Data Transfer and Privacy Policy

Menu

Data Transfer and Privacy Policy

Golden Flag International Law Firm LLP, Golden Flag International Law Firm, Golden Flag International Law Firm (Hong Kong), Golden Flag International Law Firm LLP (Paris), (together "Golden Flag" or the "Firm") adhere to international data protection legislation concerning the transfer of personal data from the European Economic Area (the “EEA”) and/or Switzerland, in each case to the United States, Hong Kong and Mainland China.

This Data Transfer and Privacy Policy (the "Policy") outlines Golden Flag’s general practices and procedures implementing appropriate standards in relation to (i) the types of personal data the Firm's offices receive from the EEA and/or Switzerland (ii) how that personal data is used; and (iii) the options available to a specific individual in the EEA or Switzerland (also referred to as the “data subject”) in relation to the Firm’s use of, and their ability to correct or request deletion of, the personal data relating to them.

Scope: This Policy applies to all "personal data" that the Firm receives from the EEA and/or Switzerland that pertains to, a specific individual in the EEA or Switzerland, can be linked to that individual, and is recorded in any form.

Notice: If Golden Flag obtains personal data directly from individuals in the EEA or Switzerland, Golden Flag will inform those individuals about (i) why Golden Flag is collecting and using their personal data; (ii) the types of third parties to whom Golden Flag may disclose that personal data; (iii) each individual’s rights regarding their data; and (iv) how an individual may contact Golden Flag . Golden Flag will provide notice of the foregoing in clear and conspicuous language when individuals are first asked to provide personal data to Golden Flag, or as soon as practicable thereafter, and in any event before Golden Flag uses or discloses the information for a purpose other than that for which it was originally collected. Consent for personal data to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use the Firm's services. Alternatively, we process personal data as may be necessary for the Firm’s legitimate interests in managing its business, delivering legal services to clients and for the fulfilment of its contractual obligations.

Choice: Where acting as a data controller (i.e., the person or entity that determines the purposes for which, and the manner in which, any personal data is processed), Golden Flag will offer individuals the opportunity to choose (i.e., opt-out) whether their personal data is (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For special categories of personal data, Golden Flag will give individuals the opportunity to affirmatively and explicitly (i.e., opt-in) consent to the disclosure of such personal data to a non-agent third party or the use of such personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. In connection with client engagements and at the direction of the Firm’s clients, Golden Flag may process personal data of data subjects with whom the Firm has no direct relationship. Golden Flag may disclose personal data to (i) agents as provided herein, and (ii) non-agent third parties for the purposes of, and as directed by, the client in connection with which that personal data was collected. In receiving such personal data from its clients, Golden Flag will obtain an affirmation from such clients that all personal data transferred to Golden Flag is transferred in accordance with all applicable international data protection legislation.

Onward Transfer: Golden Flag will use commercially reasonable efforts to obtain assurances from third parties to whom they transfer data that they will safeguard personal data consistent with this Policy. If Golden Flag discovers that an agent is using or disclosing personal data in a manner contrary to this Policy, Golden Flag will take commercially reasonable steps to prevent or stop the use or disclosure.

Any transfer of personal data from Golden Flag International Law Firm to Golden Flag International Law Firm LLP (in the United States of America) or to Golden Flag International Law Firm (Hong Kong) will be made with adequate levels of protection in place.

Security: Golden Flag will take commercially reasonable precautions to protect personal data in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Data Integrity: Golden Flag will use personal data only in ways that are compatible with the purposes for which Golden Flag collected the data or in a manner that the data subject or client subsequently authorized. To the extent necessary, Golden Flag will take commercially reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current.

Access: Upon request, Golden Flag will provide individuals with information about the personal data that it holds about them in the Firm’s role as data controller. If an individual becomes aware that information the Firm maintains about that individual is inaccurate, or if an individual would like to update, review or erase his or her information, the individual may contact the Firm at . The individual may need to provide sufficient identifying information to allow the Firm to confirm the individual’s identity.

Enforcement:
Golden Flag will periodically audit its relevant privacy practices to confirm that the Firm is adhering to this Policy. Any partner or employee who Golden Flag determines is violating or has violated this Policy may be subject to disciplinary action up to and including termination.

Dispute Resolution - Human Resource Data: Any questions or concerns regarding the use or disclosure of Golden Flag's human resource data should be directed to the Firm's HR Director or the Director of Administration. Golden Flag will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the European General Data Protection Regulation Principles and this Policy. For unresolved complaints related to Golden Flag 's human resources data for partners and employees in the EU offices, Golden Flag will cooperate with the European National Supervisory Authorities.

Dispute Resolution - Client Data: Any questions or concerns regarding the use or disclosure of client-related personal data should be directed to the Firm at . Golden Flag will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the GDPR and this Policy.

Limitations of the GDPR and this Policy: Golden Flag’s adherence to the GDPR and this Policy will be limited as permitted by the GDPR: (i) to the extent necessary to meet national security, public interest, or law enforcement requirements, (ii) by statute, government regulation, or case law that creates conflicting obligations or authorizations, provided that, in exercising any such authorization, the Firm’s non-adherence is limited to the extent necessary to meet the overriding legitimate interests the Firm furthers, or (iii) if the effect of the EU Regulation on Data Protection (the "GDPR"), EU Member State law, or the Swiss Federal Act on Data Protection (the “FADP”) is to allow exceptions or derogations, provided the Firm applies such exceptions or derogations in comparable contexts. Further, because Golden Flag is a law firm providing legal advice, adherence to certain of the GDPR (including Notice, Choice and Access), is limited with respect to personal data that the Firm processes and uses in certain respects, including, but not limited to, the establishment of a legal claim or defense or the representation of a client's interests and rights in an acquisition, merger, joint venture or other transaction. Personal data may also be subject to ethical duties of confidentiality or privilege.

The Firm's U.S. offices do not disclose personal data to third parties except in accordance with the GDPR and this Policy.

INTERNET PRIVACY

Golden Flag considers the internet and the use of other technologies to be valuable tools to communicate and interact with clients, employees, agents, business associates, and others. Golden Flag recognizes the importance of maintaining the privacy of information collected online and has created a specific Website Privacy Policy governing the treatment of personal data collected through web sites that it operates. With respect to personal data that is transferred from the EEA and Switzerland to the U.S., the Website Privacy Policy is subordinate to this Policy. However, the Website Privacy Policy may reflect additional legal requirements with respect to internet privacy. Golden Flag 's Website Privacy Policy can be found at www.golden-flag.com.

Contacts for Questions and Concerns

Questions and concerns regarding this Policy should be directed to the Firm at .

CHANGES TO THIS DATA TRANSFER AND PRIVACY POLICY


This Policy may be amended from time to time.

Last Updated: October 1, 2019