27 August 2020
Crefovi SELAS (‟Crefovi” or ‟the firm”) is committed to collecting, maintaining and using personal information about our clients and business contacts responsibly. The provisions of data protection laws in Europe, and elsewhere, impose strict conditions on the firm. Crefovi has made a commitment through our Binding Corporate Rules (‟BCRs”) to apply a consistent standard across the firm when collecting, using and managing personal information. You can find out more about our BCRs below. See Section 5 (International transfers).
This privacy notice explains how we may collect, use and disclose information about clients and other business and firm contacts, and describes the rights you may have in respect of your own personal information. Please read it carefully.
1. Who we are
Crefovi operates worldwide as a ‟société d’exercice libéral par actions simplifiée” organised under the laws of France with affiliated branch conducting the practice in the United Kingdom.
Contact details for our offices around Europe can be found on our website crefovi.com. The data controller(s) in respect of your personal information, will be the Crefovi’s entity, or entities, with which you are dealing and/or Crefovi SELAS.
2. Who does this privacy notice apply to?
This notice applies to the individual client contacts with whom we deal, including prospective clients. It applies to personal information that is collected as part of our client on-boarding process and disengagement, as well as to the information gathered during the course of a client relationship.
It also applies to the personal information of employees at client entities and businesses and related contacts whose details we may receive as part of the provision of legal services. In these circumstances, our main client contact is responsible for ensuring that all affected individuals are made aware that their personal details will be provided to us and of the purposes for which we will use that information, for example by showing them a copy of this notice.
2.2. Business contacts
In addition, this notice covers the personal information of individuals who are not existing or former clients but who engage with the firm by signing up to receive communications such as email alerts and publications, or who attend events run by the firm (either alone or in conjunction with partner organisations).
2.3. Other firm contacts
This notice also covers the personal information of individuals that the firm has a business arrangement with, such as vendors, agents and adverse parties.
3. What information is covered?
In this privacy notice, ‟personal information” means any information (whether electronic or written) relating to an individual who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
It also includes special categories of personal information (‟special category data”) from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership of a trade union, physical or mental health or condition (including biometric and genetic data), sexual life/orientation, or judicial data (including information concerning the commission or alleged commission of a criminal offence and any sentence or penalty imposed).
Crefovi will only collect special category data if it is necessary for one of the purposes described below. Further information about when and why we may need to do this is set out in Section 4 (The information we collect and how we use it).
4. The information we collect and how we use it
Crefovi may use your personal information for a variety of purposes, as outlined in the following sections. The firm is committed to collecting and using only the personal information that is necessary for the provision of legal services to our clients; to establish and/or maintain its business relationship with business and/or firm contacts; and to keep individuals informed of services and events which it reasonably considers may be of interest to them and/or which they have otherwise confirmed their preferences to receive from Crefovi. Appendix 1 provides more detail about the purposes, the information we may collect, the source of the information and the legal authority relied upon by the firm.
In some cases, it will be mandatory for you to provide personal information to the firm, to enable us to provide services to you (or your employer), engage with you or to comply with the firm’s legal obligations.
4.1. Identity, conflicts, anti-money laundering and other checks
The firm collects a variety of information about clients and client contacts as part of our new client on-boarding process. This may be referred to as due diligence or ‟Know Your Client”. The checks may include some or all of the following:
- Identify verification: proof of name and address;
- Ultimate beneficial ownership of corporate and other legal entities;
- Conflict checks: to avoid a conflict of interest with any other client;
- Anti-money laundering, proceeds of crime and terrorist financing checks;
- Politically exposed persons checks: those with prominent roles in government, judiciary, courts, central banks, embassies, armed forces and state-owned enterprises, including their family members and close associates, and
- Government sanctions list checks.
These checks are made for legal, regulatory or business reasons and may need to be repeated during the course of our engagement. It is important that you provide us with all necessary information and documents or this may affect our ability to provide services.
We may use third party sources to obtain some of this information. Details can be found in Appendix 1.
4.2. Providing legal services
Crefovi may collect or generate additional details about you during the course of our engagement, for the purpose of providing legal services. As part of this we may collect information about employees of client organisations, for example when advising on a business sale, relocation programme or share scheme. In addition, we may collect information to build up a client profile, which could include information regarding pitches, fees, events attended and business development endeavours so we can track and understand the client relationship better.
We may also use your personal information:
- to administer our relationship and maintain contractual relations;
- for accounting and tax purposes;
- for marketing and business development;
- to comply with the firm’s regulatory obligations;
- to establish, exercise or defend legal rights;
- for the prevention and detection of crime, and
- for historical and statistical purposes.
4.3. Other business interactions
As part of your business or other commercial dealings with the firm, we may collect or generate details about you. We may use this personal information to administer our relationship and maintain contractual relations, for accounting and tax purposes and to comply with our regulatory obligations.
4.4. Information collected at our premises
If you visit our premises, your image may be captured on CCTV systems operated by the firm or the entity which manages our premises. Building access control systems may also capture the location, time and date of your entry and exit to our offices.
Where permitted by applicable law, Crefovi may record and/or monitor telephone calls made and received and electronic communications sent to or received by the firm’s networks in order to protect our business and verify compliance with our policies and relevant legal requirements. Any such recording and/or monitoring will be carried out for lawful business purposes and in accordance with applicable laws and regulations. This may include the following purposes:
- recording facts (including converting voice messages into text);
- establishing compliance with the firm’s policies and procedures;
- complying with applicable laws and regulations;
- for crime prevention and detection, and
- to monitor the effective use and operation of the firm’s networks and systems.
In order to communicate efficiently, correspondence and documents may be sent by unencrypted email. You will be aware that this is not guaranteed as a secure method of communication, nor are there any service standards for delivery. If you would prefer us not to use unencrypted email, please speak to your contact at the firm.
4.6. Marketing and business development
The firm collects information for marketing and business development purposes and as part of the general administration of client relationships. We may use some personal information for client entertainment purposes, including recording your interests and preferences.
We may use your personal details to send you information by email or post, or using social media or social networking sites, about our services, developments in law and practice, brochures, press releases, invitations to seminars and talks. You can select the practice areas and subjects you are interested in when you sign up on our website. You may update your preferences or opt out at any time. For more information on how to exercise your rights, see Section 10 (Your rights) below.
If you attend an event that is run by or in association with our law firm, we will collect contact details as part of event registration. This information may include dietary requirements and details of any health issues or disabilities which may impact upon your attendance at or participation in the event.
Where an event is run in association with a partner organisation or hosted at an external venue, we may need to share your personal details with the partner, event organiser or venue. Only the minimum information will be shared as necessary for the purposes of running the event.
If the event is run in association with a partner organisation, they will be responsible for informing you about any marketing they may wish to undertake and obtaining your consent where necessary.
5. International transfers
Crefovi is a European firm operating on a global basis. Like most international businesses, Crefovi has centralised certain aspects of its client administration and records management in France and the United Kingdom. In addition, where client projects span more than one jurisdiction, information will need to be accessed by all those within the firm who are working on the matter. As a result, your personal information may be transferred outside the country of origin (which includes transfers outside the European Economic Area (‟EEA”)) and may be accessed across the firm on a global basis.
Crefovi takes all necessary security and legal precautions to ensure the safety and integrity of personal information that is transferred with the firm. Crefovi has implemented BCRs which allow for global transfers within the firm of personal information originating in the EEA in accordance with applicable European Privacy Laws. The BCRs require all Crefovi entities and offices worldwide to use the same standards of protection for personal information. Your personal information will therefore be given the same level of protection, regardless of its location within the firm.
You can access the firm’s BCRs here.
Your personal information will also be accessed by Crefovi’s service providers, which may be located in the United States and other jurisdictions. For more information, see Section 7 (Service providers) below.
The firm may disclose your personal information (i) where this is necessary for the purposes described in Appendix 1, including within the firm itself; (ii) if required by applicable law; (iii) in connection with a reorganisation or combination of our firm with another firm; (iv) if we believe that such disclosure is necessary to enforce or apply terms of engagement and other agreements or otherwise protect and defend Crefovi’s rights, property or safety; (v) in order to comply with a judicial proceeding, court order or other legal obligation, or a regulatory or government inquiry, or (vi) with your consent.
We would like to draw particular attention to the fact that, in some jurisdictions, Crefovi has a legal obligation to report suspicious transactions and other activity to relevant regulatory authorities under anti-money laundering, terrorist financing, insider dealing or related legislation. The firm may also report suspected criminal activity to the police and other law enforcement bodies. We may not be permitted to inform you about this in advance of the disclosure, or at all.
Third party recipients of personal information relating to clients, business and firm contacts may include:
- tax and customs and excise authorities;
- regulatory and other professional bodies;
- stock exchange and listing authorities;
- public registries of company directors and shareholdings;
- providers of identity verification services;
- credit reference agencies;
- the courts, police and law enforcement agencies;
- government departments and agencies, and
- auditors and professional advisers (including professional indemnity insurers and advisers).
Crefovi will use all reasonable efforts to disclose the minimum personal information necessary in each case.
7. Service providers
Third parties providing services to Crefovi are referred to as ‟Vendors”. Crefovi will put in place contracts with Vendors which address the requirements of relevant privacy laws. Vendors will be required to use appropriate security measures to protect personal information and will be prohibited from using personal information other than as instructed by the firm.
Vendors who process personal information on behalf of the firm may be located in the United States, Europe or other countries around the world. Crefovi will ensure that Vendors comply with any applicable legal requirements for transferring personal information outside the jurisdiction in which it was originally collected. For data collected in the EEA, or which relates to data subjects in the EEA, Crefovi will require Vendors to execute the Standard Contractual Clauses for the transfer of personal information to third countries, as sanctioned under applicable European privacy laws.
If you would like more information about the Vendors we work with, please contact the Global data privacy officer.
8. Keeping your information up to date
Crefovi makes every effort to maintain the accuracy and completeness of the personal information held by the firm. To support us ensure we have the most up to date information about you, it is important that you inform us of any updates to your contact details or other personal information. Please contact your Client relationship partner, or the person you usually deal with at the firm. You can also contact Crefovi’s Global data privacy officer.
The firm will retain personal information only for as long as it is needed for the purposes described in Section 4 (The information we collect and how we use it) above. Note that retention periods may vary in different jurisdictions.
The retention period for client files is detailed in our client care and legal mission agreements.
We may need to retain information for significant periods of time in order to establish, exercise or defend our legal rights, and for archiving and historical purposes. Where possible and practical, personal information will be rendered anonymous through the removal, substitution or blocking of details which enable individuals to be identified.
10. Your rights
You have the following rights in relation to your personal information:
- to access the personal information held by Crefovi about you;
- to have your personal information corrected, for example if it is incomplete or incorrect;
- to opt out of receiving marketing communications at any time;
- in certain circumstances and subject to applicable law, the right to restrict or object to the processing of your personal information, or request that your personal information is erased;
- in certain circumstances and subject to applicable law, the right to receive a copy of the personal information which you have provided to the firm, in a structured, commonly used and machine-readable format (known as ‟data portability”);
- where you have provided personal information voluntarily, or otherwise consented to its use, the right to withdraw your consent, and
- the right to complain to the Data Protection Authority (see further below).
If you have a query about this statement, or wish to exercise your rights, please speak to your Client relationship partner or contact Crefovi’s Global data privacy officer.
Further information about making a complaint, either to Crefovi or to a Data Protection Authority, can be found in Crefovi’s Data privacy complaints procedure.