfer your personal data outside the EEA in order to:
  • store it;
  • enable us to provide products or services to (and fulfil our contract with) you. This includes order fulfilment, processing of payment details, and the provision of support services;
  • facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights; or
  • meet any legal requirement to transfer such personal data outside the EEA.
In particular, we may transfer your personal data to the following countries outside the EEA:
Where your personal data is transferred outside the EEA, we will ensure that a transfer only takes place if an appropriate level of protection exists with the recipient and suitable safeguards are provided. 
 
Use of karriere.taylorwessing.com

We process the personal data that you provide when visiting our career website, using the job exchange service and when registering for the Talent Network as follows:

Job exchange

You can apply on your own initiative or apply for an advertised position via our job exchange. In order to review and evaluate your application, we process your contact data (title, first and last name, e-mail address) as well as your personal data in the form of your application documents (curriculum vitae, cover letter, certificates, photos, high school diploma grade, grade of the 1st and 2nd state examination, LL.M. degree, doctorate), your desired starting date as well as your preferred field of law. In addition, we process your telephone number, if you provide it. We process the personal data provided by you in this way exclusively for the purpose of the application procedure (Art. 6(1) lit. b, Art. 88 GDPR, § 26 BDSG). Additionally, if you agree to this and register at our Talent Network (for further details see below), we may process your personal data in order to inform you about suitable job offers, career events or further news related to Taylor Wessing and your possible future career with us. We base such data processing on your consent (Art. 6(1) lit. a GDPR).

You can apply via our application form or by e-mail (shown in the job offers). In both cases, in order to implement an effective application-management-system, we use the services of our processor TFI GmbH (hereinafter referred to as "TFI", Lise-Meitner-Straße 5-9, 42119 Wuppertal) with its software Talention. If you sent your application via e-mail, we store your application also in the Talention software. TFI processes your personal data on our behalf as a data processor in terms of Art. 28 GDPR and therewith ensures the effective technical provision of content on our career website as well as storage and management of your data in the Talention application-management-software. In doing so, we remain the sole data controller entitled to issue instructions.

TFI and its employees have no access to your data beyond what is necessary for the provision of its software-services. A respective data processing agreement has been concluded with TFI. Generally, if you apply for a position through our career website, all information and personal data provided by you in this way is processed and stored using the Talention software and its servers. Our responsible employees may use the software for communication with you. Any correspondence with you might be stored and processed by means of the Talention software.
In the event of a successful application, we will include your personal data in our own personnel file and  store your data for the purposes of the employment relationship. Such data will be stored for the period of time necessary for the performance of the employment relationship. Otherwise, in case of a rejected application, your personal data will generally be deleted within six months, unless you have registered at our Talent Network and given your consent to receive messages and information about future job offers, events and related news. In this case, we will process your personal data provided in your registration for the purposes of our Talent Network as described below. 

Talent Network

You can register with our Talent Network to become part of our network, stay in touch with us for your further career path and exchange ideas with other talents at events. An essential part of the Talent Network is the regular e-mail information about news in your Talent Network, including interesting job offers, career information and invitations to professional and career events. 
To participate in the Talent Network, we process your contact data (title, first and last name, e-mail address), the desired entry area and career level. Furthermore, we collect and process your personal data in the form of your additional information in order to tailor the offer even better to you (grade of the 1st and 2nd state examination, LL.M. degree, doctorate, location preference, date of joining us), as well as your telephone number, if you provide it. We store and process the data for participation in the Talent Network on the basis of your consent (Art. 6(1) lit. a GDPR). Your personal data will be deleted if you withdraw your consent. You can withdraw consent into data processing at any time and you do not need to provide any reasons for this. However, please note that your withdrawal will not affect the lawfulness of data processing prior to the time of withdrawal.
Furthermore, your data provided within our Talent Network will be processed in order to provide the service for you (Art. 6(1) lit. b GDPR). If you provide us with further information, we process this data on the basis of our legitimate interest in tailoring the Talent Network as closely as possible to your interests or professional situation (Art. 6(1) lit. f GDPR).

 

Processing of log data

When you access karriere.taylorwessing.com, your internet browser automatically transfers certain personal data to the TFI server, who provides the contents of our career website. Your personal data about your use of the website is processed in the form of the name of the website accessed or the name of the URL, the date and time of the access, the access status/http status code, the amount of data transferred, the website through which the request comes, the browser software and the software version, the operating system and its version, your IP address (anonymized, shortened by the last 3 digits) and the randomly generated key number of the cookie or session. The processing of this data is performed on our behalf and allows us to distinguish between number of visits or recurring visitors and new visitors, as well as to differentiate between visitors. This  processing is either absolutely necessary for the operation of the website (Art. 6(1) lit. b GDPR) or necessary to maintain the best possible functionality and continuous user-friendly optimization of the website and, thus, based on our legitimate interest (Art. 6(1) lit. f GDPR). If the data is stored in log files, your usage data will be deleted after 7 days at the latest.

 

Talent analytics

We use the software Talention Analytics from TFI to evaluate the use of karriere.taylorwessing.com. For this purpose, we process your personal data of the use of our website in the form of the name of the website accessed or the name of the URL, the date and time of access, the access status/http status code, the amount of data transferred in each case, the website through which the request comes, the browser software and the software version, the operating system and its version and your IP address (anonymized, shortened by the last 3 digits). With the help of a cookie, we determine how often karriere.taylorwessing.com is accessed, from which regions and with which types of terminal equipment karriere.taylorwessing.com is accessed. On our behalf, TFI stores the information thus collected exclusively on servers in Germany. The data processing serves the purpose of designing karriere.taylorwessing.com to meet demand, for example, to optimize loading times, make technical adjustments to content, adapt the structure of karriere.taylorwessing.com to the needs of users and similar purposes. The needs-based design is based on our legitimate interest in maintaining a career website that is as efficient and user-friendly as possible (Art. 6(1) lit. f GDPR).
Additionally, the information about the website through which you have accessed our career website and the respective http referrer is processed by TFI on our behalf, in order to evaluate the effectivity of advertising measures and channels. You declare consent to this data processing by activating the corresponding icon of our cookie banner (Art. 6(1) lit. a GDPR).  We will not use any purely analytical and non-essential cookies for data processing without your consent. You can withdraw your consent at any time and without providing reasons for withdrawal. However, please note that this will not affect the lawfulness of data processing prior to the time of withdrawal. You can object to the use of Talention Analytics by clicking on the following link: deactivate Talention Analytics. A cookie will then be set that prevents the processing of your data when you visit karriere.taylorwessing.com.
In the general settings of your browser you can also set cookie-preferences that apply to all your website visits. Please note, however, that severely limited cookie-preferences can affect the functionality of many websites.

 
How do we protect your personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. For example, all personal data you provide to us is stored on our secure servers.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our Apps, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Our website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For further details regarding our retention periods please send an email.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you and is not considered as personal data anymore) for research or statistical purposes in which case we may use these data indefinitely without notifying you.

Your rights

In accordance with the legal requirements, you have the right to:

  • withdraw your consent: Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at the contact details at the end of this privacy policy. You can also change your marketing preferences at any time as described in the 'Our updates and communications' section
  • be informed by us about the personal data concerning you, i.e. you might receive information about the personal data processed by us about you;
  • request the rectification or erasure of your personal data held by us;
  • request that we restrict the processing of your personal data (while we verify or investigate your concerns with this personal data, for example);
  • under certain circumstance object to the further processing of your personal data including the right to object to marketing as mentioned in 'Our updates and communications' section of this document; and
  • data portability, i.e. receiving your personal data in a structured, commonly used and machine-readable format.
How to exercise your rights

You can also exercise the rights listed above at any time by contacting us.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to complain to a data protection supervisory authority about our processing of your personal data. For more information, please contact your local data protection authority.

Changes to this privacy policy

We may from time to time make changes to this privacy policy. Any changes will be published here on our website (and in the case of substantive changes, will be notified to you by email) and will be effective as of the date of publication (which will also be noted on our website). This privacy policy was last updated in February 2020.