It applies not just to use of our website, but also to personal information that we process through offline interactions with you in the course of running our business and delivering our services. This includes potential and existing clients, people interested in working for or with us and our suppliers. We maintain separate privacy notices that apply if we engage with you as an employee or, contractor.
We collect and use personal information from different categories of individual for several different purposes. The legal basis for processing your personal information will typically be one of the following:
If you submit an application to join us, whether as an employee or contractor: we will hold any personal information you provide to us (via our website or other methods), or that is sent to us by a third-party recruitment agency or website. This is likely to be your name, contact details and personal information contained in your CV. We will use this information for the purpose of communicating with you and evaluating your application.
If you fill in a form on our website to contact us: we will store the information you enter or submit (e.g. name, contact details, comment and any other information you choose to submit) for the purposes of responding to your enquiry and business development.
If you receive our email newsletters or marketing materials, fill in a form on our website to download a document or we invite you to events: we will hold your email address for the purpose of sending you updates and news that we think you will find interesting, sending you documents you have requested from our website and occasionally inviting you to events (in which case we may need extra information such as dietary and access requirements). You can unsubscribe from these at any time by using the “unsubscribe” links at the bottom of each email.
If you work for one of our clients or a partner organisation or if you are an industry contact: we may hold your name, company, job title and contact details and in certain situations, we may hold your identity and background information for the purposes of know your client checks or your testimonial, feedback or opinion. We will have been provided with this information either by you or your employer or in some cases we may have sourced it from publicly available sources, such as LinkedIn and internet searches. We need this information in order to interact with you (or your employer) for the purposes of performing services for clients and communicating with relevant people. We may also need this information for regulatory reasons.
If you are a supplier or work for a supplier: we may hold your name and contact details in order to interact with you or your employer to procure and pay for goods and services.
If you engage the services of our legal practice, are a counterparty to our client or otherwise have a relationship with our client: we will hold personal information you, our client or a third party provides to us, which is likely to include your name and contact details, and may also include your date of birth, employment, education history and sensitive information. We will use this information for the purpose of providing our clients with legal services. Due to the legal services we perform for our clients, we may hold personal information about you, which we have received from a client, without obtaining your direct consent.
Please note that providing personal information to us is voluntary on your part. If you choose not to provide us with certain information, we may not be able to assist you, consider your application or provide you with services.
We retain personal information in accordance with our data retention policy, which is based on the purposes for which the personal information was collected, taking into account applicable data protection laws, retention periods under applicable laws, limitation periods and our business needs.
We may share your personal information with the following third parties in certain circumstances:
We also reserve the right to disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy. If any of these events happen, we will require the relevant third parties to provide comparable levels of protection that we provide to you with respect to the information we share.
Our IT service providers (acting as data processors) generally fall under the following categories:
The personal information we hold about you is your information, and you have certain rights over the information under applicable data protection laws. You have the right to request a copy of all personal information we hold relating to you. You also have the right to require us to correct any mistakes in the personal information we hold relating to you, so please let us know if we need to update any of your personal information we hold. Under some applicable data protection laws you may also have the following rights:
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below).
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We may transfer the personal information we collect to, and store such information in, other countries which may have different data protection laws than the country in which the information was provided. If we do so, we will always take measures to comply with legal requirements under applicable data protection laws and to protect that information.
For personal information collected by our European entities, we do not directly transfer any of your personal information outside the European Economic Area (EEA) other than to other LOD entities as required for business purposes, and we have EU standard contractual clauses in place between LOD entities to protect such information . However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. Most of them reserve the right to hold copies of your personal information outside the EEA.
In each case we and our processors employ mechanisms to help safeguard your privacy rights, as required under applicable data protection laws, such as:
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal information outside the country where it was collected.
Automated decision-making: GDPR gives individuals the right to object to decisions being taken through the processing of their personal information by automated means if it produces legal effects concerning them or similarly significant effects. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal information.
Rights to lodge a complaint with the Regulator: At all times, you have the right to report a concern or lodge a complaint with any relevant regulator.
In the EU this will be the UK Information Commissioner’s Office.
Of course, we hope that we can resolve your issue quickly and fairly ourselves.
If you have any questions, concerns or just want some more information about our privacy management, please drop us a line at firstname.lastname@example.org