Privacy policy

Allen & Overy values your privacy and cares about the way in which your personal information is treated. 

This privacy policy describes Allen & Overy’s privacy practices specifically in relation to the Peerpoint service (see www.peerpoint.com (or such other Peerpoint website as we may operate from time to time) for more information on Peerpoint). In particular, this privacy policy describes our privacy practices with respect to personal information we collect from or about applicants who wish to join Peerpoint and from clients and other third parties who use Peerpoint services (including by visiting our website).  A separate privacy policy will be provided to applicants who go on to become a Peerpoint employee or consultant or an employee of Allen & Overy. This privacy policy does not cover the processing of personal information by Peerpoint employees or consultants in the provision of legal services.

We make use of your personal data in relation to the provision, or potential provision, of Peerpoint services and as otherwise described in this privacy policy. We do not otherwise sell, rent or make personal information commercially available to any third party, except with your prior permission.

In addition to our privacy policy, your use of the Peerpoint website is subject to our Legal Notices. 

This policy describes:

  1. what personal information we collect about you
  2. how we obtain your personal information
  3. how we use cookies and analytics
  4. how and on what basis we use your personal information
  5. marketing and other emails
  6. how long we keep your personal information 
  7. who we share your personal information with 
  8. how we protect your personal information
  9. which countries we transfer your personal information to
  10. your rights regarding your personal information
  11. who are the data controllers
  12. changes to our privacy policy
  13. who to contact with questions or concerns

Allen & Overy refers to Allen & Overy LLP, its subsidiaries and other partnerships, corporations, undertakings and entities which are authorised to practice using the name ‘Allen & Overy’. See the section entitled ‘Who are the data controllers’ below for more information on the entities that control and process personal data in Allen & Overy.

Peerpoint privacy policy

1. What personal information do we collect about you?

In this privacy policy, where we use the term personal information, we use this term to describe information that is about you and which identifies you. We collect and generate personal information during the course of your use of Peerpoint services (including the Peerpoint website).

If you contact us as a client, prospective client, applicant or prospective applicant regarding the provision of our services or, to a lesser extent if you use our website, the personal information that we process may include:

  • Basic information about you, such as your full name (including name prefix or title), the company you work for, your title or position and your relationship to a person
  • Contact information, such as your postal address, email address and phone number(s)
  • Financial information, such as payment-related information
  • Technical information to the extent that it constitutes personal information, including your IP address and other online identifiers, and information about your access to and use of the Peerpoint website (such as your access dates/times or what areas of the website you have visited)
  • Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements, and information generated by us in connection with your attendance, such as CCTV and access records
  • Identification and background information provided by you or collected as part of our business acceptance processes
  • Information provided to us by or on behalf of our clients or generated by us in the course of providing services to them, which may include special categories of data
  • Any other information relating to you (or other individuals) which you may provide to us or a third party may provide to us, or that is otherwise obtained or generated by us in the course of the activities covered by this Privacy Policy

If you use the Peerpoint website as an applicant or otherwise apply to join Peerpoint, then the personal information that we process will also include:

  • Applicant information, such as your educational and employment history, CV, information about qualifications and training, skills and experience, results, hobbies and interests, language skills, professional licenses and memberships, personal statements, answers to questions relevant for the role you have applied for, interview notes, references and outcome of application
  • Employment preferences, such as willingness and eligibility to relocate, desired remuneration, availability, job specifications and requirements
  • General information, such as your date of birth, gender, marital and family status, maiden name, place of birth, residency, nationality, immigration status and work authorisation
  • Information necessary to complete background checks (to the extent permitted in your jurisdiction) and information obtained as a result of the check, which may include criminal records information
  • Government and other official identification numbers, such as social security or national insurance number, passport number, tax identification number or other government issued identification number
  • Other identification and background information provided by you or collected as part of our application, hiring and placement processes, which may include photographs
  • Health-related information, as permitted or required by applicable law, for instance where we need to know this information to make adjustments to our application processes
  • Diversity-related information including in relation to disabilities, ethnicity, sexuality, religion and social background. The diversity data collected and processed will depend on, and only be collected in accordance with, applicable local laws. Where applicable, it will form part of the application process and will be apparent at the point of collection
  • Information you provide to us for the purposes of attending interviews and other events, including access and dietary requirements

Before providing us with personal information about another individual you must (unless otherwise agreed) have the appropriate and necessary permissions to share such personal information with us for the purposes described in this privacy policy and any other applicable privacy notices.

If we do not collect, or you do not provide, your personal information to us, we may not be able to receive or process your application, provide the Peerpoint services to you or respond to your communications.

2. How we obtain your personal information

  • We collect personal information about you and others as necessary in the course of your interactions with Peerpoint regarding the provision of services to you, which may include through your use of the Peerpoint website
  • We collect personal information from you when you contact or communicate with us (including through the website, by email, phone or otherwise)
  • We collect your personal information while monitoring the Peerpoint website and our other technology tools (such as email)
  • We gather personal information about you when you provide it to us, or interact with us directly, for instance engaging with our staff
  • We may collect or receive personal information about you from other sources, such as from our clients or from publically available sources (such as LinkedIn)

If you apply to join Peerpoint, we also obtain your personal information as follows:

  • We collect your personal information when you apply to join Peerpoint
  • We collect your personal information during interviews and assessment exercises

3. How we use cookies and analytics

Our website uses a number of cookies and web-based analytics tools, such as Google Analytics, that tracks and reports on the manner in which the Peerpoint website is used to help us to improve it. The analytics tools do this by placing small text files called ‘cookies’ on your device. Cookies enable a website to recognise and remember your device when you visit the site. The information that some of the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and anonymous.

Our Peerpoint application website also uses cookies that are necessary to enable you to effectively use the online application system and which are deleted when you log out.

For information on how to disable and/or clear cookies, including third-party cookies, on your device please follow the instructions in the links below:

  • Internet Explorer (IE)
  • Google Chrome
  • Safari (desktop)
  • Safari (mobile)
  • Firefox
  • Opera
  • Netscape

  • More information on managing your cookie settings can be found at www.allaboutcookies.org.

    4. How we use your personal information and on what basis we use your personal information

    Allen & Overy collects and processes personal information about you in a number of ways, including through the provision of the Peerpoint services and your use of our Peerpoint website. We have set out below the principal purposes for which we use personal information and the legal basis (as set out in data protection law) that we rely on to justify this use of personal information:

    Purpose: For diversity and equality monitoring purposes.

    Legal Basis: We may process diversity information for our legitimate interests (i.e. to ensure the diversity of our consultants and employees) and for compliance with legal obligations to which we are subject. We will request your consent in circumstances where it is required by applicable law.

    Purpose: To audit and monitor the use of the Peerpoint website and Peerpoint services, and our other technology tools.

    Legal Basis: For our legitimate business purposes (i.e. the provision of the Peerpoint website and Peerpoint services, as well as to improve and ensure the security of these resources) We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law (e.g. in relation to the use of certain cookies).

    Purpose: To provide information requested by you and to communicate with you.

    Legal Basis: For our legitimate business purposes (i.e. to provide information that you request and otherwise communicate with you in connection with Peerpoint)We may request your consent in circumstances where a legal justification over and above legitimate interests is required by applicable law.

    Purpose: To organise and host seminars, training and other events.

    Legal Basis: For our legitimate business purposes (for example, we run events to enable potential applicants to better understand the application process and what it is like to work for Allen & Overy as a Peerpoint consultant; we will also collect data to facilitate your visit to our premises and maintain the security of our premises)We may also process personal information to ensure compliance with the firm's legal obligations to provide appropriate access to its premises and comply with health and safety requirements.

    Purpose: To improve the Peerpoint website, Peerpoint services and application process for you and our clients and prospective clients.

    Legal Basis: For our legitimate business purposes (i.e. the provision and improvement of our Peerpoint website, Peerpoint services and application process).

    Purpose: To manage and administer our relationship with our Peerpoint clients and prospective clients.

    Legal Basis: For our legitimate business purposes (ie to build and maintain strong relationships with our clients).

    Purpose: To provide information about our users and related usage information to third parties providing support for the Peerpoint website, Peerpoint services and application process.

    Legal Basis: For our legitimate business purposes (ie the provision and support of the Peerpoint website, Peerpoint services and application process).

    Purpose: To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims.

    Legal Basis: For our legitimate business purposes and for compliance with legal obligations to which we are subject.

    5. Marketing and other emails

    From time to time, we may wish to send you information about Peerpoint and the products and services which Allen & Overy offers and we believe you may be interested in. We will use personal information for this purpose. If you do not wish to receive this information, or if you are already receiving this information from us or third parties acting on our behalf and you no longer wish to do so, please email us at info@peerpoint.com.

    We may also use a relationship management tool, where permitted by applicable local law, to assess the strength of the relationship between our personnel and our clients or potential clients based on the frequency of email contact between them. We use that information in order to assess, analyse and improve the services that we provide.

    6. How long we keep your personal information

    Your personal information will be retained in accordance with our global data retention policy which categorises all of the information held by Allen & Overy and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and Allen & Overy’s business purposes.

    7. Who we share your personal information with

    We are an international law firm and any information that you provide to us may be shared with and processed by any entity in the worldwide network of Allen & Overy and our associated firms. You can see a list of our offices at http://www.allenovery.com/locations/.

    Allen & Overy and Peerpoint’s recruitment applications website is powered by Kenexa. Our service provider, Infinite Talent, serves as a processor for Allen & Overy and will have access to personal information in the course of providing software and support for our recruitment system.

    We also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:

    • Our professional advisers and auditors
    • IT and other service providers
    • Third parties involved in hosting or organising interviews, training or other events

    You can login to our Peerpoint recruitment applications website using social media sites Facebook, LinkedIn and Twitter. If you use these services, you should review their privacy policy for more information on how they deal with your personal information.

    Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

    If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new Allen & Overy entities or to third parties through which the business of Allen & Overy will be carried out.

    We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.

    8. How we protect your personal information

    We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws. Allen & Overy LLP holds the internationally recognised security standard BS ISO/IEC 27001:2013 in respect of its document management and email systems and the supporting infrastructure for Allen & Overy’s offices globally. This is an independently verified certification that information security is managed in line with international best practice.

    When we engage a third party service provider to collect or otherwise process personal information on our behalf, the third party is selected carefully and will be required to have appropriate security measures in place.

    9. Which countries we transfer your personal information to

    In order to administrate your application, we may need to transfer your personal information to locations outside the jurisdiction in which you submit it or where you are viewing the website for the purposes set out in this privacy policy. This may entail a transfer of your information from a location within the European Economic Area (the “EEA”) to outside the EEA, or from outside the EEA to a location within the EEA. Please see ‘Who we share your personal information with’ for more detail on how the information may be shared with Allen & Overy offices and third party service providers.

    The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. EU standard contractual clauses (as contemplated by Article 46(2) of the European Union’s General Data Protection Regulation) are in place between all Allen & Overy entities that share and process personal data. Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses.

    Please contact us using the details at the end of this privacy notice if you would like to see a copy of the safeguards applied to the export of your personal data.

    10. Your rights regarding your personal information

    The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.

    You are entitled to request a copy of the information we hold about you and information about how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict or suspend our processing of that information, to object to our processing of your information and, in some circumstances, to request receipt or transmission to another organisation, in a machine-readable form, of personal information relating to you that you have provided to us. You also have the right to lodge a complaint in relation to Peerpoint's processing of your personal information with a local supervisory authority.

    If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.

    Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see section entitled ‘How we use your personal information’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

    We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us at info@peerpoint.com. You may also update certain categories of information using your account on our recruitment application website (where applicable).

    11. Who are the data controllers

    There are a number of entities through which Allen & Overy provides legal services. Most of the firm’s main IT systems are located in the UK and controlled by Allen & Overy LLP. Depending on the location where legal or other services are provided, another undertaking or entity in the Allen & Overy group may be the data controller in relation to your personal data. Please click here for details of the Allen & Overy entity through which we practise law in each jurisdiction and, where necessary having regard to local applicable data protection or privacy laws, a country-specific privacy notice.

    12. Changes to our privacy policy

    Any changes we make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. The updated privacy policy will take effect as soon as it has been updated or otherwise communicated to you.

    This privacy policy was last updated in September 2023.

    13. Who to contact with questions or concerns

    Peerpoint questions: If you have questions about Peerpoint or need additional assistance with the Peerpoint website or application process, please contact info@peerpoint.com.

    Privacy questions/complaints: If you have questions, complaints or need further information about our privacy policy or practices, please contact us, using the details below:

    Chief Privacy Officer

    Allen & Overy LLP

    68 Donegall Quay

    Belfast

    Northern Ireland

    BT1 3NL

    Email: DataPrivacy@allenovery.com

    Tel: +44 (0) 28 9060 7500