Reed Smith LLP and its affiliated entities (listed in the "Reed Smith entities" section below) (together "Reed Smith", "we", "our", or "us") are committed to respecting your privacy.
We set out more details below under How we collect your personal data.
Who is responsible for your personal data?
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the "GDPR"), the data controller for the data you provide or that we collect in connection with our website or our apps is Reed Smith LLP (of Delaware USA).
For the purposes of the Personal Data (Privacy) Ordinance (Cap. 486 of the Law of Hong Kong) (the PDPO" ), where we are providing you with legal services or where you are engaging with us in other circumstances (such as to attend an event, to join us as an employee, or to provide us with services), the data user for the data you provide or that we collect is Reed Smith Richards Butler.
Are you required to provide your personal data?
You do not have to give us any personal data in order to use most of our websites, and in most instances you will provide us with your personal data voluntarily. However, there are circumstances in which we may not be able to assist you, or an organisation with which you are associated, unless you provide us with your personal data. For example, your personal data may be required for legally required compliance checks, to carry out instructions, for security and other reasons to allow you to access one of our events or premises. In these cases, without the relevant personal data, we may be unable to assist you or your organization, and we would inform you or your organisation that this is the case. We also may collect some personal data about you automatically – further details below.
Which personal data do we collect?
When you use our website or when we interact with you, the personal data we collect may include (but is not limited to):
- Contact information, such as your name, job title, postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address
- Professional information, such as job titles, previous roles, and professional experience and qualifications
- Physical access data, relating to details of your visits to our premises
- If you connect to us from a social network, such as LinkedIn or Facebook, we will collect personal information from the social network in accordance with your privacy settings on that social network. The connected social network may provide us with information such as your name, profile picture, network, gender, username, user ID, age or age range, language, country, friends list, follower list, and any other information you have agreed it can share or that the social network provides to us
- Special categories of personal data. In connection with the registration for and provision of access to an event or seminar, or a visit to one of our offices, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have, or for public health reasons, including to meet public health requirements or health and safety laws. Your provision of this data is based on your consent and our use of it is with your consent and/or as required by law.
For our legal services we may collect
- In addition to all or some of the information listed above, information collected from publicly available sources or data sites for client due diligence purposes
- Identification information from you or from your organisation or other third parties for compliance with our legal and professional duties
- Payment data, such as data necessary for processing payments and fraud prevention, and other related billing information
- Other personal data regarding your preferences, opinions and comments where it is relevant to our services
- Information regarding the issue or matter in respect of which we have been engaged to provide legal services which may contain personal information about you. In the course of our client services, we may represent you and/or your organisation in legal matters that require us to collect and use special category personal information relating to you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, details of criminal offences, or genetic or biometric data).
For our recruitment
Reed Smith Careers allows you to submit, upload, store and amend your personal information in order to complete an online application form (the "Application Form"). You can use the Application Form to apply for specific positions at Reed Smith which are advertised on the Reed Smith Careers site, and apply speculatively for positions with us. Where the information provided is defined as special category data (or sensitive personal data) (such as your racial background or your state of health), your provision of such information is usually necessary for the performance of a contract. We will use racial background information only to allow us to carry out equal opportunities monitoring and to report on our diversity initiatives. In the case of health data, we may use this to assess your suitability for a position. But in any event, we will use such information only as permitted by law. In addition to some or all of the personal information set out above, we may receive information concerning you from third parties (for example, referees).
How we collect your personal data
We may collect personal data about you in a number of circumstances and ways, including:
- When you or your organisation seek legal advice from us or when you are engaged by us on behalf of our clients
- When you make an enquiry about our services or otherwise interact on our website
- When you attend a seminar or event with us or a third party we are working with or sign up to receive publications from us
- When you or your organisation provide services to us or seek to provide such
- When you apply to join us or express an interest in joining us
- When you interact with us by telephone, email and other electronic communication
- From third parties, such as government agencies, a credit reporting agency, information service providers, or from publicly available records
- From social media sites
- By making enquiries from your organisation, other organisations with whom you have dealings such as former employers and educational institutions, or from third-party sources
- Automatically in the ways we describe below.
Using cookies and other tracking software, we automatically collect personal data about you when you access and use our websites, blogs, mobile sites, applications, sponsored content on social media sites (the "Online Information"), and information about the device you use to access the Online Information. For example, we may collect:
- Information about how you view the Online Information (such as the pages you view, the links you click)
- Information about your browser and usage patterns (e.g. your IP address, browser type and language)
- Information about the device you use to access the Online Information
- Your access via a social media site
We use this information to determine news, alerts, and other products and services that may be of interest to you for marketing purposes; to monitor and improve our Online Information and business; and to help us develop new products and services.
Using email tracking software, we collect email traffic headers ("from", "to" and timestamp fields) for analysing patterns of network traffic and managing our relationships, although we exclude from our analysis email addresses which are not associated with a company email address.
Use of your personal information
We will use the personal data listed above if and to the extent necessary to achieve the following purposes:
- To provide legal advice or other services, including online or legal technology services as instructed or requested by you or your organisation
- To manage and administer you or your organisation's relationship with us, including billing and collection, marketing and support services, and taking other steps linked to the performance of our business relationship
- To comply with our legal and regulatory obligations such as for anti-money laundering, financial and credit checks, audit requirements, fraud and crime prevention and detection, and record keeping. This may include automated checks of personal data you or your organisation provide about your identity against relevant databases, and contacting you to confirm your identity, or making records of our communications with you for compliance purposes
- To analyse and improve our services and promote our business, such as by sending you publications and invites
- To protect the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities
- For insurance purposes
- Where applicable, and only as permitted by law with respect to the specific category of personal data, to assess your application to join us
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies
- To comply with court orders and to exercise and/or defend our legal rights
- To assist or enhance your experience at an event; for example, details of your dietary requirements
- To help us manage health and safety risks to employees and visitors to our offices
- To personalise and foster the quality of our communications and interaction with you
- If you use our legal services, we may share your contact details and limited information about our services to you or your organisation with legal directories or other promotional publications or communications, in order to promote our business. We will only share your name and contact details. We may, where permitted by our professional confidentiality obligations, disclose information about our clients to third parties in connection with a transaction, such as a merger, or acquisition of all or a portion of our business, or our acquisition of another business
- For any other purposes related and/or ancillary to any of the above, or any other purposes for which your personal data was provided to us
- For our recruitment
Legal justification for our use of your personal data
We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
- Because it is necessary for us to do so to perform your instructions or another contract with you or your organisation
- To comply with our legal obligations, as well as to keep records of our compliance processes or tax records
- Because our legitimate interests, or those of a third-party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms
- Because you have expressly given us your consent to process your personal data in that manner
Legal basis in detail
Marketing. We will only provide you with marketing-related information after you have, where legally required to do so, opted-in to receive those communications. If you have not opted-in to our providing you with information promoting our business, we will use your personal information for our legitimate interests, provided that those interests are not overridden by your interests or fundamental rights and freedoms (e.g. if you are a client for news and updates on legal matters). We will give you the opportunity to opt out at any time.
Legal Services. If we are providing you (or your organisation) with legal services, our processing will be necessary for the performance of a contract between you or your organisation and us. Prior to entering into a contract and/or to taking steps at your request or at the request of your organisation before we provide legal services, the processing is necessary for our legitimate interests and those of our clients or prospective clients to assist us in providing the legal services. Our processing is for our legitimate interests in ensuring compliance with our legal and professional obligations or to protect our business. In all cases in which our legal basis for processing is due to our legitimate interests or those of our clients or prospective clients, we will use your personal information for our legitimate interests, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
Recruitment. Where you apply to join us, we will only process your personal data based on your consent as part of the assessment of your suitability for any position for which you may apply at Reed Smith. We may use information collected throughout the recruitment process to review Reed Smith's equal opportunities profile in accordance with applicable legislation.
Business partners. If you are engaged by us to provide services or supplies, or if you wish to be, our processing your personal data will be necessary for the performance of a contract, or for our legitimate interests.
We will not use your personal data for making any automated decisions affecting or creating profiles other than as described above.
Sharing and transferring your personal information
As an international law firm, Reed Smith entities and our service providers are located in numerous locations. We share information, including personal information, within the Reed Smith entities, and third parties engaged by us to collect information (for example, your access to our email marketing). We set out below further details of the ways we may share your personal data with:
- Third parties, including certain service providers we have retained in connection with the legal services we provide, such as other lawyers, consultants, mediators, or translators, couriers, or other necessary entities
- A client, if we have collected your personal data in the course of providing legal services to that client, and where permitted by law to others for the purpose of providing those services
- Third parties, on a confidential basis, to help us measure our performance and to improve and promote our services
- Companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes, and companies providing similar services, including financial institutions, credit reference agencies, and regulatory bodies with whom such personal data is shared
- Courts, law enforcement authorities, regulators, government officials or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
- Service providers which we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only
- Prospective sellers or buyers of any business or assets to which we might assign or novate any of our rights and obligations; in such case we may disclose your personal data to the prospective seller or buyer of such business or assets.
We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.
How long do we keep your personal data?
Your personal information will be retained in accordance with our data retention policy which categorises all of the information held by Reed Smith, and specifies the appropriate retention period for each category of data. Those periods are determined by the purpose for which the information is collected and used, taking into account the applicable data protection laws in the jurisdictions concerned, legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, and Reed Smith’s business requirements.
You agree that if we hold your personal data for the purposes of compliance with our anti-money-laundering legal obligations, we may retain that information for a period beyond the time period specified by applicable laws.
Data protection laws including but not limited to the GDPR, the PDPO and the PDPA) provide certain rights for data subjects. Your rights will depend on the laws which apply to you and us, but you may have some of all of the following rights:
- To request details of the information we hold about you and how we process it
- To have the personal data we hold rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation
- To lodge a complaint in relation to our use of your personal information with a local supervisory authority (including but not limited to the Information Commissioner (UK), the Office of the Privacy Commissioner for Personal Data of Hong Kong, and the Personal Data Commission of Singapore).
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal information’) or that you may not be able to make use of the services and products offered by Reed Smith. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations. If you have provided your consent and wish to withdraw your consent, please follow the opt-out links on any marketing message sent to you, or contact Reed Smith.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
We must ensure that your personal information is accurate and up to date, where relevant. Therefore, please advise us of any changes to your information by emailing us.
Reed Smith entities
In the United States - Reed Smith LLP, a limited liability partnership under the laws of the State of Delaware and Gravity Stack Ltd.
In Brussels and Germany, a branch of Reed Smith LLP of Delaware, USA.
In the UK, one of, depending on our services – Reed Smith LLP, a limited liability partnership registered in England and Wales, Beaufort Trust Corporation Limited and Independent Pension Trustee Ltd (which provide pension and trustee services in the UK), and Reed Smith Corporate Services Limited
In Greece, France, Dubai and Abu Dhabi, and China - Reed Smith LLP, a limited liability partnership registered in England and Wales.
In Singapore - Reed Smith Pte. Ltd, a private Singapore registered company.
In Kazakhstan - Reed Smith LLP, a Kazakhstan registered limited liability partnership.
In Hong Kong - Reed Smith Richards Butler (a Hong Kong general partnership) and RSRB Secretariat Ltd.
California privacy rights
Your rights under the CCPA
For purposes of this section, the term Personal Information means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including without limitation any information that is subject to applicable data protection laws, as defined under the California Consumer Privacy Act, California Civil Code section 1798.100 et seq., as amended (CCPA).
No sale of Personal Information: We do not sell Personal Information.
Access to specific information and data portability rights: You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that companies disclose certain information to you about their collection and use of your Personal Information over the past 12 months. This right of access includes information about:
- The categories of Personal Information we collected about you
- The categories of sources for the Personal Information we collected about you
- Our business or commercial purpose for collecting that Personal Information
- The categories of third parties with whom we share that Personal Information
- The categories of Personal Information that each recipient received
- The specific pieces of Personal Information we collected about you
Deletion request rights: You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that a company delete any of your Personal Information that it has collected from you and retained, subject to certain exceptions.
Exercising access, data portability, and deletion rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by contacting us via the information provided below, or calling us toll-free at +1 800 288 7776.
The verifiable consumer request must:
- Provide sufficient information that allows us to verify, to a reasonably high degree of certainty, that you are the person about whom we collected Personal Information. This may include requesting that you provide us with at least two or more pieces of Personal Information to match against Personal Information about you that we may or may not maintain and which we have determined to be reliable for the purpose of verification.
- Describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
Authorized Agent: Only you, or a person you have designated in writing as your authorized agent, or who is registered with the California Secretary of State to act on your behalf, or to whom you have provided power of attorney pursuant to California Probate Code sections 4000 to 4465 (Authorized Agent) may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
If you wish to have an Authorized Agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your Authorized Agent and we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we collected Personal Information.
Non-discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights.
Your rights under the California “Shine the Light” law
Websites operated by Reed Smith currently do not respond to “do not track” signals or similar mechanisms.
If you are a California resident, California Civil Code section 1798.83 permits you to request a list of all third parties to which we, during the immediately preceding calendar year, have disclosed certain personal information for direct marketing purposes. We do not share personal information about you with any third parties for their own marketing purposes. We are only required to respond to such a request once during any calendar year. To make such a request, you should send a letter to the address listed below. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information sharing that is covered will be included in our response.
How to submit requests or contact us with questions
To make a request regarding your rights under California law, please send an email to our designated privacy administrator or write to us at the following address:
Reed Smith LLP
Three Logan Square
1717 Arch Street, Suite 3100
Philadelphia, PA 19103
Attn: California Privacy Rights
For information on how the notary practice of Reed Smith in Germany processes personal data (if you are formally or materially involved in a notarial procedure) please read our information on data processing in the notary's offices.
© Reed Smith LLP 2020.