These disclosures are provided by Baker & McKenzie LLP and other members and affiliates of Baker & McKenzie International (“Baker McKenzie”) and applies solely to residents of the State of California (“consumers” or “you”) with respect to personal information Baker McKenzie processes as a business. Any terms defined in the California Consumer Privacy Act of 2018, as amended from time to time, including by the California Privacy Rights Act of 2020 and its implementing regulations (“CCPA”) have the same meaning when used in these disclosures. These disclosures do not reflect our collection, use, or disclosure of California residents’ personal information, or data subject rights, where an exception or exemption under the CCPA applies.

 

1. Notice at Collection

We have set out below categories of personal information about California resident website visitors, clients, prospective clients, corporate representatives of our vendors and other partners, and job applicants and other potential employees. We do not sell or share for cross context behavioural advertising any personal information of California residents. The California Consumer Privacy Act Privacy Policy is in section 2 of these disclosures.

Website Visitors

What Categories of Personal Information Do We Collect?

Non-Sensitive Personal Information:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
    • Specifically including name, mailing address, email address, contact details, Computer Internet Protocol (IP) address, unique device identifier (UDID).
  • Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
    • Specifically including newsletter requests, event/seminar registrations, dietary preferences, subscriptions, downloads.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an internet website application, or advertisement.
    • Specifically including cookies and other data linked to a device, and data about usage of our sites.
  • Geolocation data.
    • Specifically including via IP address.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
    • Specifically including cookies and other data linked to a device, and data about usage of our sites.

Sensitive Personal Information:

  • A consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
    • Specifically including username/passwords allowing access to an account.

For What Purposes Do We Collect and Use Personal Information?

We use non-sensitive personal information about website visitors to make our sites more intuitive and easy to use and, to protect the security and effective functioning of our sites and information technology systems, to provide marketing, and to address compliance and legal obligations.

We use sensitive personal information about our website visitors as reasonably necessary and proportionate: To perform the services or provide the goods reasonably expected by our website visitors;

  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
  • To resist malicious, deceptive, fraudulent or illegal actions directed at us and to prosecute those responsible for those actions;
  • To ensure the physical safety of natural persons;
  • For short-term, transient use;
  • To verify or maintain the quality or safety of our services and products;
  • To improve, upgrade, or enhance our services and products;
  • To collect or process it where such collection or processing is not for the purpose of inferring characteristics about a consumer;
  • To perform functions that are required under laws that apply to us; and
  • To support any claim or defense that we could face before any jurisdictional and/or administrative authority, arbitration, or mediation panel, and cooperating with – or informing – law enforcement or regulatory authorities to the extent required by law.

What Criteria Do We Consider When Retaining Personal Information?

In general, with respect to categories of personal and sensitive personal information about website visitors, we retain each category as long as needed or permitted in light of the purpose(s) for which it was obtained and any additional time periods necessary for the compliance with laws, exercise or defense of legal rights, and archiving, back-up and deletion processes.

Job applicants or other potential employees

What Categories of Personal Information Do We Collect?

Non-Sensitive Personal Information:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
  • Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an internet website application, or advertisement.
    • Specifically, cookies and other data linked to a device, and data about usage of our sites.
  • Geolocation data.
    • Specifically including via IP address.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
    • Specifically including data relating to your use of computers, software, networks, communications devices, and other similar systems that we or our affiliates own or make available to you and information relating to your activities on our or our affiliates' premises.
  • Professional or employment-related information
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
  • Inferences drawn from any personal information to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
    • Specifically including for any applicant that applies to our roles we look at their resume/cv and review that against our role description for the position. If the relevant requirements of our role description are demonstrated by the candidate's resume/cv, we could consider them as a candidate for the role and short-list for consideration to interview.

Sensitive Personal Information:

  • A consumer's social security, driver's license, state identification card, or passport number.
    • Specifically including ID confirmation provided at the hire stage if applicable when completing I-9 form. In addition, we ask for social security number.
  • A consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
    • Specifically including applicants creating an account with an applicant tracking system.

For What Purposes Do We Collect and Use Personal Information?

We use personal and sensitive personal information about you as a job applicant or other potential employee for the purposes of:

Non-sensitive personal information

  • Administering and processing your application
  • Determining your suitability for the role(s) for which you applied or for similar roles within the firm
  • Determining the need to provide you appropriate adjustments or accommodations during the recruitment process or employment
  • Determining your eligibility to work in the jurisdiction
  • Conducting background checks as part of your application
  • Conducting internal audits and workplace investigations
  • Compliance with applicable laws and regulations, companies policies and procedures, and employment-related requirements
  • Supporting any claim or defense the firm may face before any jurisdictional and/or administrative authority, arbitration, or mediation panel
  • Cooperating with or informing law enforcement or regulatory authorities to the extent required by law
  • Authentication and security purposes
  • Completing the on-boarding/new hire process, should you be offered and accept a position with the firm;
  • Diversity and legal compliance monitoring

Sensitive personal information

  • To perform the services or provide the goods reasonably expected by you in your role, including those services and goods that are reasonably necessary for us to administer the application process and for our employees to perform their duties;
  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
  • To resist malicious, deceptive, fraudulent or illegal actions directed at us and to prosecute those responsible for those actions;
  • To ensure the physical safety of natural persons;
  • For short-term, transient use;
  • To perform services on behalf of us;
  • To verify or maintain the quality or safety of our services and products;
  • To improve, upgrade, or enhance our services and products;
  • To perform functions that are required under laws that apply to us; and
  • To collect or process it where such collection or processing is not for the purpose of inferring characteristics about a consumer.

What Criteria Do We Consider When Retaining Personal Information?

In general, with respect to categories of personal and sensitive personal information about job applicants and other potential employees of the firm, we retain each category until the withdrawal or rejection of your application, or if you are engaged by the firm, until the end of your employment, plus 4 years and any additional time periods necessary for the compliance with laws, exercise or defense of legal rights, and archiving, back-up and deletion processes.

Clients, prospective clients, corporate representatives of our vendors and other partners

What Categories of Personal Information Do We Collect?

Non-Sensitive Personal Information:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
    • Specifically including name, mailing address, email address.
  • Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
    • Specifically including information about family life including family, children, hobbies and interests, data about individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences and dates of birth, beneficial ownership data, and due diligence data.
  • Characteristics of protected classifications under California or federal law.
    • Specifically including in limited circumstances, where you have provided us with such information as it is necessary for a specific service we are providing to you: religious or other beliefs, racial or ethnic origin, sexual orientation, and health data.
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
    • Specifically including personal information contained in documents, correspondence or other materials provided by or relating to transactions conducted by our clients.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an internet website application, or advertisement.
    • Specifically including cookies and other data linked to a device, and data about usage of our sites.
  • Geolocation data.
    • Specifically including via IP address.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
    • Specifically including data relating to your use of computers, software, networks, communications devices, and other similar systems that: (i) we or our affiliates own or make available to you; or (ii) you connect to or use for the purposes of providing services to us or our affiliates; and information relating to your activities on our or our affiliates' premises.
  • Professional or employment-related information.
    • Specifically including title, organization, job responsibilities, phone number, contact details.
  • Inferences drawn from any personal information to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
    • Specifically including groups of specific interest (e.g. specific types of networking groups).

Sensitive Personal Information:

  • A consumer's social security, driver's license, state identification card, or passport number.
    • Specifically including government identifiers, passports or other identification documents.
  • A consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
    • Specifically including username/passwords allowing access to an account.
  • A consumer's racial or ethnic origin, religious or philosophical beliefs, or union membership.
    • Specifically including in limited circumstances, where you have provided us with such information as it is necessary for a specific service we are providing to you: religious or other beliefs, racial or ethnic origin.
  • The contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication.
    • Specifically including in limited circumstances when non-business correspondence is conducted over firm email systems.
  • A consumer's genetic data.
    • Specifically including in limited circumstances, where you have provided us with such information as it is necessary for a specific service we are providing to you.
  • Personal information collected and analyzed concerning a consumer's health.
    • Specifically including in limited circumstances, where you have provided us with such information as it is necessary for a specific service we are providing to you.
  • Personal information collected and analyzed concerning a consumer's sex life or sexual orientation.
    • Specifically including in limited circumstances, where you have provided us with such information as it is necessary for a specific service we are providing to you.

For What Purposes Do We Collect and Use Personal Information?

We use personal and sensitive personal information about you as a client, prospective client, corporate representative of our vendors and other partners for the purposes of:

Non-sensitive personal information

  • To provide legal advice and respond to inquiries. We need to process your information in this way in order to perform our obligations under our contracts with our clients.
  • To manage our business operations and administer our client relationships. This processing is necessary in order to perform our obligations under our contracts with our clients (e.g. issuing and processing invoices) and suppliers (e.g. managing the supply of goods and services to Baker McKenzie).
  • To provide relevant marketing such as providing you with information about events or services that may be of interest to you including legal services, legal updates, client conferences or networking events, and groups of specific interest (e.g. specific types of networking groups). It is necessary for our legitimate interests to process this information in order to provide you with tailored and relevant marketing, updates and invitations
  • To address compliance and legal obligations, such as complying with Baker McKenzie's tax reporting obligations, checking the identity of new clients and to prevent money laundering and/or fraud we use compliance data, basic data, registration data, transaction data, and device data. This processing is necessary for the purposes of complying with legal requirements to which we are subject.

Sensitive personal information

  • To perform the services or provide the goods reasonably expected by you in your role, including those services and goods that are reasonably necessary for us to administer our client relationships and for our employees to perform their duties;
  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
  • To resist malicious, deceptive, fraudulent or illegal actions directed at us and to prosecute those responsible for those actions;
  • To ensure the physical safety of natural persons;
  • For short-term, transient use;
  • To perform services on behalf of us;
  • To verify or maintain the quality or safety of our services and products;
  • To improve, upgrade, or enhance our services and products;
  • To perform functions that are required under laws that apply to us:
  • To collect or process it where such collection or processing is not for the purpose of inferring characteristics about a consumer.

What Criteria Do We Consider When Retaining Personal Information?

In general, with respect to categories of personal and sensitive personal information about clients, prospective clients, corporate representatives of our vendors and other partners, we retain each category until we determine that the firm will not be engaged by or engage the client, vendor, or partner, or if a client, vendor or partner engages or is engaged by the firm, until the end of such engagement, plus any additional time periods necessary for the compliance with laws, exercise or defense of legal rights, and archiving, back-up and deletion processes.

 

2. California Consumer Privacy Act Privacy Policy

Last Updated: January 1, 2023

Our Personal Information Handling Practices in 2022

We have set out below categories of personal information about California residents we have collected, and as applicable disclosed, for a business purpose in the preceding 12 months. The table is followed by a description of the purposes for which we collected personal information. In the preceding 12 months we did not sell or share for cross context behavioural advertising, the personal information of California residents.

 

Section Category of personal information Did we collect? If so, from what source? Did we disclose? If so, to whom and for what purpose?
Non Sensitive Personal Information
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Yes, from the data subject, our affiliates, counterparties to transactions or disputes with the data subjects, employers, agents or professional advisers authorised to disclose data on behalf of the data subject and from other publicly available or subscription based sources.

Yes.

We disclosed to:

Baker McKenzie Affiliates (i.e. member firms and Baker global services companies) Suppliers and service providers where necessary to perform functions on our behalf (e.g. infrastructure/IT services providers, providers of services relating to client intake, global travel, finance, customer relationship management, business analytics and marketing and conference and event hosting).

Financial institutions (for invoicing and payment).

Corporate purchasers - as part of any sale of Baker McKenzie assets, transition of service to another provider or in the event of insolvency, bankruptcy

and

Recipients of mandatory disclosures and legal claims (e.g. to comply with any subpoena, court order or other legal process or to comply with any regulatory, governmental or other legally binding request).

Purposes of disclosures:

We made disclosures with respect to personal information about clients/job applicants/other third parties to:

Provide legal advice, business, services and to respond to inquiries.

To manage our business operations and administer our client relationship.

To provide relevant marketing to you (e.g. information about events or services that may be of interest).

To address compliance and legal obligations (e.g. checking identity of new clients, prevention of fraud/money laundering).

To consider individuals for employment and contractor opportunities and manage on- boarding procedures.
We made disclosures with respect to personal information about our workers for purposes of:

Administering and providing compensation, benefits and other work related allowances.

Administering the workforce (e.g. managing work activities, performance evaluations and promotions, preparing corporate organisation charts, managing entity and intra- entity staffing and team management, managing and monitoring business travel, carrying out workforce analysis, talent management and career development, managing employee leave, succession planning, providing employment references, administering ethics and compliance training, facilitating and providing services for the re-location and movement of employees and their families locally and internationally.

Complying with employment law obligations.

Subject to applicable laws, monitoring use of the firm's technology systems, databases and property, conducting investigations.

Administration of the compliance hotline.
Communicating with employees and their designated contacts in the event of an emergency.

Responding to legal and/or regulatory requests for information.

Complying with corporate financial responsibilities (audit, accounting and tax requirements) Managing corporate information technology (e.g. IT support, corporate directory, IT security).

Conducting security screenings (to the extent permitted by law)

2. 

Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.

(The categories of personal information described in the California Customer Records Act (Cal. Civ. Code § 1798.80(e))


See section 1 above
See section 1 above
3.  Characteristics of protected classifications under California or federal law.

Yes.

From the consumer, our affiliates, counterparties to transactions or disputes with the consumer, employers, agents or professional advisers authorised to disclose data on behalf of the data subject and from other publicly available or subscription based sources.

Yes.

We disclosed to:

Baker McKenzie Affiliates (i.e. member firms and Baker global services companies) Suppliers and service providers where necessary to perform functions on our behalf.

Mandatory disclosures and legal claims (e.g. to comply with any subpoena, court order or other legal process or to comply with any regulatory, governmental or other legally binding request).

Purposes for disclosures:

Solely as strictly necessary for the purposes described in section 1 above regarding employee data and as otherwise required in connection with managing the employment relationship (e.g. sick leave, sick pay, accidents at work, other employment related claims, accommodating disability within the workplace, maternity leave, etc.)

Solely to the extent required to comply with the firm's legal or other best practice obligations (e.g. AML, equality laws, monitoring diversity and inclusion, etc.).

4.  Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
See section 1 above
See section 1 above
5.  Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
Yes, via the Firm's website.

Yes.

We disclosed to:

To our service providers to the extent necessary for the provision of IT services on our behalf.

Baker McKenzie Affiliates (i.e. member firms and Baker global services companies)

Purposes for disclosures:

To make our website more intuitive and easy to use.

To protect the security and effective functioning of our website.

Geolocation data.
Yes, via IP address. Baker McKenzie Affiliates (i.e. member firms and Baker global services companies).
To our service providers to the extent necessary for the provision of IT services on our behalf.
Audio, electronic, visual, thermal, olfactory, or similar information.

Yes, via conference calls and video conferences with clients and other third parties.

Interviews with clients as part of client feedback program.

Yes.
We disclosed to:

Baker McKenzie Affiliates (i.e. member firms and Baker global services companies).

To our service providers to the extent necessary for the provision of IT services on our behalf.

Recipients of mandatory disclosures and legal claims (e.g. to comply with any subpoena, court order or other legal process or to comply with any regulatory, governmental or other legally binding request).

Purposes for disclosures:

Audio/visual - where required for legal/regulatory reasons, to keep a record of client instructions or other matters discussed. For purpose of transcribing or preparing a written note of client interviews (recording deleted once transcript or note completed).

Professional or Employment related information.
See section 1 above in relation to employees and job applicants. See section 1 above in relation to employees and job applicants.
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
See section 1 above in relation to employees and job applicants. See section 1 above in relation to employees and job applicants.
Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive Personal Information
A consumer’s social security, driver’s license, state identification card, or passport number.
A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
A consumer’s precise geolocation.
A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
A consumer’s genetic data.
The processing of biometric information for the purpose of uniquely identifying a consumer.
Personal information collected and analyzed concerning a consumer’s health.
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

 

Business or Commercial Purpose for Collecting Personal Information

We do not have actual knowledge that we sell or share for cross context behavioural advertising, the personal information of California residents under 16 years of age.

CCPA Rights

As a California resident, you have the following rights under the CCPA:

  • The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period.
  • The right to delete personal information that we have collected from you, subject to certain exceptions.
  • The right to correct inaccurate personal information that we maintain about you.
  • The right to opt-out of the sale or sharing of your personal information by us. We do not sell or share for cross-context behavioral advertising any of the categories of personal information that we collect about California residents.
  • The right to limit our use and disclosure of sensitive personal information to purposes specified in subsection 7027(l) of the California Consumer Privacy Act Regulations. We do not use or disclose sensitive personal information for purposes other than those specified in subsection 7027(m) of the California Consumer Privacy Act Regulations.
  • The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, in violation of California Civil Code § 1798.125, including an employee's, applicant's, or independent contractor's right not to be retaliated against for the exercise of their CCPA rights.

 

How to Exercise CCPA Rights

Methods of Submission and Instructions: To submit a request to exercise your rights to know, delete or correct, please email dataprivacy@bakermckenzie.com, call 833-648-2061 (toll free) or populate our web form

Verification: Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may designate an authorized agent by taking the steps outlined under "Authorized Agent" further below. In your request or in response to us seeking additional information, you, or your authorized agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and, if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfil your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.

Authorized Agents: You can designate an authorized agent to make a request under the CCPA on your behalf if:

  • The authorized agent is a natural person or a business entity and the agent provides proof that you gave the agent signed permission to submit the request; and
  • You directly confirm with Baker McKenzie that you provided the authorized agent with permission to submit the request.

If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

 

Contact Us

If you have any questions or comments about these disclosures or our practices, please contact us at:
Email address: dataprivacy@bakermckenzie.com

Postal address:
Office of General Counsel - Data Privacy
Baker & McKenzie Global Services NI Limited
City Quays One, 7 Clarendon Road, Belfast, BT1 3BG, United Kingdom