Norton Rose Fulbright takes data privacy seriously. We recognise and value the trust that individuals place in us when providing us with personal data and we are committed to safeguarding the privacy and security of personal data we may collect from visitors to our websites and/or the clients to whom we provide legal and other services.
This Privacy notice aims to help you understand our personal data collection, usage and disclosure practices by explaining:
By providing your personal data to us (whether via one of our websites, by email, in person or over the phone), you agree to the processing set out in this Privacy notice. Further notices highlighting certain uses we wish to make of your personal data together with the ability to opt in or out of selected uses may also be provided to you when we collect personal data from you.
Please note: This Privacy notice does not apply to, and Norton Rose Fulbright is not responsible for, any third party websites which may be accessible through links from this website. If you follow a link to any of these third party websites, they will have their own privacy policies and you will need to check these policies before you submit any personal data to such third party websites.
This Privacy notice aims to help you understand our personal data collection, usage and disclosure practices by explaining:
Norton Rose Fulbright is a global law firm structured as a Swiss Verein, the members of which are Norton Rose Fulbright US LLP, Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP and Norton Rose Fulbright South Africa Inc (each of which is a separate legal entity) and their respective affiliates. Norton Rose Fulbright provides the world’s preeminent corporations and financial institutions with a full business law service.
Please see “Who is the data controller of your personal data” below for more information on the entities that control and process personal data within Norton Rose Fulbright.
We may collect and process different types of personal data in the course of operating our business and providing our services. These include:
We may collect or receive your personal data in a number of different ways:
We will only use your personal data where we are permitted to do so by applicable law. Under EU and UK data protection law, the use of personal data must be justified under one of a number of legal grounds. The principal legal grounds that justify our use of your personal data are:
We may use your personal data in the following ways. In each case, we note the grounds that we rely on to use your personal data.
Norton Rose Fulbright is a global law firm and as such any personal data that we collect or you provide to us may be shared with and processed by any Norton Rose Fulbright entity among our global network.
We may also share your personal data with a variety of the following categories of third parties:
We may also process your personal data to comply with our regulatory requirements or in the course of dialogue with our regulators as applicable, which may include disclosing your personal data to government, regulatory or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, or unless to do so would prejudice the prevention or detection of a crime, we will direct any such request to you or notify you before responding.
As a global law firm, we cannot limit our processing of an individual’s personal data to the country in which that individual is based. In the course of providing our services, we will likely need to transfer personal data to locations outside the jurisdiction in which you provide it or where you are viewing our website. If you are based in the European Economic Area (EEA), this will mean that your personal data may be transferred to, accessible from, and/or stored at, a destination outside the EEA such as the United Kingdom or other countries in which data protection laws may not be as comprehensive as in the EEA.
Regardless of the location of our processing, we will impose the same data protection safeguards that we deploy inside the EEA and implement appropriate measures to ensure that your personal data is protected in accordance with applicable data protection laws. Norton Rose Fulbright has a data sharing agreement in place signed by all Norton Rose Fulbright entities which includes EU standard contractual clauses. Similarly, where a third party service provider processes the personal data of EEA or UK residents on our behalf, we will ensure that appropriate measures are in place to ensure an adequate level of protection for your personal data, usually by including EU standard contractual clauses in our agreements with such third party service providers (alongside other supplementary technical or contractual measures where necessary).
Please contact us as directed below if you would like to see a copy of the specific safeguards applied to the export of your personal data
We will retain your personal data for as long as is necessary to fulfil the purpose for which this data was collected and any other permitted linked purpose (for example certain transaction details and correspondence related to any legal services we provide may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). If your personal data is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. Our retention periods are also based on our business needs and good practice.
We recognise that information security is an integral element of data privacy. While no data transmission (including over the Internet or any website) can be guaranteed to be secure from intrusion, we implement a range of commercially reasonable physical, technical and procedural measures to help protect personal data from unauthorised access, use, disclosure, alteration or destruction in accordance with data protection law requirements.
Information that you provide to us is stored on our or our service providers’ secure servers and accessed and used subject to our security policies and standards, or those agreed with our service providers. Norton Rose Fulbright holds the ISO/IEC 27001:2013 (ISO 27001) accreditation for its IT operations globally. ISO27001 is an internationally recognised certification that information security is managed in line with best practice.
Everyone at Norton Rose Fulbright and any third party service providers we may engage that process personal data on our behalf (for the purposes listed above) are also contractually obligated to respect the confidentiality of personal data.
Alongside our role, please also note that where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites or online services, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
If you have any questions about our use of your personal data, you should first contact us via the details provided in section 12 below. Under certain circumstances and in accordance with EU or other applicable data protection laws, you may have the right to require us to:
You may also ask us not to process your personal data for marketing purposes. We will inform you if we intend to disclose your information to any third party service provider for this purpose. As indicated in section 4 above, you can exercise your right to prevent such processing at any time by using an unsubscribe facility or contacting us at privacypolicy@nortonrosefulbright.com.
We are also required to take reasonable steps to ensure that your personal data remains accurate. In order to assist us with this, please let us know of any changes to the personal data that you have provided to us by contacting us at privacypolicy@nortonrosefulbright.com or by using any relevant facilities (such as Manage your communications) that we provide.
While it is our policy to respect the rights of individuals, please be aware that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and some of these rights may be limited (for example the right to withdraw consent) where we are required or permitted by law to continue processing your personal data to defend our legal rights or meet our legal and regulatory obligations.
If you contact us to exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to complain to the relevant Supervisory Authority (data protection regulator).
As indicated above, Norton Rose Fulbright is made up of a number of different entities. Depending on where you are located and the location from which legal or other services are provided, the data controller of your personal data processed by us under this Privacy notice will be different. Please click here for details of which Norton Rose Fulbright entities will be data controllers in which countries and, where necessary, please note any local country-specific privacy notices (links to these additional notices are included at the bottom of this Privacy notice).
When you visit our websites we may send a cookie to your computer. This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages. For details of the cookies employed by us, please see our Cookie Policy, which forms part of this Privacy notice. We may also analyse website traffic to identify what visitors find most interesting so we can tailor our websites accordingly.
If you have any questions about this Privacy notice or how we process your personal data, please contact us by sending an email to: privacypolicy@nortonrosefulbright.com or by writing to:
Data Protection Officer
Norton Rose Fulbright LLP
3 More London Riverside
London, SE1 2AQ
United Kingdom
If you have a concern or a question about how we have processed your personal information, you should first raise your concern or question with Human Resources. In the event that Human Resources is unable to resolve the concern or question, you may call 713 651 7777 or 1 877 203 2849 or e-mail privacypolicy@NortonRoseFulbright.com for assistance.
Data Protection Officer
799 9th Street NW, Suite 1000
Washington DC 20001
United States
We may change the content of our websites and how we use cookies without notice and consequently our Privacy notice and Cookie Policy may change from time to time in the future. We therefore encourage you to review them when you visit the website to stay informed of how we are using personal data.
This Privacy notice was last updated in May 2021.
Please see details below of our further country-specific notices.
In Australia certain additional restrictions apply – please see our Australian notice