Definitions
The following definitions shall apply:
EU GDPR means the General Data Protection Regulation (EU) 2016/679.
EU
SCCs means the contractual clauses annexed to the European Commission's
Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses
for the transfer of personal data to third countries pursuant to Regulation
(EU) 2016/679 of the European Parliament and of the Council.
"Standard Contractual Clauses" means:
(i) where the EU GDPR applies, the EU SCCs; and
(ii) where the UK
GDPR applies, the UK Addendum.
UK GDPR means the EU GDPR as it forms part of UK law by virtue of
section 3 of the European Union (Withdrawal) Act 2018.
UK
Addendum means the "International Data Transfer Addendum to the EU
Commission Standard Contractual Clauses" issued by the Information Commissioner
under s.119A(1) of the Data Protection Act 2018.
Terms such as 'controller', 'personal data', 'processor', 'process', 'personal
data breach' etc. shall have the meaning ascribed to them in the EU GDPR or UK
GDPR as applicable.
International Data Transfers
1.
The EU SCCs will apply between Fieldfisher and the
Client in relation to personal data that is transferred outside of the European
Economic Area. The EU SCCs are completed as follows:
(a)
Module One will apply;
(b)
in Clause 7, the optional docking clause will not
apply;
(c)
in Clause 11, the optional language will not apply;
(d)
in Clause 17 (Option 1), the EU SCCs will be
governed by Irish law;
(e)
in Clause 18(b), disputes shall be resolved before
the courts of Ireland;
(f)
in Annex I:
(i)
Part A: with the information set out in Schedule 1
to these terms;
(ii)
Part B: with the information set out in Schedule 1
to these terms; and
(iii)
Part C: in accordance with the criteria set out in
Clause 13(a) of the EU SCCs;
(g)
Annex II: with the information set out in Schedule
1 to these terms.
2.
The UK Addendum will apply between Fieldfisher
and the Client in relation to personal data that is transferred outside of the
United Kingdom. The UK Addendum will be completed as follows:
(a)
the EU SCCs, completed as set out above in clause 1,
shall apply between Fieldfisher and the Client, and shall be modified by the UK
Addendum (completed as set out in sub-clause (b) below); and
(b)
tables 1 to 3 of the UK Addendum shall be deemed
completed with relevant information from the EU SCCs, completed as set out
above, and the options "Exporter" and "Importer" shall be
deemed checked in Table 4. The start date of the UK Addendum (as set out in
Table 1) shall be the date of the engagement letter.
3.
The following additional terms shall also apply:
(a)
If there is any conflict between these terms and
the Standard Contractual Clauses applicable to Fieldfisher's transfer of personal
data to the Client, those Standard Contractual Clauses will prevail;
(b)
In the event that the European Commission and the
US government (as applicable) agrees a successor solution to the EU-US Privacy
Shield and the Client becomes lawfully able to receive or process the relevant personal
data under such successor solution (whether by virtue of self-certification
under it or otherwise), then:
(i)
that successor solution shall automatically be
deemed to apply to the transfer of personal data from Fieldfisher to the Client
from the European Economic Area so long as it remains valid;
(ii)
the relevant Standard Contractual Clauses shall no
longer apply to that transfer; and
(iii)
in the event that solution is terminated or becomes
invalid, or is no longer applicable to the Client, then the Standard
Contractual Clauses shall once again apply.
Schedule 1
Part A:
As is set out in the Terms of Business, the parties are: Fieldfisher LLP
and the Client.
Part B:
Categories of personal data transferred:
- Basic information such as name, company,
position and relationship to a person;
- Contact information such as postal address,
email address and telephone number(s);
- Financial information, such as payment related
information;
- Identification and background information;
- Special categories of personal information,
such as information about a person's physical or mental health, alleged
criminal activities, or similar where this is necessary in connection with
the services provided (for example, to advise on a personal injury claim
or in connection with a criminal prosecution); and
- Any other personal information that may be provided
for the purpose of giving or receiving legal advice.
Purpose(s)
of the data transfer and further processing
This information is used to facilitate the provision of or receipt of services. Personal
data will also be processed for identification and background information as
part of business acceptance, finance, administration and marketing processes,
including anti-money laundering, counter-terrorist financing, conflict,
reputational and financial checks, and to fulfil any other legal or regulatory
requirements to which a party may be subject. Personal data may also be used
for marketing and internal analytics purposes.
The information our Client provide may be disclosed to third parties to the
extent that is reasonably necessary in connection with legal work (for example,
when seeking advice from external counsel or experts).
Categories of data subjects whose
personal data is transferred.
Clients, contacts, employees and third
parties related to Clients.
The frequency of the transfer (e.g.
whether the data is transferred on a one-off or continuous basis).
Continuous.
Nature of the processing.
The provision of legal services.
The period for which the personal data
will be retained, or, if that is not possible, the criteria used to determine
that period.
Personal data will
be retained where the party has an ongoing legitimate business need to do so
(for example, to provide a service or to comply with applicable legal, tax or
accounting requirements).
For transfers to (sub-) processors,
also specify subject matter, nature and duration of the processing.
Not applicable.
Schedule 2: Security measures:
Further details on the Firm's security measures can
be found here: Data Protection and Information Security at Fieldfisher.