It applies not just to use of our website, but also to personal information that we process through offline interactions with you in the course of running our business and delivering our services. This includes potential and existing clients, people interested in working for or with us and our suppliers. We maintain separate privacy notices that apply if we engage with you as an employee or, contractor. .
Information about us
Types of personal information obtained, purposes and legal basis
We collect and use personal information from different categories of individual for several different purposes. The legal basis for processing your personal information will typically be one of the following:
- your consent
- to perform a contract with you or a relevant party
- legitimate interests in operating our business, which includes recruitment (whether as an employee or contractor), dealing with your enquiries and requests, providing services to clients, inviting you to events and conducting research and analysis related to the alternative legal services industry, or
- to comply with our legal obligations.
If you submit an application to join us, whether as an employee or contractor: we will hold any personal information you provide to us (via our website or other methods), or that is sent to us by a third-party recruitment agency or website. This is likely to be your name, contact details and personal information contained in your CV. We will use this information for the purpose of communicating with you and evaluating your application.
If you fill in a form on our website to contact us or download a document: we will store the information you enter or submit (e.g. name, contact details, comment and any other information you choose to submit) for the purposes of responding to your enquiry and business development.
If you receive our email newsletters or marketing materials or we invite you to events: we will hold your email address for the purpose of sending you updates and news that we think you will find interesting and occasionally inviting you to events (in which case we may need extra information such as dietary and access requirements). You can unsubscribe from these at any time by using the “unsubscribe” links at the bottom of each email.
If you work for one of our clients or a partner organisation or if you are an industry contact: we may hold your name, company, job title and contact details and in certain situations, we may hold your identity and background information for the purposes of know your client checks or your testimonial, feedback or opinion. We will have been provided with this information either by you or your employer or in some cases we may have sourced it from publicly available sources, such as LinkedIn and internet searches. We need this information in order to interact with you (or your employer) for the purposes of performing services for clients and communicating with relevant people. We may also need this information for regulatory reasons.
If you are a supplier or work for a supplier: we may hold your name and contact details in order to interact with you or your employer to procure and pay for goods and services.
If you engage the services of our legal practice, are a counterparty to our client or otherwise have a relationship with our client: we will hold personal information you, our client or a third party provides to us, which is likely to include your name and contact details, and may also include your date of birth, employment, education history and sensitive information. We will use this information for the purpose of providing our clients with legal services. Due to the legal services we perform for our clients, we may hold personal information about you, which we have received from a client, without obtaining your direct consent.
Please note that providing personal information to us is voluntary on your part. If you choose not to provide us with certain information, we may not be able to assist you, consider your application or provide you with services.
Cookies and similar technologies
Retention of personal information
We retain personal information in accordance with our data retention policy, which is based on the purposes for which the personal information was collected, taking into account applicable data protection laws, retention periods under applicable laws, limitation periods and our business needs.
Personal Information Sharing
We may share your personal information with the following third parties in certain circumstances:
- Other entities within the LOD group and network*
- IT service providers acting as data processors (see below) who provide services or cloud-based software to enable us to operate our business
- Professional advisors such as lawyers, bankers, accountants or auditors in order to provide legal, finance, accounting or auditing services
- Third parties engaged or involved in the course of the services we provide to you, such as experts, barristers and counterparties
- Third party event hosts, speakers and attendees
- Law enforcement or regulatory authorities (such as tax authorities) if required by applicable law, and courts and tribunals where necessary
We also reserve the right to disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy. If any of these events happen, we will require the relevant third parties to provide comparable levels of protection that we provide to you with respect to the information we share.
Our IT service providers (acting as data processors) generally fall under the following categories:
- Website analytics
- Website and data hosting
- IT and system administration
- Document storage
- Email, contacts and calendar
- CRM, accounting and billing
Your personal information rights
The personal information we hold about you is your information, and you have certain rights over the information under applicable data protection laws. You have the right to request a copy of all personal information we hold relating to you. You also have the right to require us to correct any mistakes in the personal information we hold relating to you, so please let us know if we need to update any of your personal information we hold. Under some applicable data protection laws you may also have the following rights:
- Where we are processing your information based on your consent you may be able to withdraw that consent, however we may still be able to process your personal information to the extent permitted by applicable data protection laws.
- Where we process your information based on a legitimate interest you may have the right to object to our processing of that information if you feel it impacts on your fundamental rights and freedoms.
- You may have the right to object where we are processing your personal information for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
- In certain situations, you may have the right to require us to erase personal information where there is no good reason for us continuing to process it, or to request restriction of processing of your personal information.
- Finally, you may have the right to request the transfer of your personal information to you or a third party in a structured, commonly used, machine-readable format in certain circumstances.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below).
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Transfers of personal information
We may transfer the personal information we collect to, and store such information in, other countries which may have different data protection laws than the country in which the information was provided. If we do so, we will always take measures to comply with legal requirements under applicable data protection laws and to protect that information.
For personal information collected by our European entities, we do not directly transfer any of your personal information outside the European Economic Area (EEA) other than to other LOD entities as required for business purposes, and we have EU standard contractual clauses in place between LOD entities to protect such information . However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. Most of them reserve the right to hold copies of your personal information outside the EEA.
In each case we and our processors employ mechanisms to help safeguard your privacy rights, as required under applicable data protection laws, such as:
- Certain processors only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the relevant regulator.
- Providers storing information in the US, may be self-certified to the EU-US Privacy Shield which requires them to provide similar protection to personal information shared between the Europe and the US.
- With certain service providers, we may use specific contractual clauses approved by the relevant regulator which give personal information the same protection it has in the country in which it was collected.
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal information outside the country where it was collected.
Automated decision-making: GDPR gives individuals the right to object to decisions being taken through the processing of their personal information by automated means if it produces legal effects concerning them or similarly significant effects. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal information.
Rights to lodge a complaint with the Regulator: At all times, you have the right to report a concern or lodge a complaint with any relevant regulator.
In the EU this will be the UK Information Commissioner’s Office.
Of course, we hope that we can resolve your issue quickly and fairly ourselves.
How to contact us
If you have any questions, concerns or just want some more information about our privacy management, please drop us a line at email@example.com