In this Privacy statement, we set out how Harneys collect and process your personal data and what rights you have in relation to the personal data we hold and process in connection with:
- Client engagement
- Job application/ recruitment services
- Supplier provision of services
What is personal data?
Personal data is defined as any information relating to an identified or identifiable natural person – a “data subject”.
Who decides why and how we process your personal data?
Harneys determines why and how we process your personal data. Harneys consists of Harney Westwood & Riegels International, Harney Westwood & Riegels LP, Harney Westwood & Riegels (Cayman), Harney Westwood & Riegels LLP, Harney Westwood & Riegels (Hong Kong), Harney Westwood & Riegels Singapore LLP, Aristodemou Loizides Yiolitis LLC (practising as Harneys), Harney Westwood & Riegels SARL, Harneys Fiduciary Limited, Harneys Fiduciary Cyprus Limited and each of their subsidiaries. In each case, your personal data will be controlled by the Harneys entity (ies) which you have given instructions to, or with which you are otherwise dealing with or receiving communications from or the Harneys entity which provides services to a third party which you are associated with, for example a company of which you are a director or shareholder.
What personal data might we collect?
We collect different types of personal data for different reasons. This may include:
Identification and Contact information: Information such as your name, passport details, date of birth, educational background, employment and professional history, job title, postal address, home address where you provide this to us, business address, telephone number, mobile number, and email address and other information concerning your preferences.
Financial and Payment data: Data necessary for us to process payments and implement fraud prevention measures, including bank account, credit/debit card numbers, security code numbers and other such relevant billing details.
Business details: Business information which we necessarily process as part of our instructions or projects we are involved in or otherwise provided by you voluntarily.
Compliance details: Information we are legally required to collect for compliance purposes, such as customer/client due diligence information, details relevant to anti-money laundering laws and regulations, international sanctions and restrictive measures and information about relevant and significant litigation, which may impact our ability to act.
Marketing and communication preferences: Information about your preferences, where it is relevant to the services we provide.
Technical/Platform information: This includes information collected when you visit our website or client portal services which we offer or which you have agreed to use. This data relates to your internet protocol (IP) address, device type, operating system and platform, time zone, browser type and version, your username and password, and other related log-in details for platforms maintained by Harneys, where you have access to any services.
Publicly available information: Information collected from publicly available resources, including but not limited to information collected from databases we use to carry out compliance checks or credit rating agencies.
Statutory Register Information: Information about you on account of an interest or office you may hold in or certain relationships you may have with a corporate entity, partnership, trust or other vehicle to which we provide services (each such entity, a Third Party Entity).
Details for events: In some cases, we may collect information about you, which may include sensitive information in relation to your health, for the purpose of tailoring our events to your needs. The processing of such data is based entirely on your consent. In the event that you do not want us to maintain such data, we may not be able to take the necessary precautions.
Sensitive/Special Category Information: Such information is processed when permitted by law under a legal or regulatory obligation to do so or where you have provided us with the information as is necessary for the service we are providing to you.
When do we collect your personal data?
We may collect personal data about you in various cases, such as:
- When you or your organisation seek our services (ie legal advice or our fiduciary services), or use any of our online client services;
- When you or your organisation make an enquiry through our website, in person, over email or over the telephone;
- When you attend a Harneys seminar or other events we may organise, or sign up to receive communications from us, including training;
- When you or your organisation provide information to us in connection with services to be provided to you (eg. billing and due diligence)
- When you provide your information for recruitment purposes
- When a Third Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third Party Entity; or
- When you or your organisation provide services to us, or otherwise offer to do so.
In some circumstances, we may collect personal data about you from third parties. For example, we may collect personal data from your organisation, other organisations with whom you have dealings including Third Party Entities, government agencies, a credit reporting agency, an information or service provider or from a publicly available record.
How will we use your personal data?
We will use your personal data for the following purposes (Permitted Purposes):
- To provide legal advice or other services or things you may have requested, including online or legal technology services or solutions, as instructed or requested by you or your organisation;
- To manage and administer your or your organisation's business relationship with us, including processing payments, accounting, auditing, billing and collection or support services;
- For compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (such as under antitrust laws, export controls, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
- To provide updates, reminders, requests and directions relevant to the role or capacity in which you are interested in a Third Party Entity.
- To analyse and improve our services and communications to you;
- To protect the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and to detect security threats, fraud or other criminal or malicious activities;
- For insurance purposes;
- To monitor and assess compliance with our policies and standards;
- To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory, law enforcement and tax reporting bodies;
- On instruction or request from your organisation or a relevant Third Party Entity;
- To communicate with you through the channels you have approved to keep you up to date on the latest legal developments, announcements, and other information about our services, products and technologies, including client briefings, newsletters and other information, as well as events and projects we may organise;
- To comply with court orders and exercises and/or defend our legal rights; and
- For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
- For customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events; or
- To collect information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
With regard to newsletters, legal updates and other general communications, we will, where legally required, only provide you with such information if you have opted in. You have the opportunity to opt out of receiving such communications at any time. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
What is our legal basis for processing your personal data?
Depending on for which of the above Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:
- Consent: where we ask for your consent to process your personal data;
- Contractual obligation: where the data need to be processed to carry out the performance of the contract we have entered into with you, or to take the necessary steps at your request before entering into a contract;
- Legitimate interest: where processing is necessary for the purpose of the legitimate interests pursued by Harneys or by a third, party. This is only used in jurisdiction where allowed and assessments are carried out to ensure your rights to privacy is considered and balance any potential impact on your fundamental rights and freedoms;
- Legal obligation: there is an obligation to carry out the processing to comply with a legal or regulatory obligation that the firm is subject to.
How will we share your personal data?
We may share your personal data in the following circumstances:
- We may share your personal data between Harneys entities on a confidential basis where this is required for the purpose of providing legal advice or other products and services, as well as for administrative, billing and other business purposes. Please see here and here for a list of the countries in which the Harneys entities are located;
- If you are a Harneys client, or you are otherwise contracted by, are an agent of, or otherwise represent a Harneys client, we may disclose your personal data to:
- Other legal specialists (including mediators), consultants or experts engaged in your matter; or
- Foreign law firms for the purpose of obtaining foreign legal advice, as may be relevant; or,
- Competent Authorities (law enforcement agencies, statutory regulators, supervisors, authorities) after a legitimate request for information
- If we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
- We may disclose your contact details on a confidential basis to third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve and promote our services;
- We may share your personal data with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
- We may share your personal data with any third party to whom we assign or novate any of our rights or obligations;
- We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
- We may also instruct service providers within or outside Harneys, domestically or abroad, eg shared service centres, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Harneys will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
- We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.
We will otherwise only disclose your personal data when you direct us or give us permission to do so, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
Specifically in relation to Harneys’ operations in Luxembourg, we shall ensure that adequate restrictions on information access are in place in accordance with Luxembourg Bar requirements (such as encryption tools and access permissions).
Can you refuse to share your personal data with us?
In general, we receive your personal data where you provide this on a voluntary basis, and there will typically be no detrimental effect for you if you wish not to provide this or otherwise withhold your consent for it to be processed. However, there are certain cases where we will unfortunately be unable to act without receiving such data, for example where we need to carry out legally required compliance screening or require such data to process your instructions or orders, or otherwise to provide you with our online services or communications.
Where it is not possible for us to provide you with what you request without the relevant personal data, we will let you know accordingly.
How do we keep your personal data safe?
We take appropriate technical and organisational measures to keep your personal data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of personal data. We may keep your personal data in our electronic systems, in the systems of our contractors, or in paper files.
Personal data we receive from you about other people
Where you provide us with the personal data of other people, such as your employees, directors of your companies, or other persons you may have dealings with, you must ensure that you are entitled to disclose that personal data to us and furthermore that, without being required to take further steps, we can collect, use and disclose that data in the manner described in this policy. More specifically, you must ensure that the individual whose personal data you are sharing with us is aware of the matters discussed in this Privacy Statement, as these are relevant to that individual, including our identity, how to get in touch with us, the purposes for which we collect data, our disclosure practices, and the rights of the individual in relation to our holding of the data.
Transfers of personal data abroad
Harneys is active across the world. This means that we may transfer your personal data abroad if required to do so for the Permitted Purposes. In certain cases, this may include transferring data to countries which do not offer the same level of protection as the laws of your country (such as for example the data protection legislation of the EU/EEA).
When making such transfers, we will ensure that they are subject to appropriate safeguards in accordance with the General Data Protection Regulation (Regulation 2016/679) or other relevant data protection legislation. This may include entering into the EU Commission’s Standard Contractual Clauses. Please get in touch at email@example.com if you wish to obtain further information on the appropriate safeguards which we are adhering to.
All entities and offices within Harneys will ensure an adequate level of protection for your personal data at all times.
For Shanghai client matters, this data is retained within PRC in compliance with PRC Personal Information Protection and Data Security Law.
How long do we keep your personal data?
We delete your personal data once it is no longer reasonably necessary for us to keep it for the Permitted Purposes, or, where we have relied on your consent to keep your personal data, once you withdraw your consent for us to do so, and we are not otherwise legally permitted or required to keep the data.
Importantly, Harneys will keep your personal data as necessary for the purposes of defending or making legal claims until the end of the period during which we may retain the data and otherwise until the settlement of any such claims, as relevant. We may also retain your information for archiving purposes.
What rights do you have?
Subject to certain conditions under applicable legislation, you have the right to:
- Right of access and rectification: you have the right to request a copy of the personal data which we hold about you and have any inaccurate data corrected;
- Right to object or restrict our use of your personal data: In certain instances, you may object or request restriction on the processing of your personal data. We will make a new determination of whether your data should no longer be used or restricted and cease processing if your interest outweighs our interest. Where possible, we will oblige with your request or inform you of why the request cannot be satisfied stating our reason.
- Right to not be subject to fully automated decision-making: Harneys does not process your personal data using automated means.
- Right to data portability: You have the right to request that personal data be provided to you, or to another data controller, in a commonly used, machine-readable format.
- Right to transparency of information: You are entitled to clear and transparent information about the processing of your data.
- Right to be forgotten: If you object to the processing of your data, you can ask for the data we hold to be deleted. An example is if the processing is not legitimate or no longer necessary for the purposes for which the data was collected. Upon receipt of request, your data will be deleted providing there is no legal obligation to retain the information.
- Submit a complaint if you have concerns about the way in which we are handling your data.
To do any of the above, please contact us at firstname.lastname@example.org. To enable us to process your request, we may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification. This is to ensure that we appropriately protect the personal data we hold from unauthorised access requests and comply with our security obligations.
We may charge you a reasonable administrative fee for any unreasonable or excessive requests we may receive, and for any additional copies of the data you may request.
Correcting and updating your personal data
Where any personal data you have provided us with has changed, or where you believe the personal data we hold is inaccurate, please let us know at email@example.com. In addition, please note that if you hold an office or are interested in or have certain relationships with a Third Party Entity to which we provide services, you and/or the Third Party Entity may have a contractual or legal obligation to notify us of any change within a prescribed time period. We cannot be responsible for any loss that may arise due to us having any inaccurate, incomplete, inauthentic or otherwise deficient personal data which you or a Third Party Entity have provided to us. Please also let us know if you wish to withdraw any request.
If you have any concerns or complaints about Harneys processing of your personal data, we encourage that you contact us initially as we aim to satisfactorily resolve any concerns or complaints you may have in relation to the processing of your personal data.
However, you may directly report any concerns to your local data protection authority, where you can also find out more information about your rights under applicable data protection law, or make a formal complaint.
We may store cookies on your devices for the purposes of delivering a better user experience for you on our websites. Please see our Cookies Notice.
Get in touch
We would be happy to hear your views about our website and this Privacy Statement. Please let us know any questions, comments or clarifications you may have at firstname.lastname@example.org or send us a letter at FAO Data Protection Officer, Harney Westwood & Riegels LLP, 4th Floor, South Quay Building, 77 Marsh Wall, London E14 9SH, United Kingdom.
Changes to our Privacy Statement
This Privacy Statement was last updated on 25 October 2022. We have the right to update the contents of this Privacy Statement from time to time to reflect any changes in the way in which we process your personal data or to reflect legal requirements as these may change. In case of updates, we will post the revised Privacy Statement on our website. Changes will take effect as soon as the revised version is made available on our websites.