- A transnational legal practice
Eptalex is a transnational legal practice, structured as a Swiss Verein, and operating through member firms, constituted and regulated in accordance with the laws and regulations of each of their jurisdictions. Eptalex does not itself provide legal or other client services.
The terms “Eptalex” and ”the firm” mean one or more Law Firms (“we”/”us”/”our”). Any reference to “partner” means the partner, member, consultant or employee with equivalent standing and qualifications in at least one Law Firm.
Any reference to an Eptalex “location” means any office, associate office, facility, associate firm, or entity with a special alliance with our international law firm.
Personal data is collected by each member of the Eptalex Group. In the European Union our representative (whose responsibility will be limited to representation, not including liability) is Mr. Jacopo Gasperi.
- Data collection and processing
We may collect the following personal data:
- Attendance records: to record your attendance at our offices for security purposes;
- Business information: to identify you regarding matters on which you instruct us which involve you;
- Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided), email and postal address;
- Criminal record data: where allowed by any applicable national law and where it is opportune to do so, such as existence of prior criminal offences (or confirmation of clean criminal record);
- Events data: attendance at and provision of feedback forms in relation to our events;
- Information in connection with investigations or proceedings: to conduct the investigation or proceedings, if so required;
- Information from open sources/public domain: e.g. LinkedIn and similar professional networks, directories or internet publications;
- Online data: in case you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network, such as for instance, information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, duration of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails. Eptalex reminds that personal data regarding your online activities across third party websites or online services are not collected;
- Social media: posts, Likes, tweets and other interactions with our social media presence;
- Special categories of personal data: such as disability or similar requirements for events and meetings. If you decide to not provide this information, we may not be able to respond to your particular needs or preferences;
- Subscriptions/preferences: in case you subscribe to receive legal briefings, updates or newsletters as well as consent preferences to allow us to identify which materials you are interested in receiving;
- Supplier data: contact details and other information about you or your company or organisation where you provide services to Eptalex;
- Technical information: in case you access this website and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari etc.), time zone setting, browser plug-in types and versions, operating system you are using (e.g. Vista, Windows XP, MacOS, etc), device type, hardware model, MAC address, unique identifiers and mobile network information.
All data included the above listed categories may be provided to us by you, your employer, the company or organisation who is our client or screening providers who assist us with our legal obligations to conduct under anti-money laundering, sanctions screening and regulatory checks.
- Your communications with us
Eptalex may also collect data from the correspondence between you and us. We would like to advise you to not send us confidential information until it has been confirmed in writing that we represent or act for you or your company or organisation. Unsolicited emails from non-clients do not establish a lawyer-client relationship. They may not be privileged and, therefore, may be disclosed to others.
- Use your personal data
We may use your personal data for the following purposes:
- Business relationship: managing and maintaining our relationship with you, your company or organisation, including keeping records about business contacts, services and payments to customise our offering for you, develop our relationship and target our marketing;
- Client legal compliance: client due diligence (under anti-money laundering and other crime prevention and detection laws and regulatory requirements);
- Client surveys and feedback: including events feedback, client listening exercises, answering issues and concerns which may arise;
- Communication: sending emails, newsletters and other messages to inform you of any legal developments;
- Events: running legal briefings, seminars and other events;
- Legitimate interest: pursuing the legitimate business interests listed in the “Legitimate Interests section of this policy below;
- Managing suppliers: managing suppliers who deliver services to us;
- Online security: preserving our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
- Regulatory: complying with legal and regulatory obligations according to the jurisdiction applicable to each law firm, including auditing and reporting requirements;
- Service provision: providing legal advice;
- Site security: ensuring security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
- Website monitoring: checking that the website and our other technology services are being used appropriately and optimising their functionality.
- Our reasons for using your personal data
We may process your personal data for a number of reasons:
- you have given us consent: for example, where you share details for particular purposes;
- when it is required in order to comply with legal or regulatory obligations: for example, anti-money laundering and mandatory client screening checks or disclosure to law enforcement;
- when it is necessary to deal with legal claims;
- when it is required for our legitimate business interests or those of a third party: provided that this does not impair any interests or rights that you have as an individual. Our legitimate interests are listed in the next section.
- Legitimate interests
Our legitimate business interests concern:
- providing legal services;
- managing our business and relationship with you or your company or organisation;
- understanding and responding to inquiries and client feedback;
- understanding how our clients use our services and websites;
- determining our clients requests and developing our relationship with you.
- improving our services and advises;
- receiving information from other Eptalex legal practices for shared clients;
- enforcing our terms of engagement and website and other terms and conditions;
- guaranteeing our systems and premises are secure;
- sharing data in connection with of our legal practice.
- Our reasons for using special category data
Special category data in the EU and certain other jurisdictions refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data. We may also collect data about criminal records. We may process this data only if:
- we collect your explicit consent: for the particular processing;
- it is necessary to protect your vital interests or those of other persons: for example, in medical emergencies; in case you have manifestly made the data public by publishing it on social media;
- it is necessary to deal with legal claims: for example, when court proceedings are involved;
- it is necessary for substantial public interests: for example, when it is required in order to prevent or detect unlawful acts;
- it is permitted by applicable law: outside the EU and other jurisdictions where these restrictions apply.
- To whom do we transfer your data?
We may transfer your data to others as follows:
- to Eptalex member firms: including their management, lawyers, staff and contractors in order to provide legal services;
- to suppliers: who support our business including IT and communication suppliers, outsourced business support, marketing and advertising agencies (where allowed by the local jurisdisction) back up and DR suppliers and LPO operations. Our suppliers have to meet minimum standards as to information security and they will only have access to data required by them to perform their functions;
- to shared service centres: operated by Eptalex or third parties including for client on-boarding, IT services, marketing,risk management and office support services;
- to other law firms: other local law firms, barristers, expert witnesses and arbitrators/mediators;
- to law enforcement bodies and our regulators: or other competent authorities when required by law or good practice;
- to appropriate parties in case of emergencies: in particular when it is necessary to protect health and safety of our clients, staff and organisations;
- to your company or organisation: in relation to us providing legal services;
- to screening service providers: in order to comply with legal obligations related to the prevention or protection of crime, ant-money laundering and other required checks;
- to advertising networks and analytics service providers:to support and display advises on our website, apps and other social media tools;
- to third parties: where allowed by and in compliance with any applicable national law, in case of acquisition or transfer of any part of our business or in connection with the business reorganisation;
- to other delegates: for example, in cases where your name has to be listed on the attendee list for events you are going to attend.
- Personal data about third parties
You may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their data to us and have obtained their consent to that disclosure.
We hold your data securely in respect to physical, technical and administrative security measure. However, although we take all steps reasonably necessary to safeguard your personal data, please note that the transmission of data via internet is not totally safe and we cannot guarantee the security of your data transmitted. For this reason, any transmission of data occurs at your own risk.
- Where will your data be held?
Since we are a global legal practice, your data may be transferred out of your local jurisdiction or region. Data protection laws vary by country. Eptalex will take reasonable measures to protect your data according to the locally applicable data protection requirements.
- How long do we keep your data?
We keep your data only for the period of time needed to provide our legal services and to deal with claims. This depends on a number of factors such as whether you or your company or organisation are an existing client or have interacted with recent client mailings or bulletins or attended recent events. We store your data as it is required to comply with legal, accounting or regulatory requirements.
- Your Rights
If you are working with our EU legal practice or our practices in certain other jurisdictions where similar rules apply, you are entitled to certain rights in relation to your data as exposed below:
- Access: you are entitled to claim confirmation of the fact that we are processing your personal data. In this case, you can request to have access to your personal data and to some information regarding the processing. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
- Automated decisions: you have the right to contest any automated decision made about you and ask for a reconsideration;
- Consent: since the data processing is based on your consent, you are entitled to withdraw the consent at any time. The consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected or updated;
- Erasure: you are entitled to obtain the erasure of personal data in certain circumstances. However, this right is subject to legal rights and obligations that may impose us the conservation of your personal data, for example, where the personal data is required for compliance with law or in connection with claims;
- Objection: although the processing of your personal data is based on a legitimate interest (or those of a third party), you have the right to object to it. However, we may be entitled to continue processing your data. You also have the right to object where we are processing your personal data for direct marketing purposes, where allowed by and in compliance with any applicable national law;
- Restriction: you are entitled to request us to suspend the processing of some of your personal data.
- Transfer: you may request us to help you to transfer certain of your personal data to another party.
In order to exercise your rights, please contact one of the Data Privacy contacts set out in this Policy below, in writing at the appropriate email address.
Moreover, you also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident or where we are based or where an alleged infringement of Data Protection law has taken place.
Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact the relevant Data Privacy contact as listed in this Policy below.
- Direct Marketing
Where allowed by and in compliance with any applicable national law, we may use the information we collect from you on our website or by other means for direct marketing purposes to provide emails, newsletters and other messages and to inform you of legal developments, market insights and of our services including events that we think may interest you.
You can decide to not receive further communications from us at any time. You can do this by changing your marketing preferences on your online accounts settings page, clicking on the “unsubscribe” link included at the end of any marketing email we send to you.
The personal data we collect through these technologies will also be used to manage your session.
- Links to third party websites
Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal data that you provide through these websites is not subject to this privacy notice and the processing of your personal data by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will inform you about the way your information is collected and processed when visiting those sites.
We do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old, please do not submit any personal data to us.
- How to contact us
If you have any questions, comments or requests regarding any use of your personal data by Eptalex, please send an email to firstname.lastname@example.org