Clifford Chance

Legal statements

Find a Lawyer

Clifford Chance is committed to respecting and protecting your privacy. We comply with the European Data Protection regulation (EU 2016/679) and the local laws applicable in the various countries in which we operate.

In this notice, we will tell you in detail how we use, share and your personal information and explain your rights regarding how we use your personal information.

Who we are

Clifford Chance is a global law firm with its headquarters in London. Clifford Chance LLP controls the collection and processing of any personal data that you provide to us in relation to this website. Where services are provided to you by other entities within the Clifford Chance group, the entity providing the service will be responsible for your personal data. This notice applies to all such entities. You can find details of our local entities in our office directory.

You can also contact the the Data Privacy team or the Website Feedback team if you have an enquiry or question.

Personal data that we collect

"Personal data" is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The personal data that we collect, and how we collect it, depends upon how you interact with us. Categories of personal data that we collect include:

  • Contact information such as name, email address and telephone number
  • Biographical information such as job title, employer, photograph and video or audio content including you
  • Marketing, communication preferences and related information such as meal preferences, feedback and survey responses
  • Billing and financial information such as billing address, bank account and payment information
  • Services information such as details of services that we have purchased from you
  • Special categories of data such as race and ethnicity, trade union membership, information about health or information, political opinions or religious beliefs
  • Information relating to children or regarding criminal matters

Personal data we collect from you

We collect personal data directly from you as follows:

  • When you sign up to receive news services, use a toolkit or register for one of our online services, we will ask you provide your contact and other relevant information, as well as your communication preferences.
  • When you register to attend one of our events, we will ask you to provide your contact, guest and other relevant information including meal preferences.
  • When you use our website or one of our online services we collect information about your visit and how you interact with our website.
  • When a client uses our legal services, we will ask for the information that we need to provide those services; this information includes contact details, billing information, information necessary to conduct pre-clearance checks and information relevant to the services we provide. Information provided by a client may include personal data that relates to persons whose information is relevant to the instruction; for example when we advise on a business transaction or a regulatory investigation or represent a client in a legal dispute.
  • When you apply for a job with us we will ask you for information relevant to your application. We ask all applicants to apply via our recruitment system where a specific privacy notice is available.
  • If you visit one of our buildings we may collect information that we need in order to identify you and complete necessary security checks. We may also collect your image on CCTV.

If you provide information to us about another person, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and to allow us, where necessary, to share that information with our service providers.

Information we collect from third parties

Most of the personal data that we collect about you will be information that you provide to us voluntarily. In some circumstances we may also receive information from:

  • other Clifford Chance entities
  • our clients, when we handle personal data on their behalf
  • regulatory bodies
  • credit reference agencies
  • other companies providing services to us.

Some of these third party sources may include publically available sources of information.

We will also receive information about you from Google Analytics, a web analytics service provided by Google, Inc. ("Google") whose servers are in the United States of America. Google Analytics uses cookies to help us analyse how users use our site.

Data we collect automatically

When you visit one of our websites, we automatically collect, store and use technical information about your equipment and interaction with our website. This information is sent from your computer to us using a variety of cookies.

Click here for more information about our use of cookies and how to disable them.

How we use your personal data

We will only use your personal data fairly and where we have a lawful reason to do so.

We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest, if it is fair and reasonable to do so.

Our use of your personal data depends on how and where you interact with us. Click here for a list of the ways that we use your personal data, and which of the reasons we rely on to do so.

We will only process special category data where the processing is necessary for the purposes of providing our client with advice regarding obligations or an individual with advice regarding their rights in the field of employment or social security; or where it is necessary to do so in order to establish, exercise or defend legal claims.

Please contact the Data Privacy team if you have any questions about how we collect and use your personal data. 

Sharing and transferring your data

We treat your personal data with respect and do not share it with third parties except as described below.

  • We may disclose your personal data to other Clifford Chance entities for the purpose of our internal business processes (such as administration and billing) and for the purpose of providing legal advice and services. When we provide personal data to Clifford Chance entities outside of the EU and EEA, we have in place an intra-group transfer agreement in the form approved by the European Commission. Where it is necessary to transfer data from any Clifford Chance entity outside of the EU and EEA, we will comply with any transfer requirements applicable under local law.
  • We may disclose personal data relating to our clients, their employees and agents to other legal specialists including barristers, mediators, arbitrators, consultants or experts engaged in a matter. We may also disclose personal data to third party law firms for the purpose of obtaining foreign legal advice. 
  • We may share personal data with our suppliers and service providers including event organisers and partners and document production and management services
  • We may share personal information when necessary with law enforcement and regulatory authorities
  • We may also share your personal data when you have consented to us doing so.

We will only transfer your personal data outside of the European region under the following circumstances:

  • where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data
  • with your consent or
  • on the basis that the transfer is compliant with the GDPR and other applicable laws.

Please contact the Data Privacy Team if you have any questions about how we share or transfer your personal data. 

How we protect your personal data

We protect your personal data and implement appropriate technical and organisational security measures to protect it against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage

We have robust information security management systems in place to protect your personal data, having been one of the first global law firms to be certified to the ISO27001 security standard. ISO27001 is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management.

Please contact the Data Privacy Team if you have any questions about how we share or transfer your personal data.

Keeping your personal data

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.

Please contact the Data Privacy Team if you have any questions about how we share or transfer your personal data.

Your rights regarding your personal data

You have certain rights regarding how we use and keep your personal data. These are:

  • you can require us, to update or correct any inaccurate personal data, or to complete any incomplete personal data, concerning you. If you do, we will take reasonable steps to check the accuracy of, and correct the information. Please let us know if any of your information changes so that we can keep it accurate and up to date;
  • you can require us to stop processing your information for direct marketing purposes; if you withdraw your consent, we may not be able to provide certain products or services to you; and
  • you have the right to object to our use of your personal data more generally.

You may also have the right, in certain circumstances to:

  • be provided with a copy of any personal data that we hold about you, with certain related information. There are exceptions to this right; for example where information is legally privileged or if providing you with the information would reveal personal data about another person
  • to require us, without undue delay, to delete your personal data
  • to "restrict"  our use of your information, so that it can only continue subject to restrictions; and
  • to require personal data which you have provided to us and which are processed by using automated means, based on your consent or the performance of a contract with you, to be provided to you in machine readable format so that they can be "ported" to a replacement service provider.

You can exercise the above rights, where applicable by contacting the Data Privacy team. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.