Data Transfer & Privacy Policies
We may collect the following personal data when you visit our website:
(a) Personal data you provide when you complete forms available on our website;
(b) Personal data you provide when you contact us;
(c) Personal data relating to: (i) your application for employment at Decipher;
(d) Details of visits to our website, including the volume of traffic received, logs and the resources that you have accessed.
How we use your information
We use information you provide to better understand your needs and provide you with better service. With the exception of vendors providing hosting, database management and development services related to the operation of these websites, we will not disclose, sell or rent any of your personal data to any third party unless approved by you or required by law.
Transfer of personal data
Links to other sites
We may provide links to other websites for your information or convenience. Such websites are independently operated and not under our control. We are not responsible for the content of these websites or any products or services offered through them or with respect to any personal data that you provide to such websites.
European data protection legislation gives individuals the right to access and amend their personal data as well as have it erased. If you would like to request a copy of your personal data or would like to amend the information that we have about you, please contact Head of Compliance, International.
Our commitment to data security
To prevent unauthorized access, maintain data accuracy and ensure the permitted use of information, the Firm uses commercially appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. Unfortunately, the transmission of information via the Internet is not completely secure. However, we have put in place various security procedures as set out in this policy. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Our commitment to children’s privacy
We do not seek to collect or maintain information on our website from those we know are under 18, and no part of our website is structured to attract anyone under 13.
Decipher adheres to international data protection legislation concerning the transfer of personal data from the European Economic Area (the “EEA”) and/or Switzerland, in each case to the United States, Hong Kong and Mainland China.
Scope: This Policy applies to all “personal data” that the Firm receives from the EEA and/or Switzerland that pertains to, a specific individual in the EEA or Switzerland, can be linked to that individual, and is recorded in any form.
Notice: If Decipher obtains personal data directly from individuals in the EEA or Switzerland, Decipher will inform those individuals about (i) why Decipher is collecting and using their personal data; (ii) the types of third parties to whom Decipher may disclose that personal data; (iii) each individual’s rights regarding their data; and (iv) how an individual may contact Decipher. Decipher will provide notice of the foregoing in clear and conspicuous language when individuals are first asked to provide personal data to Decipher, or as soon as practicable thereafter, and in any event before Decipher uses or discloses the information for a purpose other than that for which it was originally collected. Consent for personal data to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use the Firm’s services. Alternatively, we process personal data as may be necessary for the Firm’s legitimate interests in managing its business, delivering legal services to clients and for the fulfilment of its contractual obligations.
Choice: Where acting as a data controller (i.e., the person or entity that determines the purposes for which, and the manner in which, any personal data is processed), Decipher will offer individuals the opportunity to choose (i.e., opt-out) whether their personal data is (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For special categories of personal data, Decipher will give individuals the opportunity to affirmatively and explicitly (i.e., opt-in) consent to the disclosure of such personal data to a non-agent third party or the use of such personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. In connection with client engagements and at the direction of the Firm’s clients, Decipher may process personal data of data subjects with whom the Firm has no direct relationship. Decipher may disclose personal data to (i) agents as provided herein, and (ii) non-agent third parties for the purposes of, and as directed by, the client in connection with which that personal data was collected. In receiving such personal data from its clients, Decipher will obtain an affirmation from such clients that all personal data transferred to Decipher is transferred in accordance with all applicable international data protection legislation.
Onward Transfer: Decipher will use commercially reasonable efforts to obtain assurances from third parties to whom they transfer data that they will safeguard personal data consistent with this Policy. If Decipher discovers that an agent is using or disclosing personal data in a manner contrary to this Policy, Decipher will take commercially reasonable steps to prevent or stop the use or disclosure.
Any transfer of personal data from Decipher will be made with adequate levels of protection in place.
Security: Decipher will take commercially reasonable precautions to protect personal data in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Data Integrity: Decipher will use personal data only in ways that are compatible with the purposes for which Decipher collected the data or in a manner that the data subject or client subsequently authorized. To the extent necessary, Decipher will take commercially reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current.
Access: Upon request, Decipher will provide individuals with information about the personal data that it holds about them in the Firm’s role as data controller. If an individual becomes aware that information the Firm maintains about that individual is inaccurate, or if an individual would like to update, review or erase his or her information, the individual may contact the Firm at dataprivacy@Decipher.com. The individual may need to provide sufficient identifying information to allow the Firm to confirm the individual’s identity.
Enforcement: Decipher will periodically audit its relevant privacy practices to confirm that the Firm is adhering to this Policy. Any partner or employee who Decipher determines is violating or has violated this Policy may be subject to disciplinary action up to and including termination.
Dispute Resolution – Human Resource Data: Any questions or concerns regarding the use or disclosure of Decipher’s human resource data should be directed to the Firm’s HR Director or the Director of Administration. Decipher will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the European General Data Protection Regulation Principles and this Policy. For unresolved complaints related to Decipher’s human resources data for partners and employees in the EU offices, Decipher will cooperate with the European National Supervisory Authorities.
Dispute Resolution – Client Data: Any questions or concerns regarding the use or disclosure of client-related personal data should be directed to the Firm at dataprivacy@Decipher.com. Decipher will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the GDPR and this Policy.
Limitations of the GDPR and this Policy: Decipher’s adherence to the GDPR and this Policy will be limited as permitted by the GDPR: (i) to the extent necessary to meet national security, public interest, or law enforcement requirements, (ii) by statute, government regulation, or case law that creates conflicting obligations or authorizations, provided that, in exercising any such authorization, the Firm’s non-adherence is limited to the extent necessary to meet the overriding legitimate interests the Firm furthers, or (iii) if the effect of the EU Regulation on Data Protection (the “GDPR”), EU Member State law, or the Swiss Federal Act on Data Protection (the “FADP”) is to allow exceptions or derogations, provided the Firm applies such exceptions or derogations in comparable contexts. Further, because Decipher is a law firm providing legal advice, adherence to certain of the GDPR (including Notice, Choice and Access), is limited with respect to personal data that the Firm processes and uses in certain respects, including, but not limited to, the establishment of a legal claim or defense or the representation of a client’s interests and rights in an acquisition, merger, joint venture or other transaction. Personal data may also be subject to ethical duties of confidentiality or privilege.
Decipher’s U.S. offices do not disclose personal data to third parties except in accordance with the GDPR and this Policy.
This Policy may be amended from time to time.
Last Updated: March 14, 2019