PRIVACY NOTICE: YOUR PERSONAL DATA
We need to tell you about the types of data we process about you, what we do with your data, and why we do it. The purpose of this Notice is to provide you (whether you are a client or other third party) with helpful information in this regard. If you have any questions, or if you want any further information, you can contact us using the contact form on the webpage or by emailing firstname.lastname@example.org.
What types of data do we process?
We process personal data about lots of different categories of people, including our clients, people involved in matters we act on for our clients, people we or our staff have relationships with, and other third parties who interact with us (either directly or through our website). Because of the nature of the services we provide, the types of data we process can be quite varied, but will usually include full names, contact details, and associated client information. Depending on the nature of our relationship with you, we may also process information about your business and company affiliations; identification (including copies of your passport); financial affairs; family, lifestyle and social circumstances; education and employment background; the services we provide you or your company; your preferences (including when visiting our offices); your relationship with our staff; the goods or services you or your company provide us; and your use of our website.
In some circumstances we may process special categories of personal data about you, in which case we take particular care to only process such data in accordance with the strict legal parameters. This type of data can include information about your health (including information you provide about your dietary requirements when attending meetings – see below); racial or ethnic origin; religious or political beliefs; trade union membership; sex life or sexual orientation; genetic or biometric data; or philosophical beliefs.
We may obtain personal data from our website, you directly, from our clients, from third parties involved in matters we act on for our clients, and from other third parties (including publicly available information). Such third parties might include, for example, recruitment agencies, regulators, suppliers and professional bodies.
Where you are our client:
► it will sometimes be necessary for you to provide us with information directly, and in those cases it is your responsibility to ensure that all such information is complete in all material respects and not misleading. The accuracy and appropriateness of our advice may be affected as a consequence of your failure to do so;
► you may also provide us with personal data about other people. Please ensure you provide them with a copy of this Notice, where appropriate to do so;
► if any information changes, please let us know so that we can keep it updated on our systems;
► please see the specific section below relating to the client due diligence information we collect.
What do we do with your data?
We process personal data for the purpose of providing legal services to our clients and also for our own general business purposes including (without limitation):
► fraud prevention, anti-money laundering, anti-bribery and for the prevention or detection of crime;
► ensuring the safety and security of our people and premises;
► disclosures to our auditors, our own legal and other professional advisors, our banks, insurers, and insurance brokers;
► managing our business performance, assessing client satisfaction (such as by asking client representatives to participate in surveys), enhancing the client experience, conducting specific tests on or developments to our existing or new systems, networks, applications and software, and general improvement of our services;
► advertising, marketing and public relations, including sending you direct marketing communications (insofar as we are permitted by law).
What basis do we have for processing your data?
We will only process your personal data where we have a lawful basis for doing so. In general, our lawful basis will be one or more of the following:
► that the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract;
► that the processing is necessary for compliance with our legal obligations;
► that the processing is necessary for the purposes of pursuing our legitimate interests (this includes carrying out the business of providing legal services and pursuing our general business interests);
► that the processing is necessary for the establishment, exercise or defence of legal claims;
► that the processing is necessary for a task carried out in the public interest/reasons of substantial public interest.
In addition, in some circumstances we may process personal data on the basis that you have provided your consent, for example, through instructing us on a matter (including, in some instances, in respect of special categories of personal data about you – such as, data about your racial or ethnic origin, political opinions, religious beliefs or data concerning your health).
Please note that you have the right to withdraw any such consent, which you can do by getting in touch with us using the contact details below.
Who do we share your data with?
In providing services to our clients and in complying with our legal obligations, we may share the personal data that we obtain about you, insofar as we are permitted by law to do so, with the following third parties:
► third parties involved in any matter, including (without limitation) courts, tribunals, counterparties, experts, private investigators, and other third parties involved in a matter;
► suppliers and service providers used by us in providing services, details of which can be made available on request, including (without limitation) postal services, document storage facilities, front of house teams and IT service providers such as cloud providers of software as a service, data room providers and providers of our IT servers;
► financial organisations, debt collection, credit reference and tracing agencies;
► our auditors, our own legal and other professional advisors, our banks, insurers and insurance brokers;
► government agencies (including Her Majesty’s Revenue & Customs), regulators and other authorities (including (without limitation) the Information Commissioner and Ombudsmen); and
► our and your trade associations, professional bodies and business associates.
How long do we keep your data?
We will keep your personal data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The appropriate retention period depends on the nature of the information (for example, we apply different retention periods to our staff information as opposed to information on our client files), and are subject to change.
If you have any questions in this regard, or any concerns about how long we keep your information for, please contact us.
Client due diligence
As a law firm subject to certain requirements under anti-money laundering/counter-terrorist financing regulations, we are required to obtain client due diligence information and documentation (CDD) in order to comply with our regulatory requirements. The CDD, which may include personal data about you, may be obtained from you directly or from publically available sources or third party information providers (such as company and risk intelligence databases).
We process CDD only for the purpose of complying with our regulatory obligations including, but not limited to, for the purposes of the prevention of money laundering and terrorist financing.
Our lawful basis for this processing will generally be that such processing is necessary for the performance of a task carried out in the public interest, that the processing is necessary for compliance with a legal obligation to which we are subject, and/or that the processing is necessary for reasons of substantial public interest (or as otherwise stated in this Notice).
Please note that we require CDD in order to determine whether we can accept you as a client or proceed with a particular instruction from you (including assessing any third parties associated with this instruction). Therefore, if you do not provide the CDD we have requested, we may be unable to provide services to you.
We may use your contact details to send you marketing materials, provided we are permitted to do so by law. You always have the right to unsubscribe from any marketing. You can do so by clicking on the relevant link in the next email we send you, or by contacting us directly using the details below.
Our marketing emails may contain cookies or similar technology to enable us to understand how you have interacted with our content including whether and when you opened our email. Please see our Cookies Policy for more details. If you are unhappy with this, please ensure you unsubscribe from our marketing.
Attendance at events
When you attend events or meetings arranged by us, you may choose to provide us with details of your dietary requirements and such information may include special category data. We will pass this information on to our catering teams accordingly, some of whom will be third parties contracted by the Firm. You have the right to withdraw your consent to our processing of this information at any time by contacting us using the details below.
At some events there may be a photographer and/or film-maker present and the images they provide may be used for publicity and marketing purposes. This might include (but is not limited to), use in printed and online publicity, social media and press releases. If you would prefer us not to use your image, please contact the event organiser or speak to one of our staff onsite at the event.
Call recording software
In some instances, we may record telephone calls when using our call conferencing software. In any case where you’re on a call that is being recorded, you will hear an automated notification. Generally, our purpose for recording the call will be to enable us to type up a record of the discussion. We will usually delete the recording once we have done so. However, in some instances we may retain a copy for longer insofar as is necessary. The recording may be temporarily stored by our third party call conferencing software provider, on their servers outside the UK and outside the European Economic Area (EEA). The necessary standard contractual provisions are in place for this transfer.
In order to make signing contracts easier, we may use e-signature software. This involves inputting your contact details into our third party e-signature software (DocuSign) and uploading the relevant contract for signature, which may contain personal data about you. In general, the data will be stored on servers within the EEA and will be deleted following a short retention period.
Your use of our website: cookies
There are a few specific details we want to provide you with when you use our website, particularly in relation to Cookies. A Cookie is a small file downloaded on to your computer or device when you access certain websites. Generally Cookies identify you through your IP address and do not collect information about your identity. For more information about Cookies please visit www.allaboutcookies.org.
Cookies allow us to distinguish you from other users of our website and help us to provide you with a good experience when you browse our website and also allow us to improve our website.
► understanding what brought you to our website and what pages you visited;
► remembering you when you return to our website; and
► providing you with safe restricted access areas.
You can manage Cookies by changing your browser settings to block or delete cookies. To find out how, visit www.allaboutcookies.org Please note that if you block all cookies you may not be able to access parts of our website.
For more information about the types of Cookies we use and what we use them for, please see our Cookies Policy on our website (a hard copy is available on request).