The following definitions shall apply:
EU GDPR means the General Data Protection Regulation (EU) 2016/679.
EU SCCs means the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
"Standard Contractual Clauses" means:
(i) where the EU GDPR applies, the EU SCCs; and
(ii) where the UK GDPR applies, the UK Addendum.
UK GDPR means the EU GDPR as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018.
UK Addendum means the "International Data Transfer Addendum to the EU Commission Standard Contractual Clauses" issued by the Information Commissioner under s.119A(1) of the Data Protection Act 2018.
Terms such as 'controller', 'personal data', 'processor', 'process', 'personal
data breach' etc. shall have the meaning ascribed to them in the EU GDPR or UK
GDPR as applicable.
International Data Transfers
1. The EU SCCs will apply between Fieldfisher and the Client in relation to personal data that is transferred outside of the European Economic Area. The EU SCCs are completed as follows:
(a) Module One will apply;
(b) in Clause 7, the optional docking clause will not apply;
(c) in Clause 11, the optional language will not apply;
(d) in Clause 17 (Option 1), the EU SCCs will be governed by Irish law;
(e) in Clause 18(b), disputes shall be resolved before the courts of Ireland;
(f) in Annex I:
(i) Part A: with the information set out in Schedule 1 to these terms;
(ii) Part B: with the information set out in Schedule 1 to these terms; and
(iii) Part C: in accordance with the criteria set out in Clause 13(a) of the EU SCCs;
(g) Annex II: with the information set out in Schedule 1 to these terms.
2. The UK Addendum will apply between Fieldfisher and the Client in relation to personal data that is transferred outside of the United Kingdom. The UK Addendum will be completed as follows:
(a) the EU SCCs, completed as set out above in clause 1, shall apply between Fieldfisher and the Client, and shall be modified by the UK Addendum (completed as set out in sub-clause (b) below); and
(b) tables 1 to 3 of the UK Addendum shall be deemed completed with relevant information from the EU SCCs, completed as set out above, and the options "Exporter" and "Importer" shall be deemed checked in Table 4. The start date of the UK Addendum (as set out in Table 1) shall be the date of the engagement letter.
3. The following additional terms shall also apply:
(a) If there is any conflict between these terms and the Standard Contractual Clauses applicable to Fieldfisher's transfer of personal data to the Client, those Standard Contractual Clauses will prevail;
(b) In the event that the European Commission and the US government (as applicable) agrees a successor solution to the EU-US Privacy Shield and the Client becomes lawfully able to receive or process the relevant personal data under such successor solution (whether by virtue of self-certification under it or otherwise), then:
(i) that successor solution shall automatically be deemed to apply to the transfer of personal data from Fieldfisher to the Client from the European Economic Area so long as it remains valid;
(ii) the relevant Standard Contractual Clauses shall no longer apply to that transfer; and
in the event that solution is terminated or becomes
invalid, or is no longer applicable to the Client, then the Standard
Contractual Clauses shall once again apply.
As is set out in the Terms of Business, the parties are: Fieldfisher LLP and the Client.
Categories of personal data transferred:
- Basic information such as name, company, position and relationship to a person;
- Contact information such as postal address, email address and telephone number(s);
- Financial information, such as payment related information;
- Identification and background information;
- Special categories of personal information, such as information about a person's physical or mental health, alleged criminal activities, or similar where this is necessary in connection with the services provided (for example, to advise on a personal injury claim or in connection with a criminal prosecution); and
- Any other personal information that may be provided
for the purpose of giving or receiving legal advice.
Purpose(s) of the data transfer and further processing
This information is used to facilitate the provision of or receipt of services. Personal data will also be processed for identification and background information as part of business acceptance, finance, administration and marketing processes, including anti-money laundering, counter-terrorist financing, conflict, reputational and financial checks, and to fulfil any other legal or regulatory requirements to which a party may be subject. Personal data may also be used for marketing and internal analytics purposes.
The information our Client provide may be disclosed to third parties to the
extent that is reasonably necessary in connection with legal work (for example,
when seeking advice from external counsel or experts).
Categories of data subjects whose personal data is transferred.
Clients, contacts, employees and third parties related to Clients.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Nature of the processing.
The provision of legal services.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period.
Personal data will
be retained where the party has an ongoing legitimate business need to do so
(for example, to provide a service or to comply with applicable legal, tax or
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing.
Schedule 2: Security measures:
Further details on the Firm's security measures can be found here: Data Protection and Information Security at Fieldfisher.