King & Wood Mallesons (“KWM”, “we”, “us”, “our”) is committed to protecting your personal data. Please read this privacy notice carefully as it sets out how and why KWM uses your personal data when you access our website, services and/or otherwise engage with us, as well as explaining certain legal rights that you have under data protection laws.
If you have any questions or comments about this privacy notice, please find our contact details in section 10 “How can you contact us?”.
Note that we may change this privacy notice from time to time by updating this page. This privacy notice does not apply to any third-party websites, plug-ins or applications to which you may be directed from our website. Clicking on those links or enabling those connections may allow third parties to collect or share data about you and so we encourage you to read the privacy policies/notices on the other websites you visit. We do not accept any responsibility or liability for the privacy practices of such third parties and your use of them is at your own risk.
2. Who are we and who is responsible for your personal data?
KWM is an international law firm structured as a Swiss Verein, and as such is made up of a number of different entities. It has offices in numerous locations across the world, principally in Asia, Australia, Europe and North America. Further details can be found on our website. Our contact details can be found in section 10 of this privacy notice. Typically, the KWM entity that is legally responsible for handling your personal data will be the entity in the country where you are accessing our services and/or otherwise engaging with us.
3. What personal data do we collect about you and for what purposes?
We may collect personal data from you or individuals working for your organisation in various circumstances, including in the provision of legal services, use of our website, attendance at one of our events and/or where we otherwise engage with you, e.g. to procure a service for KWM etc. The personal data that we may collect and the reasons for using it will depend on the nature of your relationship with us but may include the types of information and purposes set out below.
a. Contact information
This includes personal data such as your name, title, position, the company you work for, your postal address, email address and phone number. We may also ask about your relationship to another person, for example to establish any conflict of interest that might exist. We require the above information in order to engage with you for business purposes.
b. Identification and verification
We may ask for your passport or other official photographic document to verify your identity, as well as other information relating to your background such as any directorships/financial interests you have. Aside from the data you provide to us directly, and in accordance with the local laws of the country where you are accessing our services, we may also find information about you from other sources, such as from tax authorities, carefully selected third party background screening providers (see section 5 below for more information on KWM’s use of third parties), and/or from publicly available registers/websites where you have voluntarily made your personal data available (e.g. LinkedIn). We require this information as part of our business acceptance processes and to comply with our legal obligations to prevent against money laundering, terrorism and fraud.
c. Payment details
Where we enter into a contract for our legal services directly with you rather than the corporate entity you work for/are associated with, we will need to collect and use your payment information, including your credit/debit card details. This type of personal data is processed strictly in accordance with relevant payment card industry standards.
We may collect basic contact information from you when you attend a meeting/event hosted at one of our offices. We use this information to identify you for building security and safety reasons, and so that we can invite you to future events/meetings (see section 3(f) on marketing below).
However, you may also wish to inform us of any specific dietary requirements and/or tell us about any disabilities you have so that we can make the reasonable adjustments you require to facilitate your attendance at the meeting/event. In certain countries, such details fall into the category of personal data that data protection law considers to be inherently sensitive, as it relates to your health/disability and/or potentially your religion (where you request a kosher food option for example). This type of information is purely optional, so you do not have to provide it to us if you do not wish to. If you have a food allergy and choose not to disclose it we cannot be responsible for any harm caused. For more information about the legal bases which we rely on to use this specific type of personal data, please see section 4, “On what legal basis do we use your personal data?” below.
e. Automated interactions
As you interact with our website, we may automatically collect personal data from your device by using cookies and other similar technologies. Processing such information is necessary for us to pursue our legitimate interests in improving our website and providing a more relevant service to our clients. This information is not used to develop a personal profile of you. For further details, please see our cookies policy.
f. Marketing and information gathered through our website
Certain sections of our website, including our blogs, invite you to request publications, newsletters and alerts, subscribe to receive invitations to events, seminars and webinars, take part in client surveys and to receive KWM announcements. If you do so, we will collect some or all of the following information: your name, business email address, job title, organisation name and company address. Our systems will recognise you as a user and based on the content you view/request, we will strive to provide material that is relevant to you and your interests. We may also collect this information about you where you have physically attended an event, meeting or seminar hosted by KWM, so that we can invite you again in the future.
Note that you can opt out of receiving marketing communications at any time. For further information, please see section 9, “What are your rights over your personal data?”, of this privacy notice.
KWM will collect and use your personal data when you apply for a job with us. We may receive information about you through a recruitment agency or directly from you where you complete an online job application form via the careers section of the KWM website. The personal data will include information relating to your education, employment history and other background information such as your right to work in the country where you are applying to work etc. For further information about how KWM collects and uses your personal data in the recruitment context, please see our privacy notice for prospective employees.
h. Indirect collection of personal data
Sometimes we may have access to and use personal data of individuals with whom we do not have any direct contact. For example, if we are providing advice to a client relating to the acquisition of another company, we may use personal data relating to the seller’s employees. In circumstances such as these, it may not be appropriate for us to provide the individuals concerned with a privacy notice that sets out how we use their personal data as doing so may breach client confidentiality. Nevertheless, KWM handles such personal data in accordance with applicable data protection laws.
The term “profiling” refers to where your personal data is used for solely automated processing to evaluate or predict certain aspects about you without human assessment. KWM does not currently do any profiling using personal data. Should KWM decide to use completely automated processes in the future, e.g. to market its services more efficiently, we will notify you if it is likely to have a significant effect on you and you will have the right to object to this type of processing (see section 9 “What are your rights over your personal data?” below).
4. On what legal basis do we use your personal data?
In some countries we are required to inform you of the legal basis permitting us to collect and handle your personal data and so we have set out the main legal grounds that KWM relies on. In general, we need the above-mentioned personal data because it is necessary in KWM’s legitimate interests to provide its services to/otherwise engage with you and to develop its business, but only in circumstances where these interests are not outweighed by the need to protect your privacy.
Alternatively, it may be necessary for KWM to collect and use personal data to perform a contract with you or your organisation. For example, your instruction to us may contain personal data of staff, customers and/or other third parties. Without this information, we cannot enter into the contract.
Otherwise, it may be the case that we rely on the ‘legal obligations’ ground, i.e. it is necessary for KWM to collect certain personal data to comply with legal requirements placed on us. For example, in order to comply with anti-money laundering laws, we need to obtain the identity of relevant individuals and conduct certain background checks on them (which could also include sensitive information such as political allegiances or criminal convictions etc.) when we onboard new clients.
If KWM cannot lawfully handle personal data on the above or other permitted grounds under data protection laws or where it is mandatory in a particular country that we operate in, we may need to get your express consent to be able to do so. This might be the case where KWM collects information that the data protection laws of certain countries consider to be inherently sensitive. For example, where you tell us about your dietary requirements so that we can cater to your specific health or religious requirements, or where you ask us to make adjustments to accommodate your disability etc. Please note that you may withdraw consent at any time after you have given it. This would not affect the lawfulness of KWM’s prior use of that data. In certain situations, however, withdrawing consent might impact KWM’s ability to provide services to/otherwise engage with you.
5. Who do we share your personal data with?
We may share information that you have provided to us as necessary with certain third parties such as service providers acting on our behalf who will use the data to provide the service. These may include insurers, IT service providers, background screening providers, barristers, translators, accountants, tax advisers and catering service providers etc. We will ensure that any third-party service provider that we use commits to an appropriate level of security and confidentiality to protect your personal data.
We may also share your personal data with a purchaser or potential purchaser of our business and in some circumstances, we may have to disclose your personal information for legal or regulatory purposes, such as where a court, the police or other law enforcement agency or regulatory body has asked us for it.
6. Is your personal data transferred overseas?
Due to the global nature of KWM’s business operations, it may be necessary to send your personal data to other overseas KWM offices or third parties (as per section 5 “Who do we share your personal data with?” above), unless we have specifically agreed to retain your personal data within a particular jurisdiction. This may be the case where your instructions require an opinion from a local law expert in another jurisdiction, or else because KWM has centralised the management/administration of its processes in another country for efficiency (for example, our website is hosted on Microsoft Azure servers in China and Hong Kong).
Some of the countries where your personal data is transferred have a different standard of data protection than the country in which you are situated. However, we have put in place contractual or other appropriate protections to ensure that your information is safeguarded to the same standards globally.
7. How do we keep your personal data secure?
We are committed to ensuring that any personal data that we hold about you is kept securely in accordance with our policies and procedures. These include appropriate physical and technological security measures, such as access controls, regular penetration testing of our systems and careful selection of staff and third-party service providers.
8. How long will we keep your personal data?
Your personal data will be retained in line with legal and regulatory retention periods. At the end of any retention period, your personal data will either be securely deleted in its entirety or anonymised so that you can no longer be identified from that data. We aggregate such anonymised data for statistical analysis and business planning.
9. What are your rights over your personal data?
Depending on the country where you are based and subject to certain exceptions and limitations you may have various legal rights in relation to your personal data, as set out in this section.
Such rights may allow you to ask KWM to:
- provide a copy of your personal data (subject to the privacy rights of other people and the information already provided to you in applicable privacy notices);
- correct any inaccuracies in your personal data by informing us to make the necessary changes;
- modify or withdraw your consent for the collection, use and disclosure of your personal data (see section 4 “On what legal basis do we use your personal data?” above);
- delete your personal data where there is no lawful justification for KWM to retain it;
- put the processing of your data on hold while, or until such time as:
transfer your personal data to you or another organisation in a commonly used electronic format (known as the right to data portability).
- KWM verifies any inaccuracies in your personal data that you notify us of; or
- we respond to a claim by you that KWM’s legitimate interests in processing your personal data are outweighed by your interests in the data not being processed; and
You also may have the right to object to the processing of your personal information, including in the event that we use it for profiling purposes, where KWM does this:
- for the purposes of its legitimate interests or those of a third party; or
- on the basis that it is acting in the public interest; or
- for direct marketing purposes.
If you lodge an objection on the last of these three grounds KWM will simply stop processing your personal data for marketing purposes (and any associated profiling). In the other two cases KWM will stop processing the relevant data unless we identify compelling legitimate grounds for the processing which override your rights and interests or else we need to process the data in connection with a legal claim.
You may exercise or enquire about the above rights by contacting KWM’s data protection team (see section 10 “How can you contact us?” below).
10. How can you contact us?
We hope this privacy notice has been helpful in setting out the way we handle your personal data and your rights to control it. This privacy notice sets out most of your rights under relevant laws, but not necessarily every right you have.
If you have any concerns, requests related to, among others, the exercise of your rights, complaints or questions that haven’t been covered, please contact us by emailing firstname.lastname@example.org.
You may have a right to make a complaint to the relevant data protection authority (“DPA”) at any time. We would appreciate the chance to understand your concerns in the first instance before your contact the DPA, however.
Click on the relevant country below to access the website of the DPA responsible for overseeing that country’s data protection compliance:
Belgium: Commissie voor de bescherming van de persoonlijke levenssfeer
Germany (Hesse): Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Italy: Garante per la Protezione dei Dati Personali
Spain: Agencia Espanola de Proteccion De Datos
United Kingdom: Information Commissioner’s Office (ICO)
b. Rest of World
Australia: Office of the Australian Information Commissioner (OAIC)
China: Cyberspace Administration of China
Hong Kong: Privacy Commissioner for Personal Data
Japan: Personal Information Protection Commission
Singapore: Personal Data Protection Commission
UAE – Dubai (DIFC): Commissioner of Data Protection (CDP)
12. Changes to this privacy notice
This privacy notice was last updated in March 2021. We may change this privacy notice from time to time by updating this page.