This Statement applies to individuals who use any website, application, including mobile application (“app”), product, software or service of ours that hyperlinks to this Statement (we call these our “Services”).
It does not generally apply to individuals whose personal information forms part of the content included within our products, although you can find further information on that topic here.
Thomson Reuters provides information solutions for professionals and our Services are generally not aimed at children.
Depending on the Service, we may provide additional or different privacy statements or notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which statements apply to which interactions and Services. For example, if you use one of our mobile apps, we provide you a separate notice in relation to a particular data type collected through that app.
Within our Services, there may be links to third-party websites or applications. We are not responsible for the content or privacy compliance of third party websites or applications. You should check those websites or applications for their privacy statements and terms that apply to them.
Children’s Privacy. Our Services are not generally aimed at children. In the limited circumstances where we may collect and use personal information about children, for example to develop an educational resource, we will comply with industry guidelines and applicable laws.
Thomson Reuters is a global company that is made up of numerous legal entities.
For some Services we make decisions on how personal information is used in the context of a Service (Thomson Reuters is a controller of personal information in this case), and for other Services we will only use personal information as instructed by our customers (Thomson Reuters is a processor of personal information in this case). Below you can find more information on the cases in which Thomson Reuters is a controller of personal information and information on how to contact us.
To learn more about the products in which we are a controller of personal information, please visit this site: https://www.thomsonreuters.com/content/dam/ewp-m/documents/thomsonreuters/en/pdf/fact-sheets/thomson-reuters-as-a-controller-of-personal-information-product-list.pdf. In the European Economic Area, if you wish to contact the Thomson Reuters entity that is controller for the Service relevant to you, please contact the following companies. If you are unsure which entity to contact, or are located in another location, we welcome you to contact us for more information.
Further information about when we act as a processor of personal information and business specific details can be found here.
We collect personal information about you from your interactions with us and from certain third parties and other sources (such as your employer or the subscriber providing access to our Services or from publicly available sources where permissible).
We obtain personal information from you:
We also collect personal information about you from third parties such as:
The type of personal information we collect depends on how you are interacting with us and which Services you are purchasing or using.
In many cases, you can choose whether or not to provide us with personal information, but if you choose not to, you may not get full functionality from the Services.
The personal information we collect consists of the following:
This section includes details of the purposes for which we use personal information and also the different legal grounds upon which we process that personal information. We use personal information to provide and improve Services and for other purposes that are in our legitimate interests, as well as for compliance purposes. Further information is set out below.
Some laws require us to explain our lawful reason for processing your personal information. We process personal information about you on the basis that it is:
You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.
We use personal information for a number of legitimate interests, including to provide and improve Services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below.
Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact our Privacy Team.
We deliver marketing and event communications to you across various platforms such as email, telephone, text messaging, direct mail and online. Where required by law, we will ask you to explicitly opt in to receive marketing from us. If we send you a marketing communication it will include instructions on how to opt out of receiving these communications in the future.
Honoring your marketing preferences is important to us. You have the right to opt out of receiving direct marketing and targeted online advertising.
How to Opt Out of Email Marketing
Where we send marketing emails, we provide unsubscribe options for your use within our emails. To update your email marketing preferences, please visit the applicable email preference center, a link to which will normally be included in emails you receive from us. In addition, you can also use the “Contact Us” feature of a particular Service, discuss with your Thomson Reuters contact or contact our Privacy Team.
Even if you opt out of receiving marketing communications by email, we may still send you service communications or important transactional information related to your accounts and subscriptions (for purposes such as providing customer support).
Interest-based advertising (IBA)
Interest-based advertising (IBA) allows us to deliver targeted advertising to users of our Services. IBA works by showing you advertisements, or sending you marketing emails, that are based on the type of content you access or read. For example, as you browse our Services, one of the cookies placed on your device will be an advertising cookie so we can better understand what sort of pages or content you are interested in. The information collected about your device enables us to group you with other devices that have shown similar interests. We can then display advertising to categories of users that is based on common interests. For more information about IBA, please visit: http://www.iab.net/public_policy/behavioral-advertisingprinciples.
Opting out of IBA
If you want to opt out of receiving interest-based advertising, it does not mean that you will no longer receive advertising when you are using our Services. It just means that we will not use your personal information for IBA and that any advertising you see will not be customized to you. You can exercise your online advertising choices at http://optout.aboutads.info or by clicking the AdChoices icon in an ad and following the instructions. You may also opt out of receiving interest-based ads from many sites through the Network Advertising Initiative's (NAI) Opt Out Tool (http://www.networkadvertising.org/choices) and in the EU at http://www.youronlinechoices.com/. If you delete cookies, use a different device, or change web browsers, you may need to opt out again.
Advertising on mobile devices
Mobile devices have an identifier that gives companies the ability to serve targeted ads to a specific mobile device. In many cases, you can turn off mobile device ad tracking or you can reset the advertising identifier at any time within your mobile device privacy settings. Another tool you can use to control advertising on your mobile device is the AppChoices App: http://youradchoices.com/appchoices. You may also choose to turn off location tracking on your mobile device. If you turn off ad tracking or location tracking, we will no longer use information collected from your device’s advertising identifier for the purposes of advertising. You may still see the same number of ads but they may be less relevant because they will not be based on your interests. Where we need your consent to gather information about your location we will obtain this from you.
We share personal information within the Thomson Reuters group, with our business partners and third party service providers, the person providing for your access to our Services (if that is not you) and in accordance with law. Our third-party service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us.
We share your information for the purposes set out in this Statement, with the following categories of recipients:
Thomson Reuters is a global organization and your personal information may be stored and processed outside of your home country, including in countries that may not offer the same level of protection for your personal information as your home country. We have measures in place to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws. Often, these include contractual safeguards. More information about these safeguards (including copies, where relevant) can be obtained by contacting us here.
Thomson Reuters has networks, databases, servers, systems, support and helpdesks around the world. We collaborate with third parties like cloud hosting services, suppliers and technology support located around the world to serve the needs of our business, workforce and customers. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Thomson Reuters or to third parties in areas outside of your home country, including to countries that have not been declared adequate for the purposes of data protection by the European Commission.
The areas in which these recipients are located will vary from time to time, but include the United States, Europe, Canada, Asia (including Australia and India), and other countries where Thomson Reuters has a presence or uses contractors. Click to see a list of global locations at https://www.thomsonreuters.com/en/locations.html.
When we transfer personal information internationally, we put in place safeguards in accordance with applicable law (including Articles 44 to 50 of the EU General Data Protection Regulation). If you would like to know more about our data transfer practices and obtain copies of any relevant safeguarding measures, please contact our Privacy Team.
Thomson Reuters takes the security of personal information seriously and we use appropriate technologies and procedures to protect personal information (including administrative, technical and physical safeguards) according to the risk level and the service provided.
We have in place a global Information Security and Risk Management team, led by our Chief Information Security Officer, which is responsible for implementing secure data handling practices at Thomson Reuters.
Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal information we handle, our business needs, changes in technology and regulatory requirements. We have implemented appropriate information security controls.
More information on the steps we have taken to ensure our information security practices meet the requirements of the EU General Data Protection Regulation can be accessed here: https://www.thomsonreuters.com/content/dam/ewp-m/documents/thomsonreuters/en/pdf/faqs/thomson-reuters-and-the-gdpr.pdf.
We retain your information in accordance with our enterprise records retention schedule. You can find more information on the criteria used to calculate the retention periods set out below.
Thomson Reuters has a Records and Information Governance team that works in conjunction with our Privacy Team to implement policies and rules relating to the retention of personal information. We have an enterprise records retention schedule that is based upon a classification scheme consisting of business functions, record classes, and record types.
We calculate retention periods for your personal information in accordance with the following criteria:
You may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below.
We will honor your rights under applicable data protection laws. You have the following rights under European laws, and may have similar rights under the laws of other countries.
These rights are not absolute and they do not always apply in all cases.
In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.
In order to exercise your rights please visit the following site: http://thomsonreutersdsr.ethicspoint.com.
Legal Business Public Records Products: For requests related to PeopleMap, Public Records on Westlaw and CLEAR, please visit the following site: https://legalsolutions.thomsonreuters.com/law-products/about/legal-notices/privacy/records?CID=TRSite.
What is a cookie?
A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.
Types of cookies and why we use them
Absolutely necessary cookies: These cookies are essential to enable you to move around a website and use its features. Without these cookies, Services you have asked for, like adding items to an online shopping cart, cannot be provided.
Performance cookies: These cookies collect information about how you use our websites. Information collected includes, for example, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. These cookies only collect information in an aggregated format. Performance cookies are used to improve the user-friendliness of a website and enhance your experience.
Functionality cookies: These cookies allow the website to remember choices you make (such as your username or ID, language preference, or the area or region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts, and other customizable parts of web pages. They may also be used to provide Services you have asked for, such as watching a video or commenting on a blog. These cookies cannot track your browsing activity on other websites.
Targeting and advertising cookies: These cookies track browsing habits and are used to deliver targeted (interest-based) advertising. They are also used to limit the number of times you see an ad and to measure the effectiveness of advertising campaigns. They remember that you have visited a website and this information is shared with other organizations, such as advertisers.
You can manage website cookies in your browser settings, and you always have the choice to change these settings by accepting, rejecting, or deleting cookies. If you choose to change your settings, you may find that certain functions and features will not work as intended on the Services. All browser settings are slightly different, so to manage cookies, you should refer to the relevant settings within your browser.
We understand that you may want to know more about cookies. Here are some useful resources that provide detailed information about types of cookies, how they are used, and how you can manage your cookie preferences: www.aboutcookies.org or www.allaboutcookies.org. Please click below for detailed information on how to disable and delete cookies in some commonly used browsers:
We use certain other tracking technologies in addition to cookies:
“Do Not Track” Signals
Some browsers transmit Do Not Track (DNT) signals to websites. Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers. We continue to monitor industry activity in this area and reassess our DNT practices as necessary.
Connecting via social networks
Some of our Services may include social networking features, such as the Facebook® “Like” button and widgets, “Share” buttons, and interactive mini-programs. Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn®, to log into some of our Services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these Services. These Services may collect information such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the Services and do not participate in social sharing on the Services.
This Statement generally relates to the personal information we collect about users in connection with the Services, where we make decisions about how that personal information is handled (Thomson Reuters as a controller). However, you can click on “Learn More” below for more information about how we process personal information that our customers input into our Services and for which Thomson Reuters does not make decisions about (Thomson Reuters as a processor).
Where we need to give you additional information about how your personal information is used in relation to specific Services we will provide separate or additional privacy notices.
Your professional service provider (e.g., your financial, tax, legal or accounting adviser) and other third parties may enter your personal information into Services we make available to, and host for them on their behalf. They may provide their own privacy notices to you. You should contact them for these notices, and you may also be able to find their privacy notices on their websites.
Use of Publicly Available Data within Our Services
Many professionals and third parties rely on the use of publicly available information in order to carry out research (e.g., on case law) or to satisfy their compliance obligations (e.g., to carry out anti-money-laundering checks).
To assist them, we make available information obtained from publicly available sources like public websites, open government databases or other data in the public domain (some of which is behind a paywall and some not).
We take privacy seriously and put in place measures designed to ensure that we process personal information in a proportionate way and in compliance with data protection laws.
Where we process non-sensitive personal information within those Services, it is normally processed because it is in our or a third parties’ legitimate interests to do so. In the limited circumstances where we process sensitive personal information, we normally do so where:
We put in place appropriate measures to protect your information where it is transferred internationally, to secure it and to ensure it is retained only for a reasonable period.
If you would like to make further enquiries about how personal information is used within a specific Service, please contact our Privacy Team.
To provide you with additional context on other products and services we offer, we have provided below more information regarding certain data protection practices in our Financial & Risk, Legal and Tax & Accounting businesses.
Financial & Risk Products and Services
Our global Financial & Risk business provides Services to financial industry, compliance and risk professionals, helping them with efficiency tools and data to assess and improve risk and compliance management, analyze and access financial transactions, generate better returns and create efficient, reliable business infrastructure. Such Services will process personal information entered by our customers as well as provide publicly available information about individuals to assist customers with governance, risk and compliance activities.
For example, Financial & Risk provides a Service called World-Check, which helps financial institutions, corporates, professional services firms, governments, law enforcement agencies, regulators and other World-Check customers to perform due diligence and other screening activities in accordance with their legal or regulatory obligations and risk management procedures carried out in the public interest. For this Service, Thomson Reuters may store personal data entered by a customer and also will make information about individuals available to such customer for use limited to compliance and other public interest purposes. World-Check has its own privacy statement, which is available here: https://risk.thomsonreuters.com/en/terms-of-business/world-check-privacy-statement.html.
For more information about how your bank, counterparty or finance or risk professional handles your personal information, please contact them directly.
Legal Products and Services
Our global Legal business provides research and business management and efficiency tools to the legal profession, often processing personal information that our users input into the Services. For example, if a law firm uses our firm management Services, they may record personal information when using those Services and they may ask us to hold or access it on their behalf (e.g., to provide software/Service support).
Thomson Records Legal public records products include the CLEAR suite of products and public records data on Westlaw, including PeopleMap and Company Investigator. These products are made up of consumer and company data aggregated from government agencies and reputable third party private data providers. These products are available only to authorized businesses and government organizations for their legitimate internal business uses and subject to applicable law. In addition to this Statement, these products are also subject to the Public Records Privacy Statement, available here: https://legalsolutions.thomsonreuters.com/law-products/about/legal-notices/privacy/records?CID=TRSite.
For more information about how your legal professionals handle your personal information, please contact them directly.
Thomson Reuters recognizes and respects that many of its customers and users of our Legal business Services (such as Westlaw and Practical Law) may be subject to ethical obligations to protect confidences with their clients. Where we act as a service provider in regard to the personal or confidential information that our customers or users input into our Legal Services, we do so in accordance with permissible law and we do not use any such information other than to provide, administer and improve our Services, provide user support or to meet our legal obligations.
Tax & Accounting Products and Services
Our global Tax & Accounting business provides tools that support tax and accounting professionals. These Services typically process personal information on behalf of our customers when they use our Services. This may include sensitive personal information such as information that could determine a person’s race, ethnicity, sexual orientation and/or health status. For example, if an accountant uses our tax and accounting software, they may use it to process information about individuals and they may ask us to hold or access that information on their behalf (e.g., when providing software/Service support).
If you would like to find out more about the personal information held by your accountant or tax professional, please contact them directly.
If you have any questions, comments, complaints or suggestions in relation to data protection or this Statement, or any other concerns about the way in which we process information about you, please contact our Privacy Team at email@example.com or at Privacy Team, Thomson Reuters, 30 South Colonnade-Canary Wharf, London E14 5EP, United Kingdom.
If you are not satisfied with the response, we encourage you to escalate your query to our Data Protection Officer at firstname.lastname@example.org or at Data Protection Officer, Thomson Reuters, 30 South Colonnade-Canary Wharf, London E14 5EP, United Kingdom.
Additionally, if you wish to locate a Thomson Reuters office, please see https://www.thomsonreuters.com/en/locations.html.
Filing a Complaint. If you are not content with how Thomson Reuters manages your personal information, you can lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where:
A list of National Data Protection Authorities in the European Economic Area can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
This Statement may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Statement affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on a product site or email you to let you know of an updated Statement.
The website will be unavailable during the upgrade (2 hours)