The personal data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) as it may be processed by our international network of offices, or by our service providers when they are located outside of the EEA.
Transfers within the HFW group
Where personal data is transferred between HFW's legal entities and offices to locations which the European Commission has not deemed to have 'adequate' protection, we have put in place Standard Contractual Clauses. These are specific contracts approved by the European Commission which give individuals' personal data the same level of protection which would be available within the EEA. For a list of HFW's offices and legal entities please click here.
Transfers to third parties
Where appropriate for certain client matters, we may use service providers located outside the EEA. For example a matter we are advising on may require advice from local lawyers or input from local experts. When we transfer personal data to such service providers it will usually be on an ad hoc basis, and in accordance with instructions from our clients.
Depending on the circumstances and the services we are providing we may also need to transfer personal data to other kinds of third parties, for example local regulators, parties involved in a transaction, or opponents in litigation, as necessary.
Where the recipient is located in a country which has not been deemed by the European Commission to have adequate laws in place to protect it, we transfer the personal data using one of the following measures:
- Where we use certain service providers on a recurring basis, we will seek to put in place Standard Contractual Clauses approved by the European Commission, which give personal data the same protection it has within the EEA. For more information on Standard Contractual Clauses, see European Commission: Standard Contractual Clauses.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- Where the transfer is on an ad hoc basis, to a service provider which we do not regularly use, we will only transfer the personal data if:
- The transfer is necessary for the establishment, exercise or defence of legal claims;
- We have the individual's explicit consent;
- The transfer is necessary for the conclusion or performance of a contract in the interest of the individual concerned, and we are party to that contract; or
- The transfer is necessary in order to perform a contract between us and the individual concerned, or the implementation of pre-contractual measures taken at the individual's request.
Please Contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We are working with clients across our international network to help them minimise the impact of COVID-19 on their business and to prepare for what's next. To find out more, visit our dedicated Covid-19 hub.