Privacy notice

Norton Rose Fulbright takes data privacy seriously. We recognise and value the trust that individuals/data subjects place in us when providing us with personal information and we are committed to taking reasonable steps to safeguard the privacy and secure personal information we may collect from visitors to our websites, visitors to our premises, our service providers and/or the clients to whom we provide legal and other services.

This privacy notice aims to help you understand our personal information collection practices, the legal grounds that justify our use of your personal information and our disclosure practices. Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided to you when we collect personal information from you. This privacy notice supplements other notices and privacy policies we may provide to you from time to time and is not intended to override them.

Please note: This privacy notice does not apply to, and Norton Rose Fulbright is not responsible for, any third party websites which may be accessible through links from this website. If you follow a link to any of these third party websites, they will have their own privacy policies and you will need to check these policies before you submit any personal information to such third party websites.

Who we are and what we do
What personal information we collect about you
How we obtain the personal information about you
How we use your personal information
Who we share your personal information with
Which countries we transfer your personal information to
How long we keep your personal information
How we protect your personal information
What rights you have in relation to your personal information
Who is the responsible party in respect of your personal information
How we use cookies and similar technologies
How you can contact us
How we may update this privacy notice

1. Who we are and what we do

Norton Rose Fulbright is a global law firm structured as a Swiss Verein, the members of which are Norton Rose Fulbright US LLP, Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP and Norton Rose Fulbright South Africa Inc (each of which is a separate legal entity) and their respective affiliates.

Norton Rose Fulbright provides the world’s preeminent corporations and financial institutions with a full business law service. This privacy notice only applies to Norton Rose Fulbright South Africa Inc. For the avoidance of doubt, this privacy notice doesn’t apply to any other Norton Rose Fulbright member firm.

2. What personal information we collect about you

We may collect and process different types of personal information in the course of operating our business and providing our services. These include:

Basic personal details such as your name and job title;
Contact information such as your telephone number and postal or email address;
Financial information such as payment related information or bank account details;
Demographic information such as your address, preferences or interests;
Website usage and other technical information such as details of your visits to our websites or information collected through cookies and other tracking technologies;
Personal information provided to us by you or generated by us in the course of providing our services, which may, where relevant, include special personal information;
Identification and other background verification information such as a copy of passports or utility bills or evidence of beneficial ownership or the source of funds to comply with client due diligence/“know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
Recruitment related information such as your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment to Norton Rose Fulbright;
Information that you may provide to us in course of registering for and attending events or meetings, including access and dietary requirements; and
Any other personal information relating to you that you may provide.

3. How we obtain the personal information about you

We may collect or receive your personal information a number of different ways:

Where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions with us such as completing a form on our website or registering for and using one of our online tools;
Third party sources, for example, where we collect information about you to assist with “know your client” checks as part of our client acceptance procedures or where we receive information about you from recruitment agencies for recruitment purposes; or
Publicly available sources – we may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes.

4. How we use your personal information

We will only use your personal information where we are permitted to do so by applicable law. Under the Protection of Personal Information Act, 2013 (POPIA) (and EU and UK data protection laws), the use of personal information must be justified under one of a number of legal grounds. The principal legal grounds that justify our use of your personal information are:

Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve our or your legitimate interests and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim on behalf of you, us or a third party.
Consent: where you have consented to our use of your information.

We may use your personal information in the following ways:

To provide our legal and other services to you and to conduct our business – to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us (please note that our Standard Terms of Engagement apply where we provide legal services);
To facilitate use of our websites and to ensure content is relevant – to respond to requests for information or enquiries from visitors to our websites and to ensure that content from our websites is presented in the most effective manner for you and for your device;
For marketing and business development purposes – to provide you with details of new services, legal updates and invites to seminars and events where you have chosen to receive these. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 12 below;
For research and development purposes – analysis in order to better understand your and our clients’ services and marketing requirements and to better understand our business and develop our services and offerings;
For recruitment purposes – to enable us to process applications for employment submitted via our website and to assess your suitability for any position for which you may apply at Norton Rose Fulbright;
To fulfil our legal, regulatory, or risk management obligations – to comply with our legal obligations (performing client due diligence/“know your client”, anti-money laundering, anti-bribery, sanctions or reputational risk screening, identifying conflicts of interests); for the prevention of fraud and/or other relevant background checks as may be required by applicable law and regulation and best practice at any given time (if false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them); to enforce our legal rights, to comply with our legal or regulatory reporting obligations and/or to protect the rights of third parties;
To ensure that we are paid – to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings);
To inform you of changes – to notify you about changes to our services or our Standard Terms of Engagement for legal services or this privacy notice;
To reorganise or make changes to our business – in the event that we are undergo a re-organisation (for example if we merge, combine or divest a part of our business), we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process or transfer to that re-organised entity or third party your personal information for the same purposes as set out in this privacy notice or for the purpose of analysing any proposed re-organisation.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may not be able to proceed with a particular engagement we have or intend to have with you (this may include cancelling a service you have with us), but we will notify you if this is the case at the time.

5. Who we share your personal information with

Norton Rose Fulbright is a global law firm and as such any personal information that we collect or you provide to us may be shared with and processed by any Norton Rose Fulbright entity among our global network.

We may also share your personal information with a variety of the following categories of third parties:

Our professional advisers (eg legal, financial, business, risk management or other advisers), bankers and auditors;
Our insurers and insurance brokers;
Third party service providers; and/or
Other third party external advisers or experts engaged in the course of the services we provide to our clients and with their prior consent.

We may also process your personal information to comply with our regulatory requirements or in the course of dialogue with our regulators as applicable, which may include disclosing your personal information to government, regulatory or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, or unless to do so would prejudice the prevention or detection of a crime, we will direct any such request to you or notify you before responding.

6. Which countries we transfer your personal information to

As a global law firm, we cannot limit our processing of a data subject’s personal information to the country in which that data subject is based. In the course of providing our services, we will likely need to transfer personal information to locations outside the jurisdiction in which you provide it or where you are viewing our website.

Regardless of the location of our processing, we will impose the same data protection safeguards globally and implement appropriate measures to ensure that your personal information is protected in accordance with applicable data protection laws. Norton Rose Fulbright has a data sharing agreement in place signed by all Norton Rose Fulbright entities. Similarly, where a third party service provider processes the personal data on our behalf, we will ensure that appropriate measures are in place to ensure an adequate level of protection for your personal information.

7. How long we keep your personal information

We will retain your personal information only for as long as is necessary to fulfil the purpose for which this information was collected and any other permitted linked purpose (for example certain transaction details and correspondence related to any legal services we provide may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such information). If your personal information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. Our retention periods are also based on our business needs and good practice.

8. How we protect your personal information

We recognise that information security is an integral element of data privacy. While no data transmission (including over the Internet or any website) can be guaranteed to be secure from intrusion, we implement a range of commercially reasonable physical, technical and procedural measures to help protect personal information from unauthorised access, use, disclosure, alteration or destruction in accordance with data protection law requirements.

Information that you provide to us is stored on our or our service providers’ secure servers and accessed and used subject to our security policies and standards, or those agreed with our service providers. Norton Rose Fulbright holds the ISO/IEC 27001:2013 (ISO 27001) accreditation for its IT operations globally. ISO27001 is an internationally recognised certification that information security is managed in line with best practice.

Everyone at Norton Rose Fulbright and any third party service providers we may engage that process personal information on our behalf (for the purposes listed above) are also contractually obligated to respect the confidentiality of personal information.

Alongside our role, please also note that where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites or online services, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

9. What rights you have in relation to your personal information

If you have any questions about our use of your personal information, you should first contact us via the details provided in paragraph 12 below. Under certain circumstances and in accordance with the POPIA (and EU or other applicable data protection laws), you may have the right to require us to:

have your personal information lawfully processed;
be notified that personal information about you is being collected;
be notified that your personal information has been accessed or acquired by an unauthorised person;
establish whether a responsible party holds personal information of you and to request access this personal information;
request, where necessary, the correction, destruction or deletion of your personal information;
object to the processing of your personal information;
not have your personal information processed for purposes of direct marketing by means of unsolicited electronic communications;
not be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of your personal information intended to provide a profile of you;
submit a complaint to the Information Regulator regarding alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Information Regulator in respect of a determination of an adjudicator; and
institute civil proceedings regarding an alleged interference with the protection of your personal information.

You may also instruct us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing at any time by using an unsubscribe facility.

We are also required to take reasonable steps to ensure that your personal information remains accurate. In order to assist us with this, please let us know of any changes to the personal information that you have provided to us.

While it is our policy to respect the rights of data subjects, please be aware that your exercise of these rights are subject to certain exemptions to safeguard the public interest (eg the prevention or detection of crime), our interests (eg the maintenance of legal privilege) and some of these rights may be limited (for example the right to withdraw consent) where we are required or permitted by law to continue processing your personal information to defend our legal rights or meet our legal and regulatory obligations.

If you contact us to exercise any of these rights we will check your entitlement and respond within 30 days. If you are not satisfied with our use of your personal information or our response to any exercise of these rights, you have the right to complain to the Information Regulator.

10. Who is the responsible party in respect of your personal information

As indicated above, Norton Rose Fulbright is made up of a number of different entities. Please note that for purposes of this privacy notice Norton Rose Fulbright South Africa Inc is the responsible party in respect of your personal information (being the party processing your personal information).

11. How we use cookies and similar technologies

When you visit our websites we may send a cookie to your computer. This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages. We may also analyse website traffic to identify what visitors find most interesting so we can tailor our websites accordingly.

12. How you can contact us

If you have any questions about this privacy notice or how we process your personal information, please contact us by sending an email to:

RSAComplianceLawyers@nortonrosefulbright.com or by writing to:

Information Officer
Norton Rose Fulbright South Africa Inc
15 Alice Lane
Sandton 2196
South Africa

13. How we may update this privacy notice

We may change the content of our websites and how we use cookies without notice and consequently our privacy notice may change from time to time in the future. We therefore encourage you to review this privacy notice when you visit the website to stay informed of how we are using personal information.

This privacy notice was last updated in July 2021.