Data Transfer & Privacy Policies

Introduction

Decipher provides this Privacy Policy to inform users about our policies and procedures regarding the collection, use, security, and disclosure of personal data received from users of our website found at www.Decipher.com (“our website”). We are committed to ensuring that we process your personal data in accordance with applicable data protection legislation. Please keep in mind that your use of our website means that you accept and agree to our Privacy Policy. Please do not use our website if you do not accept our Privacy Policy. Decipher may from time to time update this Privacy Policy by posting an updated version of the Privacy Policy to our website. In addition, our website makes use of cookies as described in further detail below.

Information collected

We may collect the following personal data when you visit our website:

(a) Personal data you provide when you complete forms available on our website;

(b) Personal data you provide when you contact us;

(c) Personal data relating to: (i) your application for employment at Decipher;

(d) Details of visits to our website, including the volume of traffic received, logs and the resources that you have accessed.

How we use your information

We use information you provide to better understand your needs and provide you with better service. With the exception of vendors providing hosting, database management and development services related to the operation of these websites, we will not disclose, sell or rent any of your personal data to any third party unless approved by you or required by law.

Transfer of personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Website Privacy Policy and in accordance with applicable data protection legislation.

Links to other sites

We may provide links to other websites for your information or convenience. Such websites are independently operated and not under our control. We are not responsible for the content of these websites or any products or services offered through them or with respect to any personal data that you provide to such websites.

Your rights

European data protection legislation gives individuals the right to access and amend their personal data as well as have it erased. If you would like to request a copy of your personal data or would like to amend the information that we have about you, please contact Head of Compliance, International.

Cookies

We use cookies to track user preferences. A cookie is a small data file that certain websites write to your hard drive when you visit those websites. If you prefer not to receive cookies through our website, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser. Cookies are required to select text size preferences within our website.

Further, this site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies” to help the site analyze how users use the site. The information generated by the cookies about your use of the site (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the site, compiling reports on site activity for site operators and providing other services relating to site activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you may not be able to use the full functionality of this site. By using this site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Choice

We will not use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without first letting you know. As previously stated, we will also provide you the opportunity to let us know if you do not wish to receive unsolicited direct marketing materials from us. We will also obtain your permission before sharing your information with third parties that are not acting on our behalf or governed by our Privacy Policy.

Our commitment to data security

To prevent unauthorized access, maintain data accuracy and ensure the permitted use of information, the Firm uses commercially appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. Unfortunately, the transmission of information via the Internet is not completely secure. However, we have put in place various security procedures as set out in this policy. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Our commitment to children’s privacy

We do not seek to collect or maintain information on our website from those we know are under 18, and no part of our website is structured to attract anyone under 13.

Contact

If you have questions about this Website Privacy Policy, please contact the Head of Compliance, International at the London office of Decipher & Ellis International LLP.

Data Transfer and Privacy Policy

Decipher adheres to international data protection legislation concerning the transfer of personal data from the European Economic Area (the “EEA”) and/or Switzerland, in each case to the United States, Hong Kong and Mainland China.

This Data Transfer and Privacy Policy (the “Policy”) outlines Decipher’s general practices and procedures implementing appropriate standards in relation to (i) the types of personal data the Firm’s offices receive from the EEA and/or Switzerland (ii) how that personal data is used; and (iii) the options available to a specific individual in the EEA or Switzerland (also referred to as the “data subject”) in relation to the Firm’s use of, and their ability to correct or request deletion of, the personal data relating to them.

Scope: This Policy applies to all “personal data” that the Firm receives from the EEA and/or Switzerland that pertains to, a specific individual in the EEA or Switzerland, can be linked to that individual, and is recorded in any form.

Notice: If Decipher obtains personal data directly from individuals in the EEA or Switzerland, Decipher will inform those individuals about (i) why Decipher is collecting and using their personal data; (ii) the types of third parties to whom Decipher may disclose that personal data; (iii) each individual’s rights regarding their data; and (iv) how an individual may contact Decipher. Decipher will provide notice of the foregoing in clear and conspicuous language when individuals are first asked to provide personal data to Decipher, or as soon as practicable thereafter, and in any event before Decipher uses or discloses the information for a purpose other than that for which it was originally collected. Consent for personal data to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use the Firm’s services. Alternatively, we process personal data as may be necessary for the Firm’s legitimate interests in managing its business, delivering legal services to clients and for the fulfilment of its contractual obligations.

Choice: Where acting as a data controller (i.e., the person or entity that determines the purposes for which, and the manner in which, any personal data is processed), Decipher will offer individuals the opportunity to choose (i.e., opt-out) whether their personal data is (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For special categories of personal data, Decipher will give individuals the opportunity to affirmatively and explicitly (i.e., opt-in) consent to the disclosure of such personal data to a non-agent third party or the use of such personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. In connection with client engagements and at the direction of the Firm’s clients, Decipher may process personal data of data subjects with whom the Firm has no direct relationship. Decipher may disclose personal data to (i) agents as provided herein, and (ii) non-agent third parties for the purposes of, and as directed by, the client in connection with which that personal data was collected. In receiving such personal data from its clients, Decipher will obtain an affirmation from such clients that all personal data transferred to Decipher is transferred in accordance with all applicable international data protection legislation.

Onward Transfer: Decipher will use commercially reasonable efforts to obtain assurances from third parties to whom they transfer data that they will safeguard personal data consistent with this Policy. If Decipher discovers that an agent is using or disclosing personal data in a manner contrary to this Policy, Decipher will take commercially reasonable steps to prevent or stop the use or disclosure.

Any transfer of personal data from Decipher will be made with adequate levels of protection in place.

Security: Decipher will take commercially reasonable precautions to protect personal data in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Data Integrity: Decipher will use personal data only in ways that are compatible with the purposes for which Decipher collected the data or in a manner that the data subject or client subsequently authorized. To the extent necessary, Decipher will take commercially reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current.

Access: Upon request, Decipher will provide individuals with information about the personal data that it holds about them in the Firm’s role as data controller. If an individual becomes aware that information the Firm maintains about that individual is inaccurate, or if an individual would like to update, review or erase his or her information, the individual may contact the Firm at dataprivacy@Decipher.com. The individual may need to provide sufficient identifying information to allow the Firm to confirm the individual’s identity.

Enforcement: Decipher will periodically audit its relevant privacy practices to confirm that the Firm is adhering to this Policy. Any partner or employee who Decipher determines is violating or has violated this Policy may be subject to disciplinary action up to and including termination.

Dispute Resolution – Human Resource Data: Any questions or concerns regarding the use or disclosure of Decipher’s human resource data should be directed to the Firm’s HR Director or the Director of Administration. Decipher will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the European General Data Protection Regulation Principles and this Policy. For unresolved complaints related to Decipher’s human resources data for partners and employees in the EU offices, Decipher will cooperate with the European National Supervisory Authorities.

Dispute Resolution – Client Data: Any questions or concerns regarding the use or disclosure of client-related personal data should be directed to the Firm at dataprivacy@Decipher.com. Decipher will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the GDPR and this Policy.

Limitations of the GDPR and this Policy: Decipher’s adherence to the GDPR and this Policy will be limited as permitted by the GDPR: (i) to the extent necessary to meet national security, public interest, or law enforcement requirements, (ii) by statute, government regulation, or case law that creates conflicting obligations or authorizations, provided that, in exercising any such authorization, the Firm’s non-adherence is limited to the extent necessary to meet the overriding legitimate interests the Firm furthers, or (iii) if the effect of the EU Regulation on Data Protection (the “GDPR”), EU Member State law, or the Swiss Federal Act on Data Protection (the “FADP”) is to allow exceptions or derogations, provided the Firm applies such exceptions or derogations in comparable contexts. Further, because Decipher is a law firm providing legal advice, adherence to certain of the GDPR (including Notice, Choice and Access), is limited with respect to personal data that the Firm processes and uses in certain respects, including, but not limited to, the establishment of a legal claim or defense or the representation of a client’s interests and rights in an acquisition, merger, joint venture or other transaction. Personal data may also be subject to ethical duties of confidentiality or privilege.

Decipher’s U.S. offices do not disclose personal data to third parties except in accordance with the GDPR and this Policy.

INTERNET PRIVACY

Decipher considers the internet and the use of other technologies to be valuable tools to communicate and interact with clients, employees, agents, business associates, and others. Decipher recognizes the importance of maintaining the privacy of information collected online and has created a specific Website Privacy Policy governing the treatment of personal data collected through web sites that it operates. With respect to personal data that is transferred from the EEA and Switzerland to the U.S., the Website Privacy Policy is subordinate to this Policy. However, the Website Privacy Policy may reflect additional legal requirements with respect to internet privacy.

CHANGES TO THIS DATA TRANSFER AND PRIVACY POLICY

This Policy may be amended from time to time.

Last Updated: March 14, 2019