Global menu

Our global pages

Close

Privacy notice

In summary...

  • We use your personal data to provide legal advice and related services (including marketing communications, where you have requested them), manage our business, recruit new staff, comply with our legal obligations, and improve and monitor the performance of our digital platforms
  • We may add your personal data to our global contact database managed by Eversheds Sutherland (International) LLP ("Eversheds Sutherland"), and used by the Eversheds Sutherland network of firms, especially if you're a client or prospective client
  • We have measures in place to safeguard your personal data when we transfer it outside the European Union
  • We take steps to minimise the amount of personal data we hold about you and to keep it secure
  • We delete your personal data when we no longer need it, and we have policies in place to govern when that is
  • You have a number of rights in relation to your personal data
  • We are happy to answer your questions about any of the above – please send them to dataprotectionoffice@eversheds-sutherland.com

For further details about how we process your personal data you can read the appropriate Privacy Notices below:

Who are you?

I am…

a client, prospective client, someone who has signed up to receive marketing communications from Eversheds Sutherland or just browsing the Eversheds Sutherland website

Last updated: 24 May 2018

About this notice

This notice explains how and why your personal data is processed by the Eversheds Sutherland network of law firms (also referred to as “Eversheds Sutherland”, “ES” “we”, “our” and “us”) when we provide you with legal and related services, when you use our websites and other digital platforms, and when we send you marketing communications.

Eversheds Sutherland is a "controller" in relation to its use of your personal data. This is a legal term – it means that we make decisions about how and why we use your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws. The controller in respect of personal data processed in connection with the www.eversheds-sutherland.com website is Eversheds Sutherland (International) LLP. For the purposes of the other processing activities set out in this notice, the controller will be the relevant Eversheds Sutherland entity providing you and/or your organisation with legal services or any website or digital platform or sending you marketing communications. Click here for a list of the Eversheds Sutherland operating entities providing legal services and their contact details.

In this notice, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you.

You should read this notice, so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances from time to time. If you have any questions about this notice, please contact dataprotectionoffice@eversheds-sutherland.com.

What types of personal data do we collect and where do we get it from?

The personal information we process about you broadly falls into five main categories: (i) Contact Information; (ii) Identity and Other Regulatory Information; (iii) Matter and Billing Information; (iv) Marketing Preferences; and (v) Browsing and Device Usage Information.

We collect your personal information from various sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.

CategoryTypes of personal dataCollected from
Contact Information  
  • Name
  • Address
  • Telephone number
  • Organisation details (eg your place of work, job title and organisation contact information)
  • You
  • Publicly available resources
Identity and Other Regulatory Information
  • Date of birth
  • Identification information (eg passport, utility bill and/or bank statement)
  • Details of whether you are a politically exposed person (PEP)
  • You
  • Third party systems used for our regulatory checks
Matter and Billing Information
  • Details relating to your matters or enquiries, including matter related communications with you
  • Information about other people (eg your customers and/or staff) that you share with us in connection with your matters
  • Information you provide to us when you come into an Eversheds Sutherland office (eg for a meeting)
  • User IDs and passwords used by you in relation to our platforms and services
  • You/your organisation’s billing, payment and banking details
  • You
  • Advisors and other third parties working on your matters on our/your behalf, or those on the other side of the transaction or litigation
Marketing Preferences
  • Legal practice area interests
  • Business industry sector interests
  • Marketing communications preferences
  • You
  • Publicly available information from online resources such as LinkedIn
Browsing and Device Usage Information
  • Information automatically generated through your use of our websites and other digital platforms
  • IP address
  • Information revealing the location of your electronic device
  • You and your use of our digital platforms

Please note that if you do not provide us with your Contact Information we may not be able to provide you with any information you request, and if you do not provide us with your Contact Information, Identity and Other Regulatory Information or certain Matter and Billing Information, we will not be able to act for you.

What do we do with your personal data, and why?

We use your personal data for a number of different purposes. We must always have a “lawful basis” (ie a reason, prescribed by law) for processing your personal data. The Personal data purposes table below sets out the purposes for which we process the different categories of your personal data and the corresponding lawful basis for that processing. The purposes applicable to you will vary according to the relevant Eversheds Sutherland controller of your personal data (as explained in the introductory paragraph above). For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

We also process certain special categories of personal data (including details relating to your health when you visit our premises) and information relating to your criminal record where applicable, which require a higher standard of protection under applicable laws. For these special categories of personal data, different lawful bases apply. The Special categories of personal data purposes table below sets out the different purposes for which we process special categories of personal data about you and the relevant lawful basis on which we rely for that processing. The purposes applicable to you will vary according to the relevant Eversheds Sutherland controller of your personal data (as explained in the introductory paragraph above). For some processing activities, we consider that more than one legal basis may be relevant – depending on the circumstances. We also have policies in place explaining our procedures for ensuring compliance with applicable laws in connection with the processing of special categories of personal data.

Cookies and similar technologies

For more information regarding how we use cookies and similar technologies in connection with your use of our platforms, please read our Cookies Policy.

Who do we share your personal data with, and why?

Sometimes we share your personal data with third parties where permitted by law, including the following:

  • other companies in or branches or offices of the Eversheds Sutherland network of firms in connection with our business strategy and client targeting programmes and where necessary for us to provide you with multi-jurisdictional legal advice. For example, if you are a client or prospective client, we may add your personal data to our global client contact database which is available to lawyers across the Eversheds Sutherland network. You can find a list of the countries in which we operate here
  • barristers, other law firms and courts, as applicable in the context of the legal services we provide to you;
  • courts and other judicial or official bodies, where we are asked to respond to an order or other binding requests;
  • regulatory bodies and law enforcement agencies, where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations or in connection with criminal investigations, or where otherwise permitted or required by applicable law; and
  • professional advisors (such as third party law firms and accountants) and other third parties in connection with our legitimate business activities.

These organisations may use your personal data as a “controller” – they will have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable data protection laws.

We also ask third party service providers to carry out certain business functions for us. These include:

  • IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, data rooms, document and workflow management systems and other systems and applications;
  • third party debt recovery organisations where we need to recover any money owed to us;
  • marketing service providers, including companies who send out surveys and marketing communications on our behalf; and
  • survey providers who help collate client feedback for us.

We will have in place an agreement with our service providers which will restrict how they are able to process your personal data and impose appropriate security standards on them.

Where is your personal data transferred to?

Since Eversheds Sutherland is a network of different law firms operating globally, we will sometimes need to transfer your personal data to recipients in jurisdictions other than your own. Some of these jurisdictions may not provide the same level of protection to your personal data as provided in your jurisdiction. If we transfer your personal data outside the European Union, we will only make that transfer if:

  • that country ensures an adequate level of protection for your personal data;
  • the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data – this includes for example, the EU-US Privacy Shield which enables the secure transfer of personal data to the United States;
  • we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission;
  • the transfer is permitted by applicable laws; or
  • you explicitly consent to the transfer.

If you would like to see a copy of any relevant safeguards used by us to protect the transfer of your personal data, please contact dataprotectionoffice@eversheds-sutherland.com.

How do we keep your personal data secure?

We will put in place appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

However please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping any passwords you use to access Eversheds Sutherland platforms safe.

How long do we keep your personal data for?

We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for.  This will depend on a number of factors, including:

  • any laws or regulations that we are required to follow;
  • whether we are in a legal or other type of dispute with each other or any third party;
  • the type of information that we hold about you; and
  • whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

What are your privacy rights and how can you exercise them?

Where our processing of your personal data is based on your consent (see Personal data purposes table below), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.

Where our processing of your personal data is based on the legitimate interests lawful basis (see Personal data purposes table below), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.

Depending on the circumstances, you may have the right to:

  • access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipient to whom it is disclosed and the period for which it will be stored;
  • require us to correct any inaccuracies in your personal data without undue delay;
  • require us to erase your personal data;
  • require us to restrict processing of your personal data;
  • receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated; and
  • object to a decision that we make which is based solely on automated processing of your personal data.

Please contact us at dataprotectionoffice@eversheds-sutherland.com if you would like to exercise any of your privacy rights.

We also encourage you to let us know if you have any concern about how we are processing your personal data so we can try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you are always entitled to submit a complaint with your data protection supervisory authority – for contact details see here.

Purposes for processing personal data

 Lawful basis
Purposes of processingYour consentTo perform a contract with you To comply with a legal obligationFor our legitimate interests
Providing Legal Advice and Related Services 
Responding to your enquiries  
YES

YES

YES

(It is important that we can respond to your enquiries)
Establishing you/your organisation as a client on our systems  
YES

YES

 
Providing you/your organisation with legal advice, training and other services and/or products you may have requested from us  
YES

   
Producing reports and narratives to cover how we have spent our time in relation to your matter(s)  

YES

YES

(We need to be able to properly record and account for our service-related activities as part of our general business planning and management)
Taking payment from you in respect of our services  
YES

   
Hosting you at our offices and providing hospitality services      
YES

(We need to be able to host our clients and prospective clients effectively)
Sharing relevant know-how and solicited legal updates with you and sending you service-related communications  
YES

 
YES

(As part of providing a high quality legal service, we need to keep our clients updated with the latest relevant legal developments)
Sending you electronic direct marketing communications
YES

     
Analysing how our electronic marketing communications are used by you (including whether you open them and click through to access their contents)    
YES

(We need this information to ensure we are providing you with information that you are interested in)
Conducting surveys for benchmarking, continuous improvement and marketing purposes
YES

   
YES

(We need to collect your feedback in relation to our services, in order to resolve any problems or complaints and improve and innovate)
For our general record-keeping and client relationship management  
YES

YES

YES

(As a law firm, we need to store client related files so we can refer back to them)
Managing our business relationship with you resolving any complaints from or disputes with you  
YES

 
YES

(We need to be able to try and maintain our position of being your trusted advisor and resolve any complaint or dispute you might raise with us)
Managing and administering the user accounts and profiles you have with us, collecting information about how you use them and your preferences and tailoring and improving our services accordingly
YES

   
YES

(We need to tailor our services in accordance with feedback and preferences)
Resolving any complaints from or disputes with you      
YES

(We need to be able to try and resolve any complaint or dispute you might raise with us)
Legal and Regulatory Compliance and Reporting        
Performing identity, financial and credit searches, screening and checks against third party sources for anti-money laundering, identity verification, client conflicts and anti-trust purposes    
YES

 
Conducting client conflict checks (not required by law) to confirm we can provide services to you      
YES

(We need to make sure that it is appropriate for us to act for you, taking account of our other clients)
Monitoring our systems and processes to identify, record and prevent fraudulent, criminal and/or otherwise illegal activity    
YES

YES

(We need to be able to monitor our systems in this way to help protect them, us and you from illegal activity)
Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law    
YES

 
Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws)    
YES

 
General Business Requirements        
Managing, planning and delivering our global business and marketing strategies (including recording and reporting on our business development activities)      
YES

(As a global law firm, we need to implement effective business development and marketing strategies)
Purchasing, maintaining and claiming against our insurance policies    
YES

YES

(It is in our interests to protect our business against specified losses)
Training our staff    
YES

YES

(Sometimes, it is appropriate for us to use your personal information so that we can provide our staff with training to manage risk and improve the quality of our services)
Continuously reviewing and improving our products and services (including by seeking and obtaining your feedback) and developing new ones      
YES

(We have a legitimate interest in making sure that we are continuously improving our service offering)
Complying with instructions from our clients in relation to their regulatory obligations (including recording our telephone communications with you)      
YES

(Sometimes, we may need to record calls to our teams to assist with our clients’ regulatory obligations, and for training and quality purposes)
Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings)      
YES

(We must be able to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them)
Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality      
YES

(We need to perform this routine monitoring to make sure our platforms work properly, analyse how they are used and improve them)
Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation    
YES

YES

(We have a legitimate interest in being able to sell any part of our business)
Maintaining the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same)  
YES

 
YES

(We need to make sure that our business processes are secure)
Managing, publicising and participating in corporate social responsibility initiatives
YES

   
YES

(We need to ensure our CSR initiatives are properly managed)
 

Purposes for processing special categories of personal data

Purposes of processing Special category lawful basis
We are permitted to process your personal data because…
  1. You have given your explicit consent to the processing
  1. It is necessary to protect somebody’s vital interests or they are incapable of giving consent
  1. It is necessary for the establishment, exercise or defence of legal claims
  1. It is necessary for reasons of substantial public interest
Hosting you at our offices and providing hospitality services
YES

(for your dietary and access requirements)
YES

(in case of accidents or emergencies at our offices)
   
Providing legal advice to our clients    
YES

YES

Investigating, evaluating, demonstrating, monitoring, improving and reporting on our compliance with relevant legal and regulatory requirements (such as anti-money laundering and client verification checks)      
YES

Complying with (or assisting others’ compliance with) regulatory requirements involving steps being taken to establish the existence of any unlawful act, dishonesty, malpractice or other seriously improper conduct      
YES

Complying with our general regulatory and statutory obligations      
YES

Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities or sharing information (on a voluntary basis) with the same    
YES

YES

Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings)    
YES

YES

 

someone else (such as a customer of an Eversheds Sutherland client, supplier or press contact etc)

Last updated: 24 May 2018

About this notice

This notice explains how and why Eversheds Sutherland (also referred to in this notice as “ES” “we”, “our” and “us”) use your personal data in connection with our legal advice and related services and our general business operations.

You should read this notice if you are not an Eversheds Sutherland client but you are dealing with us in relation to any service that we provide, where you are providing us with a service or where you are a different type of third party in communication with us.

For the purposes of this notice, the controller will be the relevant ES entity providing the services which are relevant to your matter with us, or if you are a supplier , the relevant ES entity that you are contracting with (or looking to contract with). Click here for a list of the Eversheds Sutherland operating entities providing legal services.

In this notice, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you.

You should read this notice, so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances from time to time. If you have any questions about this notice, please contact dataprotectionoffice@eversheds-sutherland.com.

What types of personal data do we collect and where do we get it from?

The personal information we process about you broadly falls into five main categories: (i) Contact Information; (ii) Identity and Other Regulatory Information; (iii) Matter Information; and (iv) Browsing and Device Usage Information.

We collect your personal information from various sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.

CategoryTypes of personal dataCollected from
Contact Information  
  • Name
  • Address
  • Telephone number
  • Organisation details (eg your place of work, job title and organisation contact information)
  • Our clients
  • You
  • Publicly available resources such as LinkedIn and Google
Identity and Other Regulatory Information
  • Date of birth
  • Identification information (eg passport, utility bill and/or bank statement)
  • You
  • Third party systems used for our regulatory checks
Matter Information
  • Details relating to your matters, enquiries and other dealings with us or our clients (including matter related communications with you)
  • Our clients
  • You
  • Third parties also working on your matter
Browsing and Device Usage Information
  • Information automatically generated through your use of our websites and other digital platforms
  • IP address
  • Information revealing the location of your electronic device
  • You and your use of our digital platforms

Please note that if you do not provide us with your Contact Information we may not be able to provide you with any information you request, and if you are a supplier or prospective supplier and you do not provide us with your Contact Information, Identity and Other Regulatory Information or Matter Information, we may not be able to enter into a contract with you.

What do we do with your personal data, and why?

We use your personal data for a number of different purposes. We must always have a “lawful basis” (ie a reason, prescribed by law) for processing your personal data. The Personal data table below sets out the purposes for which we process the different categories of your personal data and the corresponding lawful basis for that processing. The purposes applicable to you will vary according to the relevant Eversheds Sutherland controller of your personal data (as explained in the introductory paragraph above). For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

We also process certain special categories of personal data, which require a higher standard of protection under applicable laws. For these special categories of personal data, different lawful bases apply. We only process this type of information about you where it is necessary for the establishment, exercise or defence of a legal claim against us or where it is necessary for reasons of substantial public interest. We also have policies in place explaining our procedures for ensuring compliance with applicable laws in connection with the processing of special categories of personal data.

Cookies and similar technologies

For more information regarding how we use cookies and similar technologies in connection with your use of our platforms, please read our Cookies Policy.

Who do we share your personal data with, and why?

Sometimes we share your personal data with third parties where permitted by law, including the following:

  • other companies in or branches or offices of the Eversheds Sutherland network of firms where necessary in connection with the legal matters we are instructed on or with our business operations. You can find a list of the countries in which we operate on our Contact Us page;
  • our clients, barristers, other law firms and courts, service providers and the courts as applicable in the context of the legal services we provide to our clients;
  • courts and other judicial or official bodies, where we are asked to respond to an order or other binding requests;
  • regulatory bodies and law enforcement agencies, where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations or in connection with criminal investigations, or where otherwise permitted or required by applicable law; and
  • professional advisors (such as third party law firms and accountants) and third parties in connection with our legitimate business activities.

These organisations will also use your personal data as a “controller” – they will have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable data protection laws.

We also ask third party service providers to carry out certain business functions for us. These include IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, data rooms, document and workflow management systems and other systems and applications. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data and impose appropriate security standards on them.

Where is your personal data transferred to?

Since Eversheds Sutherland is a network of different law firms operating globally, we will sometimes need to transfer your personal data to recipients in jurisdictions other than your own. Some of these jurisdictions may not provide the same level of protection to your personal data as provided in your jurisdiction. If we transfer your personal data outside the European Union, we will only make that transfer if:

  • the recipient country ensures an adequate level of protection for your personal data;
  • the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data – this includes for example, the EU-US Privacy Shield which enables the secure transfer of personal data to the United States;
  • we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission;
  • the transfer is permitted by applicable laws; or
  • you explicitly consent to the transfer.

If you would like to see a copy of any relevant safeguards used by us to protect the transfer of your personal data, please contact dataprotectionoffice@eversheds-sutherland.com.

How do we keep your personal data secure?

We will put in place appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

However please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk. You are responsible for keeping any passwords you use to access Eversheds Sutherland platforms safe.

How long do we keep your personal data for?

We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for.  This will depend on a number of factors, including:

  • any laws or regulations that we are required to follow;
  • whether we are in a legal or other type of dispute with each other or any third party;
  • the type of information that we hold about you; and
  • whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

What are your privacy rights and how can you exercise them?

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.

Where our processing of your personal data is based on the legitimate interests lawful basis, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

Depending on the circumstances, you may have the right to:

  • access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipient to whom it is disclosed and the period for which it will be stored;
  • require us to correct any inaccuracies in your personal data without undue delay;
  • require us to erase your personal data;
  • require us to restrict processing of your personal data;
  • receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated; and
  • object to a decision that we make which is based solely on automated processing of your personal data.

Please contact us at dataprotectionoffice@eversheds-sutherland.com if you would like to exercise any of your privacy rights.

We also encourage you to let us know if you have any concern about how we are processing your personal data so we can try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you are always entitled to submit a complaint with your data protection supervisory authority – for contact details see here.

Purposes for processing personal data

 Lawful basis
Purposes of processingYour consentTo perform a contract with you To comply with a legal obligationFor our legitimate interests
Matter Related Purposes        
Responding to your enquiries  
YES
 
YES

(It is important that we can respond to your enquiries)
Resolving any complaints from or disputes with you      
YES

(We need to be able to try and resolve any complaint or dispute you might raise with us)
Performing identity checks (including those against third party sources) for identity verification purposes    
YES
YES

(We need to verify the identities of people we deal with)
Carrying out various tasks and services in connection with our clients’ matters which may involve you (eg arranging for monies due to you to be paid, sending you documents in relation to a court case or consulting and further processing documents which relate to you)      
YES

(We need to be able to carry out the tasks required in connection the provision of legal advice to our clients and other related services)
Legal and Regulatory Compliance and Reporting        
Monitoring our systems and processes to identify, record, and prevent fraudulent, criminal and/or otherwise illegal activity    
YES
YES

(We need to be able to monitor our systems in this way to help protect them, us and you from illegal activity)
Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law    
YES
 
Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws)    
YES
 
Purchasing, maintaining and claiming against our insurance policies    
YES
YES

(It' ss in our interests to protect our business against specified losses)
Training our staff    
YES
YES

(Sometimes, it is appropriate for us to use your personal information so that we can provide our staff with training to manage risk and improve the quality of our services)
Continuously reviewing and improving our products and services (including by seeking and obtaining your feedback) and developing new ones      
YES

(We have a legitimate interest in making sure that we are continuously improving our service offering)
Complying with instructions from our clients in relation to their regulatory obligations (including recording our telephone communications with you)      
YES

(Sometimes, we need to record calls to our teams to assist with our clients’ regulatory obligations, and for training and quality purposes)
General Business Requirements        
Obtaining legal advice, and establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings (including prospective legal proceedings)      
YES

(We must be able to establish and defend our legal rights and understand our obligations, and seek legal advice in connection with them)
Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality      
YES

(We need to perform this limited routine monitoring to make sure our platforms work properly)
Managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation    
YES
YES

(We have a legitimate interest in being able to sell any part of our business)
Maintaining the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same)  
YES
 
YES

(We need to make sure our that our business processes are secure)