Privacy Policy

What information do we hold about you?

Personal data, or personal information, means any information about an individual from which that person can be identified.

We may collect, store, and use some or all of the following categories of personal information about you:

• Personal contact details such as name, title, addresses, telephone numbers, email addresses, and business contact information.
• Date of birth.
• Gender.
• Marital status and dependants.
• Bank account details.
• Information included on invoices provided by contractors and suppliers.
• Information about your use of our information and communications systems, including, for the avoidance of doubt, any personal use by you of such systems, such as information about your personal devices through your use of our wifi at any of our offices, our website or portals.
• Photographs if you attend any of our events.
• Records of your attendance at any of our offices (which may include CCTV records being made available to us by our building managers from time to time.
• Any other information provided by you, or any third party, to us, in connection with any matter on which you or one of our clients has instructed us to act or advise.

We may also collect, store and use more sensitive personal information (Special Categories) to the extent that you voluntarily share it with us during the recruitment process, including the following types of information:

• Information about your race or ethnicity, religious beliefs, sexual orientation, and political opinions.
• Trade union membership.
• Information about your health, including any medical condition, health, and sickness records.
• Information about criminal convictions and offences.

How is this information collected?

We collect personal information about you through:

• information which you provide directly to us;
• information collected automatically through our website or our client portals;
• information about you provided to us by third parties, including our clients, other people we are communicating with when we deal with any matter for our clients, PR agencies and databases to which we subscribe, and other third parties.

How do we use this information?

Our legal bases for using your personal information.

We use the categories of information in the list above to allow us to, as relevant:

• perform our contract with you;
• comply with legal obligations; and
• pursue legitimate interests of our own (for example, in furtherance of our own business) or third parties’ (such as our clients’) legitimate interests.

We may also use your personal information in the following situations:

• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest or for official purposes.

How we may use your personal information

The types of situations in which we may process your personal information, depending upon the nature of your relationship with us, are listed below:

• to provide you with our services and other information, including your use of our website;
• to issue invoices, manage accounts and records, collect payments and debts or administer payments to you;
• to provide our services to our clients;
• to facilitate you providing your services to us;
• to contact you to inform you of our services or events and to send you updates on issues we think will be of interest to you and about or arising from our events and publications;
• to respond to any query you have made of us, including providing information about our people and services where you have made a website inquiry;
• for marketing purposes and market research;
• to administer our website and help us improve our services;
• for press releases, invitations to meet our staff and management team, press events to highlight any spokespeople;
• to comply with our legal obligations;
• determining the terms on which we work with our clients and suppliers;
• undertaking checks as to your identity, credit, immigration status, and similar if we will be working together;
• in our business management and planning, including accounting and auditing and otherwise in the furtherance of our business;
• in conducting reviews of our relationship, including managing performance and expectations on either side;
• gathering evidence and investigating any matter related to a concern or dispute, including conducting any mediation, arbitration, or litigation process;
• making arrangements for the extension, re-contracting or termination of our working relationship;
• to prevent fraud;
• to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
• to conduct data analytics studies relating to your use of our website;
• complying with our obligations in respect of the Solicitor’s Regulatory Authority and related regulatory (including foreign regulatory) requirements;
• in furtherance of our pro bono and corporate social responsibility initiatives, which we consider to be core elements of our business;
• in our emergency contact and business continuity procedures; and
• complying with any request by you.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Please note that we may process your personal information without your knowledge or consent in compliance with the above where this is required or permitted by law.

Special Categories of personal information

When we can use it

Special Categories of personal information require higher levels of protection. We may process such information in the following circumstances:

• with your explicit written consent;
• processing is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), for obtaining legal advice or otherwise necessary for the purposes of establishing, exercising or defending legal claims;
• processing is necessary for reasons of substantial public interest; or
• processing is necessary for the purposes of preventive or occupational medicine, of the assessment of working capacity;
• where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent; or
• where you have already made the information public.

How we may use it

We may use Special Categories of personal information in the following ways:

• to provide our services and other information, including your use of our website, to you;
• to provide our services to one of our clients;
• to facilitate you providing your services to us;
• to respond to any query you have made of us, including providing information about our people and services where you have made a website inquiry;
• to comply with our legal obligations;
• gathering evidence and investigating any matter related to a concern or dispute, including conducting any mediation, arbitration or litigation process;
• complying with any request by you.

Consent

We do not need your consent to process your personal data where we have another legal basis to do so, as set out above. However, if we do need to seek your consent to processing, we will provide you with reasonable details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us and, where you have given consent, this can be withdrawn at any time by contacting [email protected].

Automated decision making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

• Where we have notified you of the decision and given you 21 days to request a reconsideration of the decision.
• Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
• In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We do not currently envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Data Sharing

Why might you share my personal information with third parties?

We do share your data with third parties, (including third-party service providers and our other entities) where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

If we do share data, we require third parties to take appropriate security measures and only process your data for specified purposes.

Which third-party service providers process my personal information?

“Third parties” includes third-party service providers (including contractors and designated agents). 

As part of our relationship we may also provide your personal data to third parties. For example, the nature of the work we provide to our clients may require us to engage with and provide your personal data (as relevant to the matter) to third parties such as experts, translators and data-site or other document hosting services. We may provide your personal data to third party event organisers or webinar hosts.

We may also provide your personal data to the third party service providers we use in the course of administering our business, for example, word processing services, auditors, IT systems providers, lawyers and other professional advisors, insurers, credit and identity check providers.

Your personal information may also be provided to the press and other media sources as part of any agreed press release relating to any transaction we work on with you.

We may also disclose any personal information to comply with a legal requirement, for the administration of justice, interacting with anti-fraud databases, to protect your vital interests, to protect the security or integrity of our databases or this website, to take precautions against legal liability or in the event of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution or similar event including disclosure of your information to any successor of ours.

Transferring information outside the UK and the EU

We may transfer the personal information we collect about you to countries outside the UK and the EU in order to perform our contract with you.

As set out above, your data may be processed by our other entities, including those outside of the UK and the EU. Some of our third party service providers are also based outside the UK and the EU. However, to ensure that your personal information does receive an adequate level of protection, we have put in place contractual obligations to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK, EU and local laws on data protection.

If you require further information about these protective measures, you can request it from [email protected].

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

We have a Data Protection Policy with which our staff are required to comply and we have provided training to our staff regarding their obligations in ensuring the security of your personal data and staff are aware that misuse of personal data may be grounds for disciplinary action against them.

We also have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

Our intention is to retain your personal information for only as long as necessary to fulfil the purposes for which we collected it, including for the purposes of professional regulations, our insurance or other business custom or satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider its amount, nature, and sensitivity, the potential risk of harm from its unauthorized use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means.  If you would like any further information about our internal data retention processes you should contact [email protected]

Rights of access, correction, erasure, and restriction

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to be told about how that information has been collected and used.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
• Object to processing of your personal information where we are relying on our own legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
• Withdraw consent for the processing of your personal information. In the limited circumstances where you have provided your consent to the collection and processing of special category personal data you may wish to withdraw your consent. If you notify us of such withdrawal we will no longer process that personal information unless we have another legitimate basis for doing so.

You will not usually have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

How you exercise these rights

Any request in relation to any of the above rights should be directed to the Privacy Officer at [email protected] .

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.

Unsubscribe

If you have received any email from us with information about any of our services, events or legal updates, you are entitled to be removed from our electronic mailing list. You can do that by updating your preferences by clicking the link in any email that we send you or by replying to that email, or sending an email to [email protected] with “email unsubscribe” in the subject heading. 

Data collected through this website – cookies and similar technologies

In addition to the personal information we collect as described above, we use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP addresses and which web browsers they use. This technology does not personally identify you – it simply enables us to compile statistics about our visitors and their use of our website.

Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again, this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks.

In order to collect the anonymous data described in the preceding paragraph we may use cookie technology on our website.

A cookie is a small piece of information that is sent to your browser and stored on your computer’s hard drive, mobile phone or other device. Cookies do not damage your computer.

You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. However, some of the services and features offered through our website may not function properly if your cookies are disabled.

We use two types of cookies on our website:

1. Strictly necessary cookies
   
   These cookies are essential in order to enable you to move around the website and use its features. Without these cookies services you have asked for cannot be provided. They are deleted when you close the browser.
2. Performance cookies
   
   These cookies collect information in an anonymous form about how visitors use our website. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it.
   
   We may also use your IP address to help diagnose problems with our server, to administer our website and to improve the service we offer to you. An IP address is a numeric code that identifies your computer on a network, or in this case, the internet. Your IP address might also be used to gather broad demographic information.
   
   We may perform IP lookups to determine which domain you are coming from (eg aol.com, yourcompany.com) to gauge more accurately your users’ demographics.
   
   Information about these types of cookies and technologies or about website usage is not combined with information about you from any other source.
   
   None of the cookies or technologies that we use in this way personally identify you (unless, in the very rare circumstance, your domain is identical to your name).

Web insights

We use Google Analytics to provide insights into website visits from other businesses. No cookies are used.

Consent

To comply with current legislation we need to ask for your consent to set the performance cookies described above. When you arrive on our website a pop-up message will appear asking for your consent to place performance cookies on your device. In order to provide your consent, please click ‘continue’. Once your consent has been provided this message will not appear again when you revisit our website. If you, or another user of your computer, wish to withdraw your consent at any time, you can do so by altering your browser settings.

You can find out more information about cookies at www.allaboutcookies.org and www.youronlinechoices.com/uk/.

Links to other websites

This website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third party websites or any association with their operators. We do not control these websites and are not responsible for their personal data practices. We recommend you review any privacy notice posted on any site you visit before using the site or providing any personal data.

Further questions, feedback or complaints

If you have any questions or feedback about this Privacy Notice or how we handle your personal information, please contact the Privacy Officer at [email protected].

Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time and we may also notify you in other ways from time to time about the processing of your personal information.