Data Protection Privacy Notice
-
This privacy notice gives you information on how Dechert (“we”, “us”, “our”) look after your personal data in the following circumstances:
- when we collect your personal data directly from you; and
- when we collect your personal data indirectly.
More specific information around the processing of your personal data will be provided in supplemental privacy notices on specific occasions. For example, we have a more comprehensive Recruitment Privacy Notice which can be accessed before applying for a role within the firm.
You may also download a PDF version of this notice at the following link.
-
Dechert globally is made up of different legal entities and partnerships registered in different jurisdictions; some of which are limited liability entities. For full details please see our Legal Notice available by clicking here.
Dechert UK LLP is registered with the Information Commissioner’s Office (ICO) as a Data Controller. This privacy notice is issued on behalf of all Dechert entities and to the extent that we are a data controller, each of our entities is a joint controller of your personal data.
World Compass
Dechert operates a subscription service called World Compass. Dechert’s World Compass is a solution for investment managers and their in-house legal and compliance professionals as they advise their teams on distribution strategies and navigate the constantly changing regulatory landscape relating to global offerings of financial products. World Compass provides detailed information on global distribution rules, beneficial ownership reporting requirements and regulatory issues affecting cross border commercial lending and debt activities through a web-based portal that is up-to-date, available 24/7 and easily accessible.
World Passport
Dechert operates a subscription service called World Passport. Dechert’s World Passport is a financial services package that acts as a one-stop shop for fund registration, marketing and legal compliance for investment firms seeking to distribute UCITS or alternative investment funds cross-border. World Passport also includes concise, practical legal information on passporting or registering funds, gaining market entry, and maintaining compliance with local regulations, complimented by World Compass’s marketing guidance. World Passport handles the cross-border registration (and ongoing maintenance) for client funds and allows the clients to focus on distribution activity.
-
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
Dechert Data Protection Officer
AllPrivacy@dechert.com or
Dechert LLP, 25 Cannon Street, London, EC4M 9BPSingaporean Data Protection Officer
Dechert (Singapore) Pte. Ltd.
Esther.wong@dechert.com
Dechert Pte. Ltd., One George Street, 16-03, Singapore, 049145 -
If you have concerns about your personal data or your rights under this privacy notice, please contact us at AllPrivacy@dechert.com so that we can deal appropriately with these concerns. You also have the right to make a complaint at any time to the relevant supervisory authority.
-
We keep our privacy notice under regular review. This version was last updated on 3 October 2023.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You can update your personal data by emailing AllPrivacy@dechert.com.
-
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The table below contains information on how we process your personal data when you interact with our website. For further information please refer to our Cookie Policy
INTERACTING WITH OUR WEBSITE
HOW DO WE COLLECT PERSONAL DATA? In this instance, most personal data will be collected through Cookies. You may also provide your personal data directly, when you sign up for a newsletter. WHY DO WE PROCESS PERSONAL DATA? We process certain personal data because it is necessary to do so to provide you access to our webpage. Other types of personal data are processed to gain an understanding of how and why visitors to our website are interacting with our content. This helps us to improve the performance of our website by ensuring that we are providing relevant and easily accessible content to our website visitors. WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
We will collect technical data when you access our website. This type of data includes the following: a) IP address.
b) device type.
c) unique device identification number.
d) browser-type and version.
e) broad geographic location.
f) operating system and platform.
g) and other technical information.
h) contact information.In addition to this information, we will collect information about the way in which a device interacts with our website. For example, which pages were viewed, and which links were clicked on.
WHAT LAWFUL BASIS DO WE RELY UPON? Where we process personal data, which is necessary to provide access to our website, we rely on our legitimate interest to do so.
Where we process personal data, which will help us determine engagement with our website, we rely on consent.
HOW DO WE USE PERSONAL DATA? As above, we use personal data to gain a comprehensive understanding of which pages are being interacted with. WHO DO WE DISCLOSE PERSONAL DATA TO?
We do not share your personal data with third parties for this particular purpose. -
We may collect, use, store, and transfer different kinds of personal data depending on the reason for processing. We have set out information below, according to the purposes for which we are processing your personal data.
LEGAL SERVICES
HOW DO WE COLLECT PERSONAL DATA?
We will collect personal data directly from you in most circumstances. For example, where we process contact data to manage the business relationship we have with you.
Email analytics
We may collect personal data automatically by using a relationship intelligence tool which collects certain personal data from some of your emails.
WHY DO WE PROCESS PERSONAL DATA? Where you engage us to deliver .legal services, we need to process certain personal data so that we can manage our relationship with you and so that we can deliver complete and relevant legal advice.
We also need to process certain personal data to comply with legal and regulatory obligations. For example, for anti-money laundering, conflict, and financial purposes.
Email analytics
The relationship intelligence tool allows us to understand and analyse the strength of certain business relationships so that we can connect you with the most appropriate contact person at Dechert.
WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
When delivering legal services, we will process an array of different types of personal data. These can include the following:
a) contact personal data (e.g., full name, email address, telephone number, job title and company name).
b) Email analytics including, email signatures, time stamps, interaction length, and response times for responding to emails etc.
c) identification and background information (e.g., a client’s relationship with a juristic person).
d) financial data (e.g., bank account details).
e) marketing preferences (e.g., opt-ins/outs).
f) various other types of personal data provided to us for the purposes of legal services.
In very rare circumstances, we may process special category data, but we will ensure that we have the necessary lawful bases in place before we do so.
WHAT LAWFUL BASIS DO WE RELY UPON? For the purpose of providing legal advice to you as our client, we will rely on the fact that it is necessary for the performance of a contract with you. In other instances, we will rely on our legitimate interest in providing legal services. This legitimate interest is a commercial one.
Email analytics
We will rely on our business development legitimate interests where we process personal data for relationship intelligence purposes.
HOW DO WE USE PERSONAL DATA? We will use this personal data to manage our business relationship with you (or the legal entity you represent) and to formulate legal advice for the purposes of the legal service that you have engaged us to deliver.
Email analytics
Our relationship intelligence tool is active on certain Dechert email accounts and automatically collects information when you send or receive emails to or from us.
WHO DO WE DISCLOSE PERSONAL DATA TO?
We may have to disclose certain categories of your personal data with external counsel or experts in a particular field. We may also need to share certain categories of your personal data with law enforcement, and opposition and other parties involved in certain cases. Where we disclose personal data, we will ensure that we have the necessary lawful basis and safeguards in place.
<h3>MARKETING</h3> HOW DO WE COLLECT PERSONAL DATA?
In most instances, we will .collect your personal data directly from you as a client, or where you complete a form to attend an event or webinar. We may also collect some personal data automatically. For example, where our marketing emails contain tracking technology to understand the interaction with the content of these emails. More information will be provided when you sign up to receive these marketing emails.
WHY DO WE PROCESS PERSONAL DATA?
We will process your personal data to market our services and products, as well as to get an idea of how our marketing products are being received and engaged with. We will also need to process certain personal data to provide access to our marketing events and so that you can receive our informative articles.
WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
We will usually collect contact information such as full name, email address, job title and company name. Other categories of personal data include the following: a) responses to satisfaction surveys
b) marketing preferences
c) communication preferences
d) interaction with links we send in marketing emails.WHAT LAWFUL BASIS DO WE RELY UPON? We may rely on the soft opt-in if you are a client of ours and we are marketing similar services and products to you to those which we have previously supplied (or negotiated to supply) you with. In this instance, we will always give you the option to opt-out of receiving such marketing communications. Where we send you email marketing, we will do this based on having received your consent; either directly from you or from a third party who obtained your consent to share your personal data with us specifically.
HOW DO WE USE PERSONAL DATA?
We use this personal data to invite you to events or webinars, as well as to send your marketing material which you have requested.
We process your responses to satisfaction surveys to improve our delivery of legal services and marketing campaigns in general.
WHO DO WE DISCLOSE PERSONAL DATA TO?
Where we are co-hosting or co-sponsoring an event, we may disclose your personal data to our partners involved in delivering these events. Where we do so, we will always ensure that the appropriate agreements are in place to allow the processing to take place lawfully. We need to disclose personal data in these instances so that you can be registered for an event and so that we can gather data on attendance and engagement. We store personal data for this purpose in our customer relationship management system and so personal data will be shared with this application. Where required, a data processing agreement will be put in place to regulate this relationship.
WORLD COMPASS, WORLD PASSPORT & BLOGS ETC.
HOW DO WE COLLECT PERSONAL DATA?
We will collect certain personal data directly from you in these instances. WHY DO WE PROCESS PERSONAL DATA?
We will need to process certain personal data to allow you access to these subscription or blog services. WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
We will process contact personal data in the form of: a) name
b) surname
c) email address
d) company name.WHAT LAWFUL BASIS DO WE RELY UPON? We rely on our contractual obligation to provide access to our World Compass and World Passport subscription services, and we rely on consent to provide access to our blog.
HOW DO WE USE PERSONAL DATA?
We use this personal data to allow access to these subscription services. WHO DO WE DISCLOSE PERSONAL DATA TO?
Where you have signed up to receive our Crunched Credit Blog, we will share your contact details with MailChimp (our email service provider) for the purposes of delivering our blog. -
<h3>LEGAL SERVICES</h3> HOW DO WE COLLECT YOUR PERSONAL DATA? We will collect your personal data where it is provided to us by or on behalf of our clients in the course, and for the purpose of, providing legal services to them. In these cases, it might be that we have access to your personal data if you are an employee of one of our clients or if you are in some or other way involved with or connected to our client’s matter (i.e., as an opposing party or its business associate, or a witness).
We will also collect personal data from public sources. For example, through subscription services or through communications companies
WHY DO WE PROCESS PERSONAL DATA? This personal data will be processed because you are somehow featured in a matter in which we are involved, and we need to process your personal data to provide complete and sound legal advice to our client. WHAT TYPE OF PERSONAL DATA DO WE PROCESS? When delivering legal services, we will process an array of different types of personal data. These can include the following: a) contact personal data (e.g., full name, email address, telephone number, job title and company name)
b) identification and background information (e.g., a data subject’s relationship with a juristic person)
c) financial data (e.g., bank account details)
d) various other types of personal data provided to us for the purposes of legal services.In very rare circumstances, we may process special category data, but we will ensure that we have the necessary lawful bases in place before we do so.
WHAT LAWFUL BASIS DO WE RELY UPON? For this purpose, we will rely on our legitimate interest in providing legal services. This legitimate interest is a commercial one. HOW DO WE USE PERSONAL DATA? We will use this personal data to formulate legal advice for clients who have retained our legal services for a particular matter. TO WHOM DO WE DISCLOSE PERSONAL DATA FOR THIS PURPOSE?
We may have to disclose certain categories of your personal data with external counsel or experts in a particular field. We may also need to share certain categories of your personal data with law enforcement, and opposition and other parties involved in certain cases. Where we disclose personal data, we will ensure that we have the necessary lawful basis and safeguards in place.
MARKETING
HOW DO WE COLLECT YOUR PERSONAL DATA? Where we sponsor or co-host an event, we may obtain personal data from the partners with whom we are involved for the purposes of delivering these events. WHY DO WE PROCESS PERSONAL DATA? We will process this personal data to market our services and products to you, as well as to get an idea of how our marketing products are being received and engaged with. We will also need to process certain personal data to provide access to our marketing events and so that data subjects can receive our informative articles.
WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
We will usually collect contact information such as full name, email address, job title and company name. Other categories of personal data include the following:
a) responses to satisfaction surveys
b) marketing preferences
c) communication preferences
d) your interaction with links we send you in marketing emails.WHAT LAWFUL BASIS DO WE RELY UPON? Where .we send email marketing, we will do this based on having received your consent; either directly from you or from a third-party who obtained your consent to further share your personal data HOW DO WE USE PERSONAL DATA?
We use this personal data to invite you to events or webinars, as well as to send your marketing material where you have requested these.
We process your responses to satisfaction surveys to improve our delivery of legal services and marketing campaigns in general.
TO WHOM DO WE DISCLOSE PERSONAL DATA FOR THIS PURPOSE?
We need to disclose your personal data to processors who facilitate the virtual platforms on which our events take place. We also need to disclose your personal data to event hosts where these are live events so that you can be given access to the venue and so that you can receive any materials which need to be provided during the event.
We store your personal data for this purpose in our customer relationship management system, Vuture, and so your personal data will be shared with this application. We have a data processing agreement in place to regulate this relationship.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you.
Where we need to collect personal data to deliver marketing materials, we won’t be able to fulfil this request if you fail to provide the personal data.
Change of purpose, anonymization
We will only use personal data for the purposes for which we originally collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case it is no longer considered to be personal data.
-
In general, we may share your personal data with other Dechert offices around the world, as well as with the service providers we work with. These service providers include Microsoft, Box, Inc., and Dechert 24/7 and the sharing of this personal data is necessary for operational purposes.
We may also have to share personal data with regulators, public institutions, courts or other third parties.
Introhive Services Inc. is the relationship intelligence tool which will receive some of your personal data so that they can process it on our behalf.
Vuture Limited, the marketing platform that we use, also stores personal data in the course of delivering marketing services to us.
Azure OpenAI is a generative artificial intelligence (“AI”) service that we license from Microsoft for our AI Tools, which we use for business processes and as part of providing legal services. The AI Tools may process some personal data, however they are not used to solely automate decision making. The AI Tools will not be relied upon without human review for accuracy and appropriateness. For further information, please see our supplementary AI Privacy Notice at the following link.
For the purposes described above, we may have to transfer personal data outside of the UK or the EEA to a Dechert office or a third party which exists in a jurisdiction that does not have an adequacy decision from the European Commission. We will always ensure that there is a legal basis for this transfer and that we have appropriate safeguards in place so that personal data is treated in a manner that is consistent with, and respects the EU, UK and other applicable laws and regulations on data protection. We have put in place a Dechert Transfer Agreement as our safeguard method in relation to personal data transferred between the Dechert offices. If further information about this is required, it can be requested from AllPrivacy@dechert.com.
-
We have put in place appropriate security measures to prevent your personal data form being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Dechert personnel who have access to your personal data will only process personal data on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
-
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
To determine the appropriate retention period of your personal data, we will consider the amount, nature and sensitivity of the personal data, the potential risk from unauthorized use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Upon expiry of the applicable retention period, we will securely destroy personal data in accordance with applicable laws and regulations.
-
You have rights which can be exercised under certain circumstances in relation to the personal data that we hold about you. These rights are to:
a) request access to personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing.
b) request rectification of personal data.
c) request the erasure of personal data.
d) request the restriction of personal data.
e) object to the processing of personal data.You also have the right to receive personal data in a structured, commonly used, and machine-readable format and to have us transmit those personal data to another controller, if:
a) you have provided these personal data to us, directly; and
b) the processing is based on consent; or
c) the processing is based on explicit consent; or
d) the processing is based on a contract; and
e) the processing is carried out by us by automated means, subject however, to legal restrictions which may apply.If you want to exercise one of these rights, please contact us at AllPrivacy@dechert.com.
Please note that some of the rights mentioned above are subject to certain limitations set out in law. For example, we do not need to disclose your personal data if we process personal data:
a) To which a claim to legal professional privilege could be maintained in legal proceedings; or
b) In respect of which a duty of confidentiality is owed by us as a professional legal adviser to one of our clients.You also have the right to make a compliant at any time to a competent supervisory authority.
Right to withdraw consent
Where you have provided consent to the collection, processing, and transfer of your personal data, you have the right to fully or partly withdraw consent. To withdraw consent please contact AllPrivacy@dechert.com. Once we have received notification that your consent has been withdrawn, we will no longer process your personal data for the purpose(s) for which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms, or unless we need to continue to process your personal data for the establishment, exercise or defense of legal claims. Where we process your personal data for direct marketing purposes, you have the right to object at any time, in which case we will no longer process your personal data for such marketing purposes.
Fees
You will generally not have to pay a fee to exercise any individual rights mentioned above. However, we may charge a reasonable fee if your request to exercise a right is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request altogether in such circumstances.
Automated decision making
We do not apply automated decision-making techniques.
-
This supplement applies to how we process personal information in China under the China Personal Information Protection Law (“PIPL”).
Legal bases for processing personal information
We will process the personal data of individuals in China solely on the legal grounds outlined by the PIPL, which include: obtaining the individual's consent; if it is essential for fulfilling a contract with the individual, adhering to internal employment guidelines/policies, or upholding a collective agreement as per legal requirements; if it is required to fulfill legal responsibilities or to adhere to legal mandates; if it is crucial for managing public health emergencies, or for safeguarding the urgent interests of natural persons' life, health, and property; if it is necessary for the public good to conduct journalism and monitor public opinion within an acceptable range; when handling personal data that has been made public by the individual or legally by others within a reasonable extent; and any other stipulations mandated by law or regulation.
Sensitive personal information
Within the framework of the PIPL, "sensitive personal information," also known as "Special Category Data," pertains to types of personal data that, if disclosed or misused, could readily result in the violation of an individual's dignity or endanger their personal or property security. This category encompasses data such as biometric identifiers, religious affiliations, unique personal identities, health and medical details, financial account information, location tracking, and any personal data concerning children under the age of 14.
Separate consent
We will secure an additional, distinct consent from the individual concerned for activities such as sharing personal data, handling sensitive personal information, publicly releasing personal data, and transferring data across borders, beyond the standard consent, in compliance with the PIPL's requirements.
Cross-border transfer
We will utilize the standard contract approved by the CAC when we supply personal data to Dechert UK LLP.