Thomson Reuters Privacy Statement

Who is Thomson Reuters and how can I contact you?

Thomson Reuters Corporation is a Canadian corporation, and the Thomson Reuters group of companies is made up of numerous legal entities with offices located across the globe. Please see our full list of locations.

Thomson Reuters acts as a controller of your personal information where we determine how and why personal information can be used, and the Thomson Reuters company that provides the specific Service — as identified therein — is the primary controller of your personal information. This Privacy Statement, however, does not apply where we act as a processor or service provider to another controller, such as our customers.

Any comments, complaints, or questions may be emailed to privacy.issues@thomsonreuters.com or mailed to our Chief Compliance Officer and Data Protection Officer: Thomson Reuters, c/o Chief Compliance Officer, Landis + Gyr-Strasse 3, 6300 Zug, Switzerland.

What personal information do you collect and process?

For California residents, our required disclosures under CCPA/CPRA are as described in our California Statement.

A note on children’s online privacy: our online Services provide information solutions intended for professionals, and we do not knowingly collect any personal information from children under the age of 16.

How do you collect personal information?

• Direct interactions. You voluntarily provide your personal information when you interact with us, such as when you register for Services, fill in forms, communicate with us, apply for jobs, and work for us. In some cases, if you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you, or respond to your inquiries.

• User contributions. We collect your personal information when you or others upload, share, send, or input that information through our Services or networks or when you or they communicate with us.

• Automatically. We automatically collect personal information about you when you interact with us, such as when you use our Services, visit our offices or events, open emails or view advertisements from us, or communicate with us. We may collect some of this personal information by using cookies and other similar technologies and we recommend you review our Cookie & IBA Statement for more information.

• Third-party or publicly available sources. We may receive your personal information from third parties, such as our third-party business partners, including data brokers and advertising partners; your organizations; governmental agencies who publish public records; and other publicly or generally available sources, including online websites.

How do you use personal information?

This section includes details of the purposes for which we use personal information and the different legal reasons — also called legal basis — for processing that personal information.

Who do you share personal information with?

• Your organizations and contacts.

• Affiliates within the Thomson Reuters group of companies.

• Third-party business partners that support our business, such as our content and other partners, vendors and subcontractors, analytics providers, advertising and marketing agencies, credit agencies, and other third parties we engage.

• Third parties to market their products or services to you.

• Third-party customers and users where the Services and content include your personal information, such as when we aggregate information from various public and private sources to create listings, reports, profiles, and directories — like attorney and legal professional directories — in which this content may be made available to all users of those Services. Under some local privacy laws, this may constitute a “sale” of personal information.

• With governmental agencies and third parties involved in our sale or purchase of a business or assets, including in connection with a merger, divestiture, restructuring, reorganization, bankruptcy, liquidation, dissolution, or other disposition of assets.

• With law enforcement, government agencies, or other third parties in order to comply with any law, court order, legal request, or other legal process, as well as to enforce our agreements or protect the rights, property, or safety of our business, employees, customers, or others — including for the purposes of cybersecurity, fraud protection, and credit risk reduction.

• With others when necessary to fulfill your consents or to follow your instructions.

Where do you store personal information?

As described above, we are a global organization, so your personal information may be transferred outside of your home country and may be stored in and accessed from multiple countries, including the United States. When you interact with us, you authorize us to transfer your personal information outside of your home country, and you acknowledge the risk that we may transfer your personal information to countries that may provide less protection than your home country’s privacy laws, and we may not be able to prevent government authorities in some countries from accessing your personal information.

For individuals located in the European Union, the United Kingdom, and Switzerland, please see our European Data Privacy Framework Supplemental Statement for how we transfer your personal data to the United States.

What steps do you take to secure personal information?

We work to implement technical and organizational measures designed to protect the security of personal information. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security. The security of your information also depends on you: you are responsible for using unique, strong usernames and passwords for each of your accounts and for keeping those usernames and passwords confidential. We are not responsible for the circumvention of any privacy settings or cybersecurity measures contained in our Services, and any transmission of personal information is at your own risk.

How long do you retain personal information?

We retain personal information as required by our enterprise records retention schedule, which varies by Service, business function, country, record classes, and record types. We calculate the retention period based upon the time the personal information is needed to fulfill the purposes described in this Privacy Statement; meet the timelines required or recommended by regulators, professional bodies, or associations; comply with applicable laws, legal holds, and other legal obligations, including contractual obligations; and comply with your requests.

We take steps to permanently destroy any biometric data we maintain within the applicable timeframe specified by law or when it is no longer necessary to achieve the purpose for which it was collected or obtained, whichever occurs first. Initial purposes for collection may end, for example, when:

• The individual’s identification has been verified
• The individual’s employment is terminated
• The individual last interacts with or cancels their account for the Service that uses biometric data
• The contract that permitted the collection and use expires or is terminated
• The consent that permitted the collection and use is withdrawn

What rights do I have over my personal information?

Your local privacy laws may grant you rights with respect to your personal information, and we will not knowingly discriminate against you because you have exercised any of your privacy rights. These rights differ based on the local laws that apply to you but could include one or more of the following:

• Right to withdraw consent — when we process your personal data based on your consent — without affecting the lawfulness of processing based on consent before its withdrawal. 
• Right to confirm we process your personal information and, if so, to access — including, where possible, in a portable format — correct, complete, and delete your personal information. 
• Right to restrict or object to the processing of certain personal information, including, where relevant, the right to opt out of our processing of your sensitive personal information and opt out of automated decision making or profiling that produces a legal or similarly significant effect. 
• Right to opt out of marketing emails from us, in which you may email us or click the unsubscribe link at the bottom of each email that you receive from us.
• Residents of certain U.S. states may also have the right to opt out of the use of their personal information for profiling or targeted advertising, including online behavioral advertising, and to opt out of the sale or sharing of their personal information, in which you may, in addition to the below, click the “Do not sell or share my personal information/limit the use of my sensitive personal information” link or change the cookie settings through our cookie banners. 

California residents may have the rights as described in our California Statement and requests for our Public Records Products can be submitted as described in our Public Records Privacy Statement.

To submit a request, you can contact us through our Data Subject Rights Portal, email us at privacy.issues@thomsonreuters.com, or call us at 866-633-7656.

Important: These rights are not absolutely guaranteed and there are several exceptions where we may not have an obligation to fulfill your request. We are only required to honor these rights to the extent we act as a controller of that data, and the requested rights have been granted and apply to you under applicable data protection laws. Please consult your local data protection laws to determine what rights may be available to you and when access to these rights is limited.

You may appeal an adverse decision on your requests by emailing or writing to us, and you have the right to lodge a complaint to your local regulator or attorney general if you are not satisfied with our responses to your requests or how we manage your personal information. However, we encourage you to contact us first so we can address your concerns directly. Please note the following information:

• In Argentina, the Agency for Access to Public Information, in its capacity as the supervisory authority of Law No. 25,326, has the power to deal with complaints and claims filed by those affected in their rights for breach of the regulations in force regarding the protection of personal data.
• In South Africa, you may file a complaint with the Information Regulator via email at PAIAComplaints@inforegulator.org.za.
• In the European Union, supervisory authorities and their contact information may be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Changes to this Privacy Statement

This Privacy Statement is expected to change over time. We reserve the right to update it at any time for any reason. We will notify you of changes to our Privacy Statement by updating the “last updated” date and posting the updated Privacy Statement on this page. We may email periodic reminders of our notices and terms and conditions, but you should check our Services frequently to see the current Privacy Statement and any changes made to it.

If there are any differences between the English version of our Privacy Statement and a version translated into another language, the English version controls.

Supplemental Privacy Statements

Depending on the specific Service you are using or specific interactions you have with us — such as when you apply for a job or work for us — we may provide different or supplemental privacy statements that describe and govern how we use your personal information. When we do so, those different or supplemental privacy statements apply to that specific Service or those specific interactions. Of note, please review these supplemental privacy statements:

• For individuals located in the European Union, the United Kingdom, and Switzerland, please see our European Data Privacy Framework Supplemental Statement for how we transfer your personal data to the United States.

• For California Consumers, please review our Supplemental Privacy Statement for California Consumers under CCPA/CPRA (California Statement).

• For our content that is distributed within our Services — with respect to personal information included in such content — please review our Informational Content Privacy Statement.

• For our Risk, Fraud, and Compliance products (“Public Records Products”) — such as PeopleMap, Public Records on Westlaw, Company Investigator, Court Express, Batch Services, and CLEAR — please review our supplemental Public Records Privacy Statement.

• For more information on our use of cookies and other automated technologies, as well as interest-based advertising, please review our Cookie & IBA Statement.

European Data Privacy Framework Supplemental Statement

All U.S. entities and subsidiaries of the Thomson Reuters group of companies listed in our self-certification strive to comply with the relevant EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom — and Gibraltar — in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy statement and the EU-U.S. DPF Principles or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.

The types of personal data we collect, the purposes for which we collect personal data, the categories of third parties to which we disclose personal data and the purposes for doing so, the right of individuals to access their personal data, and the choices and means we offer individuals for limiting the use and disclosure of their personal data are as set forth in our Thomson Reuters Privacy Statement. We are committed to subjecting all personal data received from the EU, the UK, and Switzerland in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, respectively, to the DPF Principles. Under the DPF Accountability for Onward Transfer Principle, we remain responsible for any of your personal data that we share with third parties acting on our behalf. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact us at Thomson Reuters, c/o Chief Compliance Officer, Landis + Gyr-Strasse 3, 6300 Zug, Switzerland or via email at privacy.issues@thomsonreuters.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Under certain conditions, it may be possible for you to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please visit https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 for additional information.

We last updated this Data Privacy Framework Statement on April 8, 2024.

This Supplemental Privacy Statement for California Consumers under CCPA/CPRA (“California Statement”) supplements our Privacy Statement and further explains required disclosures about how we collect, disclose, and sell or share the personal information of California consumers and the rights that California consumers may have under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA/CPRA) where we act as a business under CCPA/CPRA. When we use the term “personal information” in this California Statement, we are using that term as CCPA/CPRA defines it, which generally means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. However, personal information does not include publicly available, deidentified, or aggregate consumer information, which are all defined in CCPA/CPRA.

What categories of personal information do you collect, and who do you share it with or sell it to?

In general, the categories of personal information we collect, sources of that information, business and commercial purposes for why we collect and use it and who we share it with, as well as our personal information retention practices, are as outlined in our Privacy Statement.

However, California law requires we restate some of this information for specific categories that are defined in CCPA/CPRA. The type of personal information we collect and how we handle that personal information, including if we share or sell that personal information, depends on how you are specifically interacting with us and which Services you are inquiring about. In general, we have collected, disclosed for a business purpose, and sold or shared the following categories of personal information and sensitive personal information from California consumers within the last 12 months:

Categories of personal information collected

Categories of personal information disclosed for a business purpose

Categories of personal information sold or shared

Your privacy rights

If you are a California consumer, you may have one or more of the following rights under CCPA/CPRA:

• Right to confirm we process your personal information and, if so, to request we disclose to you: 
  • The categories of personal information we collected about you 
  • The categories of sources from which the personal information is collected 
  • The business or commercial purpose for collecting, selling, or sharing personal information 
  • The categories of third parties to whom we disclose personal information 
  • The specific pieces of personal information we have collected about you
• Right to access — which may include a portable copy — correct, complete, or delete specific pieces of personal information we hold about you.
• Right to limit our use and disclosure of your sensitive personal information.
• Right to opt out of the sale of personal information, as sale is defined under CCPA/CPRA. 
• Right to opt out of the sharing of personal information, as sharing is defined under CCPA/CPRA.
• Right not to receive discriminatory treatment for exercising your rights under CCPA/CPRA.
• Additionally, California Civil Code Section 1798.83 may permit you the right to request information regarding the personal information about you we disclose to third parties for the third parties’ direct marketing purposes.

To make a request, you can contact us through our Data Subject Rights Portal, by emailing us at privacy.issues@thomsonreuters.com, or by calling us at 866-633-7656. Requests to opt out of the sale and sharing of personal information can also be submitted by clicking this “Do not sell or share my personal information and limit the use of my sensitive personal information” link. See our Cookie Policy for more information on exercising your rights.

Please provide us with enough information to verify your identity. We will use the information you provide to us to verify your request. If we cannot initially verify your identity, we may request additional information to complete the verification process, such as a copy of your driver’s license or a recent utility or credit card bill. You can designate an agent to make a request on your behalf by either having your agent send us a letter, signed by you, certifying that the agent is acting on your behalf and showing proof that they are registered with the California Secretary of State; or by you and the agent executing and sending us a notarized power of attorney stating that the agent is authorized to act on your behalf. Please note that we may still require you to verify your identity before we process a request submitted by your agent. 

Important: these rights are not absolutely guaranteed and there are several exceptions where we may not have an obligation to fulfill your request. We are only required to honor these rights to the extent that they have been granted to you and apply to you under CCPA/CPRA. Please consult CCPA/CPRA to determine which rights may be available to you and when access to these rights is limited. You may appeal an adverse decision on your requests by emailing or writing to us, and you have the right to lodge a complaint with the California Attorney General if you are not satisfied with our responses to your requests or how we manage your personal information. However, we encourage you to contact us first so we can address your concerns directly.

We last updated this California Statement on April 8, 2024.

This Cookie & IBA Statement supplements our Privacy Statement and specifically explains how we and our third-party business partners deploy cookies and other tracking technologies (“Tracking Technologies”), including for interest-based advertising (IBA), as well as the options you have to control them.

What are cookies and other tracking technologies?

Cookies are small text files placed on browsers, computers, and other devices to hold data. Web beacons, tags, pixels, embedded scripts, and other tracking technologies temporarily download pieces of code to remember information about website users and usage. Cookies and other tracking technologies are commonly used to identify users, remember their preferences, track their browsing activities, perform analytics on the use of our Services, and enable targeted advertising based on their online behavior.

These Tracking Technologies may be operated and set by us (“first-party trackers”) or by our third-party business partners, such as social media networks, advertising networks, and content providers (“third-party trackers”). They can be set either for a single visit through a “session tracker” so they are deleted after that visit or remain on your device to persist for multiple repeat visits through a “persistent tracker.”

Why do we use cookies and other tracking technologies?

We use Tracking Technologies for several different purposes. These technologies are widely used to remember you and your preferences and understand how you interact with us so that we may perform essential functions, such as providing our Services or delivering content and allowing users to register and remain logged in; personalize our Services and content and ensure a quality, consistent, and efficient experience for our users; analyze your usage of our Services and interactions with content, including emails; and to deliver and measure advertising, including IBA. We may also use these technologies to collect information about your online activities over time and across devices, third-party websites, or other online services.

How can you control the use of Tracking Technologies?

You may wish to restrict the use of cookies or completely prevent them from being set. Most modern browsers allow you to change your cookie and other tracker settings, and you can usually find these settings in your browser's options or preferences menu. Flash cookies can only be deleted within Adobe Flash rather than via your browser; please refer to this Adobe help page for information on how to manage Flash cookies. Additionally, you can opt out of Google Analytics by installing Google’s opt-out browser add-on. 

You may also see a “cookie banner” on some of our Services, which allows you to manage our use of cookies and other tracking technologies — click on the banner for more information regarding which cookies are used on that particular Service and what you may disable, but please note that you cannot disable any Tracking Technologies that are categorized as strictly necessary. 

Please be aware that some of the features of our Services may not function correctly if you disable all cookies or other technologies.

Do you honor “do not track” signals?

Generally, we do not currently respond to or take any action with respect to web browser “do not track” signals; however, in some instances, our third-party business partners that integrate with our Services will honor “do not track” signals.

What is Interest-Based Advertising?

Interest-based advertising (IBA) is also commonly referred to as targeted advertising, online behavioral advertising, and personalized advertising, and it generally means the delivery of personalized or targeted advertising to you that is tailored to your specific interests and demographics. IBA may also include analytics and reporting related to those advertisements, such as ad measurement and attribution, segmentation, and market research.

We may send you IBA based on the use of Tracking Technologies and other information you make available to us when you interact with our Services, our content, and our advertisements. We engage various third-party business partners to serve you IBA and we may share with those third-party business partners certain information about you and our Tracking Technologies to do so. Some of these third parties will deploy their own Tracking Technologies on our Services and content when doing so, wherein they automatically receive your IP address, browser or device information, and other information from these Tracking Technologies.

Some of our third-party business partners — and their business partners — may also use or provide us with additional information about you that they have independently collected from offline and online sources to better target and provide you with more relevant and useful advertising. Some of these third parties may collect personal information about your online activities over time and across different websites. Please note that we do not control the privacy practices of these third parties and their privacy practices are not covered by this Privacy Statement. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

How can you opt out of IBA?

In addition to the above, you may also be able to choose not to receive IBA from participating companies that participate with any of the following:

• The Digital Advertising Alliance (DAA), in which you may opt out of IBA using this DAA tool 
• The Network Advertising Initiative (NAI), in which you may opt out of IBA using this NAI Opt Out Tool and, for those in the EU/EEA, this tool
• The AppChoices App for opting out on mobile devices

Certain mobile devices may have an advertising identifier that allows companies to serve IBA to a specific mobile device using that identifier. Depending on your specific device, you may be able to limit advertising or sharing of that advertising identifier. You can also reset the advertising identifier or choose to turn off the device’s location tracking — including precise geolocation tracking — on your mobile device or for certain applications. See your device manufacturer to understand which options are available to you. For more details on your choices regarding the use of your web browsing activity for IBA, you may also visit the following sites: networkadvertising.org, optout.aboutads.info, youradchoices.com, and youronlinechoices.eu. 

Next, some of our Services may also display “Do not sell my personal information or do not share my personal information” links — or similarly named links — in which clicking those links may allow you to opt out of the “sharing” or “selling” of your personal information as required by certain local privacy laws. Doing so may limit the manner in which we and our third-party business partners may use your personal information in connection with IBA.

Please note that some of the options described above are browser specific or device specific, so you may need to opt out again if you use a different device or change browsers. Please also note that even if you opt out of receiving IBA, you may still receive advertisements and marketing materials, but they may not be personalized to you specifically.

We last updated this Cookie & IBA Statement on April 8, 2024.

1. Introduction

As a global business information services company, we proudly distribute informational content within our Services. This Informational Content Privacy Statement supplements the above Privacy Statement and further explains how we distribute and curate this informational content as part of our Services.

2. Why does Thomson Reuters publish informational content?

Thomson Reuters publishes various types of content, such as statutes, laws, regulations, rules, court cases, opinions, expert analysis, articles, forms, public records, treatises, dictionaries, and many other types of information that we believe have professional and jurisprudential value for our customers or the general public.

3. How does Thomson Reuters obtain informational content?

Thomson Reuters obtains informational content in a number of ways — sometimes we purchase or license the content from others; sometimes we receive the content pursuant to a contract where we are required to curate and distribute the content; sometimes we commission the content ourselves; and sometimes the content is collected from a number of public sources, like public records, journalistic sources, and information in the public domain. Any personal information contained in informational content that is subsequently distributed by Thomson Reuters originates from the original text of the informational content.

4. How does Thomson Reuters curate informational content?

In addition to distributing the informational content, Thomson Reuters curates the content — in other words, Thomson Reuters prepares and provides summaries, metadata, or other related information concerning the original content. For example, reported cases in our legal products might include a headnote, key cite, and other metadata, as well as the original full-text court case. In many cases, Thomson Reuters prepares the curation of the content. Any personal information contained in the curation is derived from personal information included in the original information content supplied by the source of that content.

5. Does Thomson Reuters edit or change the substances of the original information content?

Except for clerical or typographical errors and format changes in compliance with editorial house styles and except as directed by the source of the original information content, Thomson Reuters does not edit or change the substance of the original information content in most cases.

6. What if I want to change or delete my personal information contained in the information content or just want the informational content removed?

In many cases, Thomson Reuters is not the source of the information content, and we are not obliged to change or delete the substance of the original content — including any personal information — unless we receive a verified request from the source of the information content; for example, a court order from the court that issued the court case in the first place.

If you have any questions or concerns regarding the substance of any informational content or your personal information as contained in that information content, please contact the source of the informational content and work with them directly to resolve your questions or concerns. 

We last updated this Informational Content Privacy Statement on April 8, 2024.