Winston Taylor International LLP t/a Taylor Wessing ("we”/”our”) is committed to safeguarding your privacy.
This privacy policy sets out our approach to data privacy, explaining why and how we may process your personal information ("personal data"), and your rights in relation to your personal data.
Questions relating to this privacy notice, including any requests to exercise your legal rights in relation to your personal data, can be conducted via our email address.
Who we are
We are an international law firm and a data controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed in compliance applicable data protection law.
Personal data are data which contain individual information on personal or factual circumstances for instance, name, address, E-Mail-Address, telephone number, date of birth, age, sex, social security number, video footage, photos, voice recordings of persons and special categories of data such as health data or data regarding criminal proceedings may also be covered.
We may process your personal data (which we have either obtained directly from you or from somewhere else) where:
- you are our client
- you work for a client
- you are someone (or you work for someone) to whom we want to advertise or market our services, our events
Personal data which is not collected directly from you may be collected from:
- your employer in connection with your job and how it relates to us
- third parties we work closely with, including but not limited business partners, sub-contractors in technical, payment and delivery services, analytics providers, and search information providers
- Governmental bodies, regulators, institutions, courts or any other similar establishments
- publicly available sources: including but not limited to registers of individuals, companies, charities or professionally regulated persons. Registers of sanctioned persons or entities, published case proceedings or judgements or other published sources including social media sites used for professional purposes
- any websites, or portals operated by us which you use.
Personal data collection methods we may use include:
- communication in person
- communication by phone, email, or any other electronic communication method
- communication by letters, notices, information sheets or any other paper-based communication methods
- using our portals or other technologies.
Personal data relating to you that we may process includes:
- “Identity data” including first name, last name, username or similar identifier, gender, your job function, your employer or department.
- “Contact data” including billing address, email address and telephone numbers including frequency of contact (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the person or company that you work for).
- “Financial data” including bank account and other payment method details.
- “Transaction data” including details about client matters worked on, payments from you or the person or company you work for and other details of services you have received from us.
- "Image data" including photos or other image content provided by you.
- “Profile data” including your username and password, your, preferences, feedback, reviews of our services and survey responses. It also includes information you give us or that we obtain when you obtain or subscribe to our services, place a service request, enter a survey, or contact us to report a problem, or do any of these things on behalf of the person or company that you work for.
- “Client data” including information about how you use our services, website, and portals, as well as personal data which can include Identity, Contact, Financial, Transaction and Profile Data of you and/or your, employees or employers, or other third persons involved in a matter handled for our client, including but not limited to other parties, beneficiaries, witnesses or other individuals about whom we need to collect personal data by law, or under the terms of a contract we have with you or the person or company that you work for.
- “Special categories of personal data”: this may include special categories of personal data where it is relevant to the client legal services that we provide, such as client employment matters which may require us, for example to receive health or other employee reports where necessary for the establishment , exercise or defence of legal claims.
- "Professional data" Information about the professional activities and experiences of you or other third persons that you give us where relevant to the services we provide.
- “Marketing and communications data” including your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your personal data and preferences, to the extent that this information is relevant to organising and managing those events.
- “Technical data” including:
(i) the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
(ii) information about your visit to our website/portals, such as the full Uniform Resource Locators (URL), clickstream to, through and from our website/portals (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our fee earners or other employees. We collect this personal data by using server logs and other similar technologies. Please see our Cookie Policy for further information.
(iii) location data which we may collect through our website/portals to deliver content or other services that are dependent on knowing where you are. Delivery of location services will involve look-up of your country of location by reference to your IP address against public sources.
We will only process personal data if we have a lawful reason for doing so. The legal basis for processing personal data by us will be one of the following:
- the data subject (you) has given consent to the processing of personal data for one or more specific purposes (“consent”)
- the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract
- the processing is necessary in order for us to comply with our legal obligations
- the processing is necessary for the pursuit of our legitimate business interests.
- We collect and use personal data for the purposes described below:
- The below table sets out the purposes for which we may obtain your personal data, alongside the legal basis for our processing such data:
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
|
To verify your identity, carry out background checks (including through the use of electronic data sources) and to complete Client Due Diligence (CDD), screening and conflict checks in order to register you or your employer as a new client |
|
|
|
To process and deliver our legal service including but not limited to:
|
|
|
|
To manage our relationship with you which will include:
|
|
|
|
To enable you to partake in an event or complete a survey |
|
|
|
To administer and protect our business and our website and portals |
|
|
|
To deliver relevant published content including online content |
|
|
|
To use service engagement data to assess and improve:
|
|
|
|
To provide you with the information and communications such as newsletters which are of interest to you |
|
|
- Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal data for marketing analysis and to provide you with newsletters and information about events and our services by email, letter, telephone or using our website or portals.
- You can object to receiving further marketing at any time by using the "contact us" link on our website and informing us accordingly, updating your contact details within your account, or selecting the "unsubscribe" link at the end of any of our marketing communications to you. We will then delete the majority of your personal data used for marketing and not related to the provision of our legal services, retaining only what is necessary to record that you do not want to receive these communications from us.
We may share your personal data with:
- Our client, where your personal data is relevant to a matter handled for our client or where you are a client authorised user of one of our portals;
- Appropriate third parties including:
(i) our business partners, suppliers, IT service providers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you;
(ii) our auditors, accountants, legal advisors, insurers (including professional indemnity insurers), consultants and other professional advisors or service providers;
(iii)company data providers and similar information providers for the purpose of carrying out our client and matter acceptance checks (including client due diligence) in accordance with our legal and regulatory obligations.
We may disclose your personal data to appropriate third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets, subject to the terms of this privacy policy;
- if we or substantially all of our assets are acquired by or merged with a third party, in which case personal data we hold about our clients will be one of the transferred or merged assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contractual terms or other agreements with you including disclosures to courts, regulators, law enforcement or tax authorities; or
- to protect our rights, property, or safety or that of our clients, or others. This includes exchanging data with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
The data that we process in relation to you is stored on servers in the UK and EU however it may also be transferred to, and stored at, a destination outside the UK and/or European Economic Area ("EEA") including the USA that may not be subject to equivalent data protection laws.
In the event that your personal data is transferred outside the UK and/or EEA, we will ensure that a transfer only takes place if an appropriate level of protection exists with the recipient and suitable safeguards are provided. In particular that at least one of the following safeguards is in place:
- We transfer your personal data to countries that have been deemed to provide an adequate level of protection by, as applicable, the UK Secretary of State or the European Commission.
- We implement certain standard contractual clauses with the recipients of your personal data to safeguard transfers to countries outside of the UK/EEA.
Please contact us if you would like further information about the specific mechanism used when transferring your personal data out of the UK and/or EEA.
As part of our ongoing commitment to innovation, the delivery of outstanding client service and efficient internal administration, we explore and utilise new technologies. This includes developing our own in-house tools and gen-AI solutions secured within our infrastructure as well as the use of secured, private, European hosted accounts within market leading legal AI tools.
We may use AI to enhance efficiencies and capabilities in the following ways:
- Document analysis – to automate the initial review and analysis of documents.
- Content generation – to assist with creating first drafts or summaries or to provide writing assistance such as content, tone or formatting.
- Legal research – Use of legal specific AI to access leading legal knowledge resources to provide initial detailed findings with source attribution.
- Workflow streamlining – to streamline routine legal, business development and administrative tasks improving overall workflow efficiency. We first carefully vet how any private account AI tools we permit to be used are employed in accordance with principles of fairness, proportionality, personal data minimisation, policy controls and the existence of appropriate certification standards. Our use of AI is subject to separate lawyer validation and contract terms require that no models are permitted to be trained on client data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. For example, all personal data you provide to us is stored on secure servers.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or our portals, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For further details regarding our retention periods please send an email.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you and is not considered as personal data anymore) for research or statistical purposes in which case we may use these data indefinitely without notifying you.
In accordance with the legal requirements, you have the right to:
- request to be provided with a copy of your personal data held by us
- be informed by us about the personal data concerning you
- request the rectification or erasure of your personal data held by us
- request that we restrict the processing of your personal data (while we verify or investigate your concerns with this personal data, for example)
- under certain circumstance object to the further processing of your personal data including the right to object to marketing as mentioned in 'Our updates and communications' section of this document
- data portability, i.e. that your provided personal data is moved to a third party in a structured, commonly used and machine-readable format
- withdraw your consent: Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at the contact details at the end of this privacy policy. You can also change your marketing preferences at any time as described in the 'Our updates and communications' section.
You can also exercise the rights listed above at any time by contacting us using the contact details at the end of this policy.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to complain to a data protection supervisory authority about our processing of your personal data. For more information, please contact your local data protection authority.
We are committed to safeguarding your privacy as part of providing the highest quality service. If you have any reason not to be satisfied with your experience including our handling of your personal information, please direct any complaint to dataprivacyuk@taylorwessing.com. Client complaints can be submitted in accordance with our complaints procedure.
We may from time to time make changes to this privacy policy. Any changes will be published here (and in the case of substantive changes, will be notified to you by email) and will be effective as of the date of publication (which will also be noted on our website). This privacy policy was last updated in April 2026.
Questions, comments and requests regarding this privacy policy should be addressed via our email address or by writing to our UK business address:
Winston Taylor International LLP t/a Taylor Wessing
5 New Street Square
London
EC4A 3TW