Privacy Policy [1] (“citizenship”, “we”, “our”, “ours” or “us”) are committed to safeguarding the personal data that you provide directly to us, that we collect in the course of our business, or that we receive from you when you visit our website.

This privacy policy explains to you how we collect and process your personal data and your rights in relation to your personal data that we process. It is a global policy that applies to all our offices.

Please note, if you reply to one of our marketing emails or otherwise send a communication to us, that communication does not create any binding obligations or attorney-client relationship with us. Please do not send any information that you consider confidential unless and until we or our legal team have agreed in writing to cooperate with you with respect to a matter. Any information provided to us prior to an agreement may not be protected from disclosure and may not be subject to applicable privileges.

Quick Links

Personal Data, Defined.

Data Controller.

Personal Data We Collect From or About You.

How We Use Your Personal Data.

How and to Whom We Share Your Personal Data.

Your European Legal Rights.

Your California Legal Rights.

Notice to California Residents.

International Transfer of Your Personal Data.

How We Protect Your Personal Data.

How Long We Retain Your Personal Data.

Third-Party Websites and Links.

Automated Decisions Using Your Personal Data.

Your Choices.


Revisions to this Privacy Policy.

How to Submit a Request.

How to Contact Us.

Personal Data, Defined

Personal data is any information that enables us to identify you and that is related to an identified or identifiable natural person, such as your name, identification number(s), business or residential address, certain commercial information, online identifiers, and educational and employment history. It does not include data that is anonymized or de-identified.

Data Controller

For personal data that we collect and process about you, the data controller—as that term is defined in the EU General Data Protection Regulation (GDPR)—is our organization, or our subsidiaries or directly affiliated companies, depending on the entity with which you have principally interacted or with which you have a client or contractual relationship.

We are not a data processor—as that term is defined in the GDPR—in the context of a client relationship.

Personal Data We Collect From or About You

From time to time, we collect and process the following types of personal data from you:

  • Contact Data: this includes, for example, your name, your home or business address, your email address, your phone number, and your social media handles.
  • Client Data: this includes, for example, personal data provided to us by or on behalf of our clients and personal data that we collect in the course of providing our services to our clients, such as personal data provided by third-parties.
  • Technical Data: this includes, for example, personal data that we collect from you when you interact with our website, applications, and email communications, such as your IP address and device ID.
  • Financial Data: this includes, for example, your bank account, payment card, and other related financial data.
  • Recruitment Data: this includes, for example, your CV, professional history, educational background, and related qualifications.
  • Marketing Data: this includes, for example, your preferences in receiving marketing or promotional information from us.
  • Other Data: any other personal data that you provide to us and which can be reasonably used to identify you.

We may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, anonymized, or de-identified data, and is not personal data. If we store or associate this data with your personal data, we will treat it as personal data.  In all other cases, it is not subject to this Privacy Policy.

How We Collect Your Personal Data

We collect personal data from you through a variety of sources. We strive to collect only personal data that is adequate, relevant, and limited to achieve the purpose(s) for which it was collected. We may from time-to-time provide you with supplemental information at the time we collect your personal data to address unique or situational collection needs.

Examples of a ways in which we collect your personal data include:

  • Direct Interaction: you may provide us with your personal data when you interact with us, for example, by enquiring about our services, giving us your contact details, registering for one of our events, subscribing to our updates or promotional material, or engaging in any way with our partners, lawyers, and staff.
  • Automated Technologies: we may collect personal data automatically when you visit our website through logging and analytics tools, cookies, or click on links in our emails.
  • Private Third-Party Sources: we may collect personal data from private third-party sources, such as, for example, law firms, marketing firms, banks, clients, recruitment agencies, regulators, certain governmental agencies, on or from social media platforms, other organizations that you may have dealings with, and electronic data sources.
  • Publicly-Available Sources: we may collect personal data from publicly-available sources, including, for example, personal data available on the internet, from governmental agencies, or company registries.

How We Use Your Personal Data

We process and use your personal data to the extent permitted by applicable law. This means:

  • We process your personal data if you have given us consent to process for one or more specific purposes;
  • We process your personal data if it is necessary for the performance of a contract with you;
  • We process your personal data if it is necessary for compliance with a legal obligation to which we are subject; and/or
  • We process your personal data if it is necessary for the purposes of our or a third-party’s legitimate interests where those interests are not overridden by your interests or fundamental rights and freedoms that require protection of your personal data.

We principally rely on the legitimate interest basis for the provision of our services, including client inception and identification, the performance of our services, and for the administration and operation of ours. In addition, we principally rely on the legitimate interest basis for marketing and promoting relevant services to you, inviting you to relevant events, and providing you with our newsletters, updates, and legal and other information.

How and to Whom We Share Your Personal Data

We share your personal data within our organization and with our contracted third-party processors and/or service providers who assist us in the administration and operation of our organization, and in providing our legal services to our clients. In addition, we share your personal data when required by law.

Third-party processors and service providers with whom we may share your personal data include:

  • Our information technology and telecommunications service providers, including data centers and cloud storage providers.
  • Our marketing service providers.
  • Our legal service providers.
  • Our corporate and litigation support service providers.
  • Professional services organizations (e.g., law, accountancy, auditing, insurance, forensic, and company formation service providers).
  • Cybersecurity service providers.
  • Other service providers to whom we outsource aspects of the provision of our services and the administration and operation of our organization.
  • To another firm, in the event of a sale or merger of our organization.
  • Business partners, such as those that co-host events with us.
  • Third parties when we believe it is required by, or necessary to comply with, applicable law, such as opposing parties in litigation or in response to law enforcement requests.

We do not sell or rent your personal data to third parties for monetary or other valuable consideration and have not done so in the prior 12 months since the effective date of this privacy policy.

Notice to California Residents

Do Not Track. We use analytics systems and providers that may collect information about your online activities, and these services may provide some of this information, which may include personal data, to us. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms. Note, however, that you may find information about how to opt-out of these analytics and/or block or reject certain tracking and cooking technologies in our Cookies Policy on this website.

International Transfer of Your Personal Data

We may transfer personal data of EU residents to a third country outside the European Economic Area (EEA). The UK remains within the EEA until December 31, 2020. When we initiate a transfer, for example to one of our international offices located in, Dubai-UAE, Canada, Germany, Singapore or Hong Kong or to one of our contracted processors or service providers located outside the EEA, we ensure that an equivalent level of protection is provided to your personal data through one or more of the following: (i) an adequacy decision from the European Commission; (ii) the EU-US Privacy Shield; (iii) use of the model contractual clauses approved by the European Commission; (iv) by use of applicable derogations outlined in Article 49 of the GDPR; and/or (v) with your consent.

By submitting your personal data to us, you consent to our transfer of that personal data outside the EEA should we need to do so.

For personal data transferred pursuant to standard contractual clauses, you may obtain copies of such clauses by contacting our Data Protection Officer or simply visit our website’s “Contract” section.

How We Protect Your Personal Data

We have put in place physical, administrative, and organizational security measures to protect your personal data from being accidentally lost, used, altered, accessed, or disclosed in an unauthorized manner. We have put in place procedures to address suspected security breaches; however, no method of safeguarding information is completely secure. While we use measures designed to protect your personal data, we, unfortunately, cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit to us is or will be secure.

How Long We Retain Your Personal Data

We retain your personal data for as long as necessary to fulfill the purpose for which we collected it, including any legal, regulatory, tax, accounting, or reporting requirements, and to the extent we reasonably deem necessary to protect our rights, property, or safety, and the rights, property, and safety of our users and other third parties. For details on the retention periods applicable to specific elements of your personal data, please contact us.

Third-Party Websites and Links

Our website and other services may contain links to other websites or otherwise direct you to a third party over which we have no control and whose privacy policies may differ from ours. You should consult the privacy policies or statements for those third parties, and we do not accept any responsibility for their use of your personal data that you may provide.

Automated Decisions Using Your Personal Data

Your personal data will not be used for automated decision-making by us.

Your Choices

In addition to the applicable rights outlined, above, you have choices about how we communicate with you and how we process certain personal data about you.

  • Communications Opt-Out. You may opt-out of receiving marketing, promotional, or other communications from us at any time by following the link in a marketing communication email or email us at
  • Cookies and Web Tracking. Consult our website Cookies Policy for more information about how to control and/or opt out of certain cookies and web tracking technologies.


We do not promote, market, or direct our services to minors. As a result, we do not knowingly collect or solicit personal data from anyone under the age of 18. By using our site or by providing us your personal information, you represent that you are not under 18 years of age.

Revisions to this Privacy Policy

We reserve the right to revise or modify any part of this Privacy Policy from time to time. This Privacy Policy is effective as of April 1, 2020. Please review the policy periodically to check for changes. For substantive revisions, we will ensure that the notice of revision, along with a summary of such revisions, is conspicuous and accessible.

How to Submit a Request

California or EU residents may contact us via our Contact page within this website.

In most cases, you will not have to pay a fee to access your personal data or to exercise your other rights. However, to the extent permitted by applicable law, we may either charge a reasonable fee or refuse to comply if your request is unfounded, repetitive, or excessive.

In most instances, we are legally required to request specific information from you, including personal data, to verify your request and identity. We may also contact you to ask for further information and clarification of a request to enable us to comply with it as quickly as possible. This is a security measure to ensure that your personal data is not disclosed to anyone not authorized to receive it. In addition, if you request that we provide you with specific pieces of personal data, we require you to sign a declaration under penalty of perjury that you are the data subject whose personal data is the subject of the request.

Finally, you may use an authorized agent to make a request under the CCPA on your behalf. If you designate an authorized agent to make an access or deletion request on your behalf (a) we may require you to provide the authorized agent written permission to do so, and (b) for access and deletion requests, we may require you to verify your own identity directly with us.

How to Contact Us

If you have any questions relating to this privacy policy, or our processing of your personal data in the EEA, please contact our EU privacy officer at:


If you have questions relating to this privacy policy or our processing of your personal data in United States, please contact our U.S. privacy officer at:


If you are resident in the EU, you also have the right to make a complaint about our processing of your personal data to your national supervisory authority for data protection. If you do have a complaint, we would welcome the opportunity to discuss it with you before you contact your national supervisory authority.

[1] Citizenship and GBS is used in this privacy policy to refer to all offices and subsidiaries of Global Business Solutions Dooel, each of which is a separate entity.

Scroll to Top