A transnational legal practice
The terms “Eptalex” and ”the firm” mean one or more Law Firms (“we”/”us”/”our”). Any reference to “partner” means the partner, member, consultant or employee with equivalent standing and qualifications in at least one Law Firm.
Any reference to an Eptalex “location” means any office, associate office, facility, associate firm, or entity with a special alliance with our international law firm.
Personal data is collected by each member of the Eptalex Group. In the European Union our representative (whose responsibility will be limited to representation, not including liability) is Mr. Jacopo Gasperi.
Data collection and processing
- Attendance records: to record your attendance at our offices for security purposes;
- Business information: to identify you regarding matters on which you instruct us which involve you;
- Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided), email and postal address;
- Criminal record data: where allowed by any applicable national law and where it is opportune to do so, such as existence of prior criminal offences (or confirmation of clean criminal record);
- Events data: attendance at and provision of feedback forms in relation to our events;
- Information in connection with investigations or proceedings: to conduct the investigation or proceedings, if so required;
- Information from open sources/public domain: e.g. LinkedIn and similar professional networks, directories or internet publications;
- Online data: in case you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network, such as for instance, information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, duration of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails. Eptalex reminds that personal data regarding your online activities across third party websites or online services are not collected;
- Social media: posts, Likes, tweets and other interactions with our social media presence;
- Special categories of personal data: such as disability or similar requirements for events and meetings. If you decide to not provide this information, we may not be able to respond to your particular needs or preferences;
- Subscriptions/preferences: in case you subscribe to receive legal briefings, updates or newsletters as well as consent preferences to allow us to identify which materials you are interested in receiving;
- Supplier data: contact details and other information about you or your company or organisation where you provide services to Eptalex;
- Technical information: in case you access this website and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari etc.), time zone setting, browser plug-in types and versions, operating system you are using (e.g. Vista, Windows XP, MacOS, etc), device type, hardware model, MAC address, unique identifiers and mobile network information.
Your communications with us
Use your personal data
- Business relationship: managing and maintaining our relationship with you, your company or organisation, including keeping records about business contacts, services and payments to customise our offering for you, develop our relationship and target our marketing;
- Client legal compliance: client due diligence (under anti-money laundering and other crime prevention and detection laws and regulatory requirements);
- Client surveys and feedback: including events feedback, client listening exercises, answering issues and concerns which may arise;
- Communication: sending emails, newsletters and other messages to inform you of any legal developments;
- Events: running legal briefings, seminars and other events;
- Legitimate interest: pursuing the legitimate business interests listed in the “Legitimate Interests section of this policy below;
- Managing suppliers: managing suppliers who deliver services to us;
- Online security: preserving our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
- Regulatory: complying with legal and regulatory obligations according to the jurisdiction applicable to each law firm, including auditing and reporting requirements;
- Service provision: providing legal advice;
- Site security: ensuring security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
- Website monitoring: checking that the website and our other technology services are being used appropriately and optimising their functionality.
Our reasons for using your personal data
- you have given us consent: for example, where you share details for particular purposes;
- when it is required in order to comply with legal or regulatory obligations: for example, anti-money laundering and mandatory client screening checks or disclosure to law enforcement;
- when it is necessary to deal with legal claims;
- when it is required for our legitimate business interests or those of a third party: provided that this does not impair any interests or rights that you have as an individual. Our legitimate interests are listed in the next section.
- providing legal services;
- managing our business and relationship with you or your company or organisation;
- understanding and responding to inquiries and client feedback;
- understanding how our clients use our services and websites;
- determining our clients requests and developing our relationship with you.
- improving our services and advises;
- receiving information from other Eptalex legal practices for shared clients;
- enforcing our terms of engagement and website and other terms and conditions;
- guaranteeing our systems and premises are secure;
- sharing data in connection with of our legal practice.
Our reasons for using special category data
- we collect your explicit consent: for the particular processing;
- it is necessary to protect your vital interests or those of other persons: for example, in medical emergencies; in case you have manifestly made the data public by publishing it on social media;
- it is necessary to deal with legal claims: for example, when court proceedings are involved;
- it is necessary for substantial public interests: for example, when it is required in order to prevent or detect unlawful acts;
- it is permitted by applicable law: outside the EU and other jurisdictions where these restrictions apply.
To whom do we transfer your data?
- to Eptalex member firms: including their management, lawyers, staff and contractors in order to provide legal services;
- to suppliers: who support our business including IT and communication suppliers, outsourced business support, marketing and advertising agencies (where allowed by the local jurisdisction) back up and DR suppliers and LPO operations. Our suppliers have to meet minimum standards as to information security and they will only have access to data required by them to perform their functions;
- to shared service centres: operated by Eptalex or third parties including for client on-boarding, IT services, marketing,risk management and office support services;
- to other law firms: other local law firms, barristers, expert witnesses and arbitrators/mediators;
- to law enforcement bodies and our regulators: or other competent authorities when required by law or good practice;
- to appropriate parties in case of emergencies: in particular when it is necessary to protect health and safety of our clients, staff and organisations;
- to your company or organisation: in relation to us providing legal services;
- to screening service providers: in order to comply with legal obligations related to the prevention or protection of crime, ant-money laundering and other required checks;
- to advertising networks and analytics service providers:to support and display advises on our website, apps and other social media tools;
- to third parties: where allowed by and in compliance with any applicable national law, in case of acquisition or transfer of any part of our business or in connection with the business reorganisation;
- to other delegates: for example, in cases where your name has to be listed on the attendee list for events you are going to attend.
Personal data about third parties
Where will your data be held?
How long do we keep your data?
- Access: you are entitled to claim confirmation of the fact that we are processing your personal data. In this case, you can request to have access to your personal data and to some information regarding the processing. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
- Automated decisions: you have the right to contest any automated decision made about you and ask for a reconsideration;
- Consent: since the data processing is based on your consent, you are entitled to withdraw the consent at any time. The consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected or updated;
- Erasure: you are entitled to obtain the erasure of personal data in certain circumstances. However, this right is subject to legal rights and obligations that may impose us the conservation of your personal data, for example, where the personal data is required for compliance with law or in connection with claims;
- Objection: although the processing of your personal data is based on a legitimate interest (or those of a third party), you have the right to object to it. However, we may be entitled to continue processing your data. You also have the right to object where we are processing your personal data for direct marketing purposes, where allowed by and in compliance with any applicable national law;
- Restriction: you are entitled to request us to suspend the processing of some of your personal data.
- Transfer: you may request us to help you to transfer certain of your personal data to another party.
Moreover, you also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident or where we are based or where an alleged infringement of Data Protection law has taken place.
Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact the relevant Data Privacy contact as listed in this Policy below.
You can decide to not receive further communications from us at any time. You can do this by changing your marketing preferences on your online accounts settings page, clicking on the “unsubscribe” link included at the end of any marketing email we send to you.
The personal data we collect through these technologies will also be used to manage your session.
Links to third party websites
If you follow a link to any other websites, please note that these websites have their own privacy notices which will inform you about the way your information is collected and processed when visiting those sites.