Privacy Policy

We collect and process the following personal data from you in our capacity of independent data controllers:

• Due Diligence & Compliance Data, including information collected for client onboarding, Know Your Client (KYC) procedures, anti-money laundering checks, sanctions screening, and conflict of interest checks. This includes identity verification documents (government-issued photo identification), address verification documents (utility bills, bank statements, mortgage statements, leases), photographs, place of birth, nationality, jurisdiction of residency, professional background and business connections (including directorships, memberships, management roles, shareholdings), family member information and relationships, and criminal convictions or related compliance issues obtained directly from clients or through third-party databases and screening services;
• Risk Assessment Data, including information used to assess client and matter risk profiles, beneficial ownership information, politically exposed persons (PEP) status, adverse media references, and sanctions list matches obtained through automated and manual screening processes;
• Identity and Contact Data, including your name, address, and telephone number;
• Business Information, including information provided in the course of the client relationship between you or your organisation and Bird & Bird, or otherwise voluntarily provided by you or your organisation;
• Information relevant to our legal advice, including personal data relevant to any dispute, grievance, investigation, arbitration, or other legal advice we have been asked to provide to our client;
• Physical Access Data, relating to details of your visits to our premises;
• Sensitive personal data, including in the course of our client services, we may represent you and/or your organisation in legal matters that require us to collect and use sensitive personal information relating to you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life and sexual orientation or details of criminal offences, or genetic or biometric data). For example, if we represent you in a criminal case, we will collect information about the alleged offences and any related criminal history and or international sanctions. In some employment representations, such as disputes involving alleged discrimination, information about medical conditions, race, religion and/or sexual orientation may be relevant to the representation. Similarly, representations in tax or social security matters may also require us to collect sensitive personal information, such as if we are advising on whether certain disabilities qualify for social security or tax benefits. Where we process sensitive personal information in the course of these and other similar client services, we do so to assist you and/or your organisation to establish, exercise or defend legal claims or to assist you and/or your organisation in fulfilling the rights and obligations of applicable employment or social security laws; and
• Direct Marketing, including your communication preferences and interests. 

How do we collect your personal data?

The circumstances in which we can collect personal data about you include:

• when you or your organisation seek legal advice from us or use any of our online client services;
• when it is provided to us by a third party because you are the subject of, or your data is otherwise included in, legal advice we are asked to provide to that third party client (for example, where we are asked to provide advice in an employment dispute, or where you are the subject of an investigation we are asked to conduct)
• when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our lawyers, consultants and staff;
• when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms; and
• by making enquiries from your organisation, other organisations with whom you have dealings such as government agencies, a credit reporting agency, information service providers or from publicly available records.

How will we use your personal data?

We use your personal data only for the following purposes:

• To fulfil a contract, or take steps linked to a contract, with you or your organisation. This includes:
  
  • to register you as a client of Bird & Bird;
  • to provide and administer legal services or other services or solutions, as sought by you or your organisation; and
  • to process payments, billing and collection.
  As required by Bird & Bird to conduct our business and pursue our legitimate interests, in particular:
• to administer and manage our relationship with you, including accounting, auditing, and taking other steps linked to the performance of our business relationship including identifying persons authorised to represent you;
• to analyse and improve our services and communications and to monitor compliance with our policies and standards;
• to manage access to our premises and for security purposes;
• to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
• for insurance purposes;
• to exercise or defend our legal rights or to comply with court orders;
• to provide legal advice and legal services to you; 
• to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives; to send you details of client surveys, marketing campaigns, market analysis, or other promotional activities; 
• to collect information about your preferences to personalise and improve the quality of our communications with you; and 
• as required by law, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws). This includes conducting comprehensive client onboarding and KYC procedures, anti-money laundering and sanctions screening, and conflict of interest checks to ensure compliance with professional standards obligations, legal requirements, and regulatory guidance. We process personal data to screen against sanctions lists, politically exposed persons databases, adverse media sources, and our internal client database to identify potential conflicts of interest and maintain professional conduct obligations. This can include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.

Additionally, to foster a more connected, efficient and client-centric environment, we may use client intelligence tools that uncover contacts and relationships across the firm and sync them to our CRM system to streamline data quality management, remain informed about our contacts' insights by using publicly available information, enhance collaboration between teams across Bird & Bird to expand services, and help us align on opportunities to support efficient business decisions.

Client Due Diligence Data Limitation: Save as otherwise set out in this Notice, where personal data is collected as part of our client due diligence processes, such personal data will only be used for the purposes of preventing money laundering, terrorist financing or proliferation financing. It will not be used for any other purpose without your consent or an alternative legal ground. 

The legal grounds we rely on

We process client personal data on three primary legal grounds under applicable data protection legislation: 

• where it is necessary for the performance of our contract with you or your organisation, including onboarding you as a client, providing and administering legal services and solutions, and processing payments and billing; 
• to comply with our legal and professional obligations, including comprehensive client onboarding and KYC procedures, anti-money laundering and sanctions screening, conflict of interest checks, maintaining records, and other compliance requirements under professional standards, regulatory guidance, and applicable laws. This encompasses our obligations to screen against sanctions lists, politically exposed persons databases, and adverse media sources to ensure regulatory compliance and maintain our professional conduct duties;
• we rely on our legitimate interests in conducting our business effectively, including administering client relationships, analysing and improving our services, managing premises access and security, protecting our systems from security threats, insurance purposes, exercising or defending legal rights, communicating about our services and events, and using client intelligence tools to enhance collaboration and business efficiency. In all cases, we ensure that our processing is proportionate and that our legitimate interests do not override your fundamental rights and freedoms as a data subject.

Where and how we transfer and share your personal data?

When we need to transfer or share your personal data, we put in place appropriate technical and organisational measures, including international transfer safeguards (unless an Adequacy Decision is in place), to ensure a secure and compliant processing. We may share your personal data, in the following circumstances:

• with our subsidiary undertakings and/or affiliates for the purposes of providing you with our services as described in this Notice. You can see more about our group entities, here;
• with third parties including certain data processors and professional third-party service providers we have retained in connection with the legal services we provide, such as barristers, consultants, mediators, or experts and other legal specialists such as law firms for obtaining specialist or foreign legal advice, translators, education evaluation services, couriers, or other necessary entities;
• if we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
• on a confidential basis with third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve our services
• with companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
• with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
• with service providers who we engage within or outside of Bird & Bird, domestically or abroad, e.g. shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only; or
• if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.

If you require further information about the way we process your personal data in the context of client engagement and the provision of legal services, including obtaining a copy of your personal data, please contact us at privacy@twobirds.com.

When you apply to work for Bird & Bird, we collect and process the following personal data from you in our capacity of independent data controllers:

• Identity and Contact Data, including your name, address, telephone number, date of birth, marital status, passport number;
• Recruitment-specific data, including CVs, cover letters, application forms, interview records, assessment results, reference information, and background check data where legally permitted;
• Physical Access Data, relating to details of your visits to our premises;
• Sensitive personal data, including information about your racial or ethnic origin, political opinions, religious beliefs, sexual orientation; and
• Direct Marketing, including your communication preferences and interests. 

How do we collect your personal data?

The circumstances in which we can collect personal data about you include:

• Directly from you when you complete job applications on our recruitment websites, and from correspondence with you during the recruitment process;
• From recruitment agencies when you have applied through one of our third-party recruitment agencies or headhunters; and
• From our background check providers, where legally permitted and with your appropriate consent.

How will we use your personal data?

We use your personal data only for the following purposes:

• to process applications for employment;
• to comply with our legitimate interests including, equal opportunities monitoring and promoting diversity and inclusion, improving our recruitment processes and candidate experience, and protecting our business interests during the recruitment process; 
• to fulfil our legal obligations, including right to work verifications and immigration compliance, health and safety requirements for certain roles, and records-keeping requirements under applicable employment legislation;
• to perform pre-employment checks, where legally permitted;
• to communicate with you throughout the recruitment process and provide updates on your application status; and
• to make employment offers and negotiate terms of employment for successful candidates. 

The legal grounds we rely on

We process recruitment-related personal data on three primary legal grounds under applicable data protection legislation:

• we rely on your consent where you have voluntarily provided your personal data through your job application and agreed to our processing activities for recruitment purposes, including communicating with you throughout the recruitment process and providing updates on your application status;
• to comply with our legal obligations, including conducting right to work verifications and immigration compliance checks, meeting health and safety requirements for certain roles, maintaining records as required under applicable employment legislation, and performing pre-employment checks where legally mandated; and
• we rely on our legitimate interests in conducting effective recruitment processes, including processing employment applications, equal opportunities monitoring and promoting diversity and inclusion, improving our recruitment processes and candidate experience, protecting our business interests during recruitment, and making employment offers and negotiating terms of employment for successful candidates. We ensure that our legitimate interests are balanced against your fundamental rights and freedoms, and that all processing activities are proportionate and necessary for the stated recruitment purposes. 

Where and how we transfer and share your personal data?

When we need to transfer or share your personal data, we put in place appropriate technical and organisational measures, including international transfer safeguards (unless an Adequacy Decision is in place), to ensure a secure and compliant processing. We may share your personal data, in the following circumstances:

• with third parties including certain data processors or other necessary entities;
• with companies providing background check services; 
• with courts or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
• with service providers who we engage within or outside of Bird & Bird, domestically or abroad, e.g. shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only; or
• if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.

If you required further information about the way we process your personal data in the recruitment, including obtaining a copy of your personal data, please contact us at privacy@twobirds.com.

To support our business operations and service delivery, we engage with suppliers and certain service providers, and we collect and process the following personal data from you in our capacity of independent data controllers:

• Identity and Contact Data, including your name, address, and telephone number;
• Financial and Payment Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
• Business Information, including information provided in the course of the contractual relationship between you or your organisation and Bird & Bird, or otherwise voluntarily provided by you or your organisation;
• Physical Access Data, relating to details of your visits to our premises;
• Due Diligence Data, including regulatory compliance checks and insurance details; and
• Performance Data, including service delivery records, quality assessments, and compliance monitoring.

How do we collect your personal data?

The circumstances in which we can collect personal data about you include:

• Directly from you through business interactions, contracts, general correspondence and through supplier applications;
• From your organisation;
• Through business networks such as professional directories, industry events, and referrals; and
• From publicly available sources, such as company websites, professional profiles, and business registrations. 

How will we use your personal data?

We use your personal data only for the following purposes:

• To evaluate and select our suppliers for goods and service we require;
• To manage the relationship with our suppliers, including contract negotiation, performance monitoring, and ongoing communication;
• To comply with our legitimate interests, including ensuring quality and reliability of services, and conducting risk assessments;
• To fulfil our legal obligations, including AML and sanctions compliance, tax and regulatory reporting requirements, and health and safety compliance for on-site suppliers; and
• To process payments and manage financial transactions.

The legal grounds we rely on

We process supplier-related personal data on three primary legal grounds under applicable data protection legislation:

• where it is necessary for the performance of our contract with suppliers, including evaluating and selecting suppliers for goods and services we require, managing supplier relationships through contract negotiation and performance monitoring, ongoing communication, and processing payments and managing financial transactions;
• to comply with our legal obligations, including anti-money laundering and sanctions compliance requirements, tax and regulatory reporting obligations, and health and safety compliance for suppliers working on-site at our premises; and
• we rely on our legitimate interests in conducting our business effectively, including ensuring the quality and reliability of services we procure, conducting risk assessments of our suppliers, and maintaining effective supplier relationships to support our operational requirements. We ensure that our legitimate interests are balanced against the fundamental rights and freedoms of individuals whose personal data we process, and that all processing activities are proportionate and necessary for the stated supplier management purposes.

Where and how we transfer and share your personal data?

When we need to transfer or share your personal data, we put in place appropriate technical and organisational measures, including international transfer safeguards (unless an Adequacy Decision is in place), to ensure a secure and compliant processing. We may share your personal data, in the following circumstances:

• with third parties including certain data processors or other necessary entities;
• with courts or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
• with service providers who we engage within or outside of Bird & Bird, domestically or abroad, e.g. shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only; or
• if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.

If you required further information about the way we process your personal data in the recruitment, including obtaining a copy of your personal data, please contact us at privacy@twobirds.com.

When you visit any of our websites, or use any of our applications or tools, we collect the following personal data from you in our capacity of independent data controllers:

• Identity and Contact Data, including your name and business email address;
• Profile and Usage Data, including passwords to Bird & Bird websites or password protected platforms or services, your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites(s), including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs). To learn more about our use of cookies or similar technology please check our cookies policy here;
• Technical Data, including information collected during your visits to our website(s), the Internet Protocol (IP) address, login data, browser type and version, device type, time zone
  setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies or similar technology please check our cookies policy here; and

When we use analytic cookies, Profile and Usage Data and Technical Data (as defined above) are collected and used.

How do we collect your personal data?

When you visit our websites or use our applications and tools, we collect personal data through:

• Direct input from you when you create accounts;
• Automated collection technologies such as cookies and similar technologies; and
• Authentication systems.

How will we use your personal data?

We use your personal data only for the following purposes:

• To provide you with access to any of our applications and tools; and
• For website analytics and marketing communications where you opted-in.

The legal grounds we rely on

We process personal data collected through our websites, applications and tools on three primary legal grounds under applicable data protection legislation:

• where it is necessary for the performance of a contract with you, including providing you with access to our applications and tools included in our services; 
• we rely on your consent where you have explicitly opted-in to receive marketing communications or agreed to our use of cookies and tracking technologies for website analytics purposes; and
• we may rely on our legitimate interests in operating and improving our digital platforms, analysing website usage patterns to enhance user experience, and maintaining the security and functionality of our online services, provided such processing does not override your fundamental rights and freedoms. 

Where and how we transfer and share your personal data?

When we need to transfer or share your personal data, we put in place appropriate technical and organisational measures, including international transfer safeguards (unless an Adequacy Decision is in place), to ensure a secure and compliant processing. We may share your personal data, in the following circumstances:

• with third parties including certain data processors or other necessary entities; or
• with service providers who we engage within or outside of Bird & Bird, domestically or abroad, e.g. shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.

We also collect personal data through our standard use of CCTV cameras for health and safety, and security purposes. Additionally, our security officers utilise body-worn cameras specifically during incidents or when they are on external patrols. This is conducted in order to bolster our security measures and for their own personal safety. The system is only deployed strategically when needed and with prior notification to the data subjects. This approach ensures that our use of body-worn cameras remains targeted and proportional to the situations, while still fulfilling commitment to enhancing security and managing risks effectively. We process this personal data on the basis of our legitimate interests in maintaining the security and safety of our premises, staff, and visitors. 

Event Attendees and Participants, personal data directly provided to us by you when you attend our seminars, training sessions, webinars, networking events, and professional development programmes. Such personal data includes name, business email address, and direct marketing preferences. We will process this personal data until you tell us otherwise.

Third-Party Contacts’, personal data about individuals at client organisations, opposing parties, witnesses, and other stakeholders involved in legal matters, and contact details of professional contacts and referral sources. Such personal data includes identity information (names, job titles, addresses, dates of birth where relevant), contact details (business and personal email addresses, telephone numbers, office addresses), professional background and role information (position within organisations, authority levels, areas of expertise, relationship to legal matters), communication records (correspondence, meeting notes, instructions, witness statements), financial information where material to legal proceedings (assets, income, policy details), background and relationship data (professional history, business interests, credibility factors, referral sources, previous collaborations), and in some cases sensitive personal data such as health information or criminal records where relevant to testimony or legal matters, covering individuals at client organisations, opposing parties, witnesses, expert witnesses, regulators, court personnel, insurance representatives, family members, business associates, and professional contacts or referral sources involved in or connected to our legal services. We will process this personal data for as long as it is required to comply with our contractual, professional and legal obligations. 

Reference and Background Information, such as personal data obtained from former employers, educational institutions, and professional references, and information from publicly available sources, government agencies, and information security providers. Such personal data includes identity verification details (names, dates of birth, addresses), employment history (job titles, dates of employment, performance records, reasons for leaving), educational qualifications (degrees, certificates, transcripts), professional references (contact details, reference letters, character assessments), publicly available information (court records, company directorships, media mentions, social media profiles), and government/commercial database information (criminal record checks, credit history, sanctions screening, professional licensing records, background verification reports) covering employees, job applicants, clients, suppliers, and other individuals subject to due diligence or compliance requirements. We will process this personal data for as long as it is required to comply with our contractual, professional and legal obligations.

Your Responsibilities: If you provide us with personal data about other people, you must ensure that:

• They understand how their information will be used;
• You have their permission to share their data with us; and
• They are aware we may share their data with our service providers where necessary.

We process this personal data about other people on four primary legal grounds under applicable data protection legislation. Where we process Event Attendees and Participants data, we rely on consent where individuals have voluntarily provided their personal data when attending our seminars, training sessions, webinars, networking events, and professional development programmes, including their direct marketing preferences. For Third-Party Contacts involved in legal matters, we process personal data where it is necessary for the performance of our contract with clients to provide legal services, including identity information, contact details, professional background, communication records, and financial information relevant to legal proceedings. We also rely on our legitimate interests in maintaining professional relationships, managing referral sources, and effectively delivering legal services to our clients, provided such processing does not override the fundamental rights and freedoms of the individuals concerned. Additionally, we process Reference and Background Information to comply with our legal obligations, including conducting due diligence checks, compliance screening, and background verification as required under professional standards, regulatory requirements, and applicable laws. This encompasses identity verification, employment history, educational qualifications, publicly available information, and government or commercial database information for employees, job applicants, clients, suppliers, and other individuals subject to compliance requirements. In all cases, we ensure that our processing is proportionate, necessary for the stated purposes, and conducted in accordance with our professional duties and data protection obligations.

If You Fail To Provide Personal Data

Where we need to collect personal data by law or in order to process your instructions or perform a contract we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.

Updating Personal Data About You

If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to privacy@twobirds.com. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

Right To Withdraw Consent

• If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
• To opt-out of receiving our marketing communications t please follow the opt-out links on any marketing message sent to you or contact privacy@twobirds.com. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our legal services.

Your Rights

You have various rights with respect to our use of your personal data:

• Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
• Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
• Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us.
• Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
• Erasure: You have the right to [ask/require] us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
• Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.

You may, at any time, exercise any of the above rights, by contacting privacy@twobirds.com together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.

Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. All decisions that may affect your legal rights or have significant impact on you are made with human involvement and oversight.

Where we use automated systems for compliance screening purposes (such as sanctions list checking, anti-money laundering verification, or conflict of interest identification), these are used as tools to assist our compliance processes rather than to make automated decisions about you. Any results from such automated screening are reviewed by our staff, and decisions based on this information involve human assessment and intervention.

Similarly, our use of client intelligence tools and CRM systems to manage business relationships and identify opportunities involves automated data processing but does not result in automated decision-making that affects your rights or interests.

If our approach to automated decision-making changes in the future, we will update this Privacy Notice and, where required by law, seek your consent or provide you with information about your rights in relation to such processing.

Security of your personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Bird & Bird to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at privacy@twobirds.com.

Upon expiry of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations.

Changes to our Privacy Notice

We reserve the right to update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Notice. 

The following provisions apply in Australia in addition to the provisions of the Privacy Notice set out above.

Personal data we collect

In Australia, sensitive personal data also includes philosophical beliefs or membership of a political association or a professional or trade association.

Information we transfer

We may share your personal information with offices of Bird & Bird LLP and its affiliated and associated businesses outside Australia. The locations of those offices can be found at www.twobirds.com.

Right to withdraw consent

If you choose not to provide personal information or withdraw consent to our use or disclosure of such information, we may not be able to provide some of the services you have requested from us.

Your Rights: Additional Australian contact

If you have any queries or wish to make a complaint about our privacy practices or our compliance with the Australian Privacy Principles, then please contact the privacy officer at sydprivacy@twobirds.com, and we will use our reasonable efforts to promptly address your concerns or complaint. 

If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), from here on referred to as CCPA. The following provisions apply in California in addition to the provisions of the Privacy Notice set out above.

Definitions

‘Personal Information’ (“PI”) has the meaning given in the CCPA.

Personal Information that we collect

As set out in the ‘Personal data we collect’, above.

Sources and disclosure

We may collect Personal Information directly from you, automatically from your interactions with us or other third parties.

We may disclose information about you with other Bird & Bird entities, suppliers and, where appropriate, with selected partners to help us provide you with our legal services, or to fulfil your requests.

Purposes of processing your Personal Information

As set out in ‘How will we use your personal data’, above.

Rights relating to your Personal Information

As a California resident, you have the right to:

• Know your Personal Information
• Request Deletion or Rectify your Personal Information
• Opt out of Sale or Sharing of your Personal Information, including:
  
  • To opt out of the use of cookie data for the purposes of targeted advertising; and
  • To opt out of the use of email address for the purpose of marketing communications and targeted advertising.
• Limit the Use or Disclosure of Sensitive Personal Information

Sale and Share

We do not sell Personal Information as the term sell is commonly understood. In CCPA, a sale is defined to include disclosures of personal data to a third party for monetary or valuable consideration. Certain third parties may collect or receive information from us so that we can provide you with legal services. These third parties do not use your personal information for other purposes than those we contracted them for.

If you wish you exercise any of the above rights, please contact us at privacy@twobirds.com, or by using the contact form here.

The following provisions apply in Japan in addition to the provisions of the Notice set out above.

Joint use of personal data

Bird & Bird jointly use your personal data to the extent set out below. “Bird & Bird” comprises Bird & Bird Gaikokuho Jimu Bengoshi Jimusho and Bird & Bird Japan (Services) G.K. and Bird & Bird LLP and its subsidiary undertakings and affiliates which can be found here.

Categories of personal data which is subject to such joint use

Please refer to “Personal Data we collect” above

The purposes for which Bird & Bird jointly use your personal data 

Please refer to “How will we use your personal data” above

The responsible person for the management of your personal data

Bird & Bird Gaikokuho Jimu Bengoshi Jimusho

Address: Level 17, Roppongi Hills North Tower, 6-2-31, Roppongi, Minato-ku, Tokyo, 106-0032 Japan

Representative: Hiroyuki Iwamura

If you wish you exercise any of the above rights, please contact us at privacy@twobirds.com, or by using the contact form here.