Data protection & privacy policy

Taylor Wessing (“we”/”our” and as defined below under Who we are) is committed to safeguarding your privacy. 

This privacy policy sets out our approach to data privacy, explaining why and how we process your personal information ("personal data"), and your rights in relation to your personal data.

Questions relating to this privacy policy, including any requests to exercise your legal rights in relation to your personal data, can be conducted via the email address

 
Who we are

We are a global law firm. Taylor Wessing is the trading name used by the members of a Swiss Verein and their respective controlled, managed and affiliated entities in providing services to clients around the world. View the Taylor Wessing Firms. 

Information we collect about you

Personal data are data which contain individual information on personal or factual circumstances for instance, name, address, E-Mail-Address, telephone number, date of birth, age, sex, social security number, video footage, photos, voice recordings of persons and sensitive data such as health data or data regarding criminal proceedings may also be covered.

We may process your personal data (which we have either obtained directly from you or from somewhere else) if:

  • you are our prospective client, client or supplier;
  • you otherwise use our services;
  • you work for a client or a supplier of ours, or for someone who otherwise uses our services;
  • you are someone (or you work for someone) to whom we want to advertise or market our services, our events; or
  • you are alumni.

Personal data which is not collected directly from you may be collected from:

  • your employer in connection with your job and how it relates to us;
  • third parties we work closely with, including but not limited to family members, trustees, business partners, sub-contractors in technical, payment and delivery services, analytics providers, and search information providers;
  • Governmental bodies, regulators, institutions, courts or any other similar establishments; or
  • any websites or applications ("Apps") operated by us which you use.

Personal data collection methods we may use include:

  • communication in person;
  • communication by phone, email, fax, SMS or any other electronic communication method;
  • communication by letters, notices, information sheets or any other paper-based communication methods;
  • using our website, social media channels, Apps or other technologies; or
  • ·visiting us (for example, if you sign in or are recorded on CCTV while visiting our offices, or you give us the registration details of your vehicle).

Personal data relating to you that we may process includes:

  • “Identity data” including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your job function, your employer or department;
  • “Contact data” including billing address, postal address, email address and telephone numbers (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company that you work for);
  • “Financial data” including bank account and other payment method details;
  • “Transaction data” including details about payments to and from you and other details of services you have received from us;
  • “Profile data” including your username and password, your interests, preferences, feedback and survey responses. It also includes information you give us or that we obtain when you use our website, obtain or subscribe to our services, supply us with goods or services, enquire about a service, place a service request, enter a survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for;
  • “Client data” including information about how you use our services, website, and applications, as well as personal data which can include Identity, Contact, Financial, Transaction and Profile Data of you and/or your family members, beneficiaries, employees or employers, or other third persons about whom we need to collect personal data by law, or under the terms of a contract we have with you;
  • “Sensitive personal data”: Client Data may include sensitive personal data where it is relevant to the legal services that we provide, such as settlement of insurance claims which may require us to obtain health reports;
  • “Marketing and communications data” including your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your personal data and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements, but excluding sensitive data); and
  • “Technical data” including:
    •  The Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
    • Information about your visit to our website/Apps, such as the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our fee earners or other employees; and
    • Location data which we may collect through our website/Apps and which provides your real-time location in order to provide location services (where requested or agreed to by you) to deliver content or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the website/App. Delivery of location services will involve reference to one or more of the following: (a) the coordinates (latitude/longitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources; and/or (c) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier. See our cookie policy for more information on the use of cookies and device identifiers on the website/Apps.
Legal bases for processing of personal data

We will only process personal data if we have a lawful reason for doing so.  The legal basis for processing personal data by us will be one of the following:

  • the data subject (you) has given consent to the processing of personal data for one or more specific purposes (“consent”);
  • the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
  • the processing is necessary in order for us to comply with our legal obligations;
  • the processing is necessary for the pursuit of our legitimate business interests;
How do we use your information

We collect and use your personal data for the purposes described below: 

The below table sets out the purposes for which we obtain your personal data, alongside the legal basis for our processing such data:

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new client and complete Client Due Diligence ("CDD") and conflict checks

 

  • Identity data
  • Contact data
  • Client data
  • Performance of a contract with you
  • Legal and regulatory requirement

To process and deliver our legal service including but not limited to:

  • Entering into contracts
  • Manage payments, fees and charges
  • Collect and recover money owed to us
  • Identity data
  • Contact data
  • Financial data
  • Transaction data
  • Client data
  • Sensitive Personal Data
  • Performance of a contract with you
  • Necessary for our legitimate interests (for example; to recover debts due to us)

To manage our relationship with you which will include:

  • Notifying you about changes to our terms or privacy policy
  • Asking you to leave a review or take a survey
  • Identity data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Performance of a contract with you
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests (for example; to keep our records updated and to study how customers use or products/services)

To enable you to partake in an event or complete a survey

  • Identity data
  • Client data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Performance of a contract with you
  • Necessary for our legitimate interests (for example; to keep our records updated and to study how customers use or products/services)

To administer and protect our business and our website and Apps

  • Identity data
  • Contact data
  • Technical data
  • Necessary for our legitimate interests (for example; for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
  • Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

  • Identity data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Technical data
  • Necessary for our legitimate interests (for example; to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use our data analytics to improve our website, products/services, marketing, customer relationships and experiences

  • Technical data
  • Necessary for our legitimate interests (for example; to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To provide you with the information and communications such as newsletters which are of interest to you.

  • Identity data
  • Contact data
  • Profile data
  • Marketing and Communications data
  • Your consent

 

Cookies and other technologies

Our use of cookies and other similar technologies to process personal data is explained in our cookie policy which you can read.

Our updates and communications
  • Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal data for marketing analysis and to provide you with newsletters and information about events and our services by email, letter, telephone or using our website or Apps.
  • You can object to receiving further marketing at any time by updating your contact details within your account, or selecting the "unsubscribe" link at the end of our marketing communications to you.
Who we give your personal data to
Where do we transfer/store your personal data?
As a global law firm, the data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent data protection laws. It may also be processed by staff situated outside the EEA who works for us or for one of our suppliers.
We may transfer your personal data outside the EEA in order to:
  • store it;
  • enable us to provide products or services to (and fulfil our contract with) you. This includes order fulfilment, processing of payment details, and the provision of support services;
  • facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights; or
  • meet any legal requirement to transfer such personal data outside the EEA.
In particular, we may transfer your personal data to the following countries outside the EEA:
Where your personal data is transferred outside the EEA, we will ensure that a transfer only takes place if an appropriate level of protection exists with the recipient and suitable safeguards are provided. 
 
Use of karriere.taylorwessing.com

We process the personal data that you provide when using the job exchange and when registering for the Talent Network as follows:

Job exchange

You can apply on your own initiative or apply for an advertised position via our job exchange. In order to review and evaluate your application, we process your contact data (title, first and last name, e-mail address) as well as your personal data in the form of your application documents (curriculum vitae, cover letter, certificates, photos, high school diploma grade, grade of the 1st and 2nd state examination, LL.M. degree, doctorate), your desired starting date as well as your preferred field of law. In addition, we process your telephone number, if you provide it. We process your personal data exclusively for the purpose of the application procedure (Art. 6(1) lit. b, Art. 88 GDPR, § 26 BDSG).

If you agree to this, we may process your personal data in order to inform you about suitable job offers in the future (Art. 6(1) lit. a GDPR).
In the event of a successful application, we will include your personal data in the personnel file and delete it within 3 years of the end of the application procedure. Otherwise, your personal data will generally be deleted within 6 months, unless you have given your consent to receive information about future job offers. In this case, we will delete your personal data if you revoke your consent or, in the case of a successful application, within 3 years after the end of the application procedure.

Talent network

You can register with our Talent Network to become part of our network, stay in touch with us for your further career path and exchange ideas with other talents at events. An essential part of the Talent Network is the regular e-mail information about news in your talent network, including interesting job offers, career information and invitations to professional and career events. To participate in the Talent Network, we process your contact data (title, first and last name, e-mail address), the desired entry area and career level. Furthermore, we collect and process your personal data in the form of your additional information in order to tailor the offer even better to you (grade of the 1st and 2nd state examination, LL.M. degree, doctorate, location preference, date of joining us), as well as your telephone number, if you provide it. We process the data for participation in the Talent Network in order to provide the service for you (Art. 6(1) lit. b GDPR). If you provide us with further information, we process this data on the basis of our legitimate interest in tailoring the Talent Network as closely as possible to your interests or professional situation (Art. 6(1) lit. f GDPR).

Processing of log data

When you access karriere.taylorwessing.com, your Internet browser automatically transfers certain personal data to the TFI server. Your personal data about your use of the website is processed in the form of the name of the website accessed or the name of the URL, the date and time of the access, the access status/http status code, the amount of data transferred, the website through which the request comes, the browser software and the software version, the operating system and its version, your IP address (anonymized, shortened by the last 3 digits) and the randomly generated key number of the cookie or session. This data processing is absolutely necessary for the operation of the website (Art. 6(1) lit. b GDPR).
If the data is stored in log files, your usage data will be deleted after 7 days at the latest.

Talent analytics

We use Talention Analytics from TFI to evaluate the use of karriere.taylorwessing.com. For this purpose, we process your personal data of the use of our website in the form of the name of the website accessed or the name of the URL, the date and time of access, the access status/http status code, the amount of data transferred in each case, the website through which the request comes, the browser software and the software version, the operating system and its version and your IP address (anonymized, shortened by the last 3 digits). With the help of a cookie, we determine how often karriere.taylorwessing.com is accessed, from which regions and with which types of terminal equipment karriere.taylorwessing.com is accessed. On our behalf, TFI stores the information thus collected exclusively on servers in Germany. The data processing serves the purpose of designing karriere.taylorwessing.com to meet demand, for example, to optimize loading times, make technical adjustments to content, adapt the structure of karriere.taylorwessing.com to the needs of users and similar purposes. The needs-based design corresponds to our legitimate interest in maintaining a website karriere.taylorwessing.com that is as user-friendly as possible (Art. 6(1) lit. f GDPR).

You can object to the use of Talention Analytics by clicking on the following link: deactivate Talention Analytics. A cookie will then be set that prevents the processing of your data when you visit karriere.taylorwessing.com.

How do we protect your personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. For example, all personal data you provide to us is stored on our secure servers.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our Apps, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Our website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For further details regarding our retention periods please send an email.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you and is not considered as personal data anymore) for research or statistical purposes in which case we may use these data indefinitely without notifying you.

Your rights

In accordance with the legal requirements, you have the right to:

  • withdraw your consent: Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at the contact details at the end of this privacy policy. You can also change your marketing preferences at any time as described in the 'Our updates and communications' section
  • be informed by us about the personal data concerning you, i.e. you might receive information about the personal data processed by us about you;
  • request the rectification or erasure of your personal data held by us;
  • request that we restrict the processing of your personal data (while we verify or investigate your concerns with this personal data, for example);
  • under certain circumstance object to the further processing of your personal data including the right to object to marketing as mentioned in 'Our updates and communications' section of this document; and
  • data portability, i.e. receiving your personal data in a structured, commonly used and machine-readable format.
How to exercise your rights

You can also exercise the rights listed above at any time by contacting us.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to complain to a data protection supervisory authority about our processing of your personal data. For more information, please contact your local data protection authority.

Changes to this privacy policy

We may from time to time make changes to this privacy policy. Any changes will be published here on our website (and in the case of substantive changes, will be notified to you by email) and will be effective as of the date of publication (which will also be noted on our website). This privacy policy was last updated in February 2020.