For the purpose of the General Data Protection Regulation (“GDPR”) the Data Controller is Waterfront Solicitors LLP (Registration Number OC343353) with registered address at 14 Weller Street, London SE1 1QU.
Please note that, where We process personal data on behalf of a client as part of the provision of Our services, We are a data processor. Our processing of such data shall be in accordance with the data processor agreement agreed with the applicable client, and is not covered by this Policy.
YOUR PERSONAL INFORMATION
Information We collect from you
We collect and process some or all of the following types of information in the course of providing Our services or your use of the website:
- If you have instructed Us to provide you with Our services (either on your own behalf or on behalf of your organisation), We will collect your name, contact details such as an e-mail address, telephone number or home address.
- We may also collect information to enable Us to check and verify your identity, and all such other necessary documents required to enable Us to undertake compulsory anti-money laundering checks prior to engagement.
- If We communicate with you in relation to a matter on which We are engaged to advise, We will collect your business contact information and any other personal data that you choose to share with Us.
- Information that you provide by filling in Our contact forms on the Website and specifically, personal details such as name, company name (if applicable), telephone number and email address. This includes any additional information provided at the time of submitting a contact form including information relating to the matter in which you are seeking Our advice or representation.
- We may collect information such as your business contact details if We meet you in person, or at a telephone or online meeting.
- If you contact Us, or if We contact you, We may keep a record of that correspondence.
- Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.
We will inform you at the point of collecting information from you, whether you are required to provide further information to Us which shall always be processed in accordance with the terms of this Policy.
Information We Collect From Other Sources
We collect most of this information from you. However, We may also collect information:
- from publicly accessible sources, e.g. Companies House, HM Land Registry or social media websites such as LinkedIn;
- from your colleagues or third party business contacts who have referred you to Us, or put you in touch with Us;
- from a third party with your consent, e.g. your bank or building society, insurance providers.
If you have also provided Us with personal information about any other person, you confirm that he/she consents to Our use of his/her personal data and that you have informed him/her of Our identity and provided him/her with a copy of this policy.
USES MADE OF YOUR INFORMATION
Lawful basis for processing
We rely on performance of a contract as the lawful basis on which We collect and use your personal data in order to fulfil Our contractual obligations (whether in relation to Our provision of Our services to you or in relation to Our receipt of services from you) pursuant to an agreement We have entered into with you.
We rely on legitimate interest as the lawful basis on which We use your personal data where:
- We collect and use your personal data in order to fulfil Our obligations to Our clients.
- We collect and use your personal data in order to fulfil Our contractual obligations (whether in relation to Our provision of Our services or in relation to Our receipt of services) pursuant to an agreement We have entered into with an organisation that has engaged you.
- We send you marketing or promotional information or provide you with legal updates and invitations to seminars and events that We organise.
Purposes of processing
We use information held about you in the following ways:
- In connection with the services that We provide to Our clients and in accordance with Our obligations to those clients.
- To respond to any communication received from you.
- To carry out Our obligations arising from any contracts entered into between Us and you or your organisation.
- To notify you about changes to Our service.
- To ensure that content on the Website is presented in the most effective manner for you and for the device(s) you use to access and view the Website;
- To provide you with information that you request from Us.
- To invite you to participate to seminars, marketing and networking events that We organise.
In addition to the above uses We may use your information, to notify you about goods or services and updates about legal developments, and Our services, which may be of interest to you. We rely on legitimate interest as the lawful basis on which We use your personal data for this purpose. If you do not want Us to use your data in this way please either (i) tick the relevant box situated on the form on which We collect your data (for example, the contact form); (ii) unsubscribe from Our electronic communications using the method indicated in the relevant communication; or (iii) inform Us at any time by contacting Us at the contact details set out below.
DISCLOSURE OF YOUR INFORMATION
We will never sell your information or pass it to any third party for marketing purposes or for any other purpose unconnected with Our business.
We may pass your information to Our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on Our behalf (e.g. to Our consultants and to host Our servers), in which case We will impose contractual obligations on them to ensure they are only allowed to use your information to complete those tasks and that they take appropriate measures to protect your personal data.
We may also disclose your personal data to third parties:
- in the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets; or
- if We or substantially all of Our assets are acquired by a third party, in which case personal data held by Us about Our customers will be one of the transferred assets; or
- if We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply Our Letter of Engagement or other agreement with you; or
- to protect Our rights, property, or safety or that of Our clients or any third party We interact with.
Other than as set out above, and save insofar as is necessary in order for Us to carry out Our obligations arising from any contracts entered into between you and Us, We will not share your data with third parties unless We have procured your express consent to do so.
STORING YOUR PERSONAL DATA
We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
Keeping your personal data up to date
If your personal details change or if you have any questions about how We use data collected which relates to you, please contact Us by sending an email to the contact details below.
We will endeavour to update your personal data within seven (7) working days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is as accurate and up to date as possible.
How long We keep your personal data
We retain personal information for the period reasonably necessary for the purpose for which it was collected. In particular:
- We store all personal information collected in connection with services that We provide to Our clients, e.g. emails that We exchange with you that contain instructions or information required for Us to perform Our services, for so long as the relevant client remains a client of the firm, and for a reasonable period thereafter to enable Us to resolve any disputes, enforce Our rights, respond to queries, and perform services for the relevant client in the future.
- We store and retain your personal data in Our business contact database for so long as you remain a client (or a contact person for Us in respect of a client) and for up to 10 years thereafter.
Where We store your personal data
All information We hold about you is stored on secure servers provided by Our third party service provider within the EEA.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- access to your personal data and to certain other supplementary information that this Policy is already designed to address
- require Us to correct any mistakes in your information which We hold
- require the erasure of personal data concerning you in certain situations
- receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal data concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to Our continued processing of your personal data
- otherwise restrict Our processing of your personal data in certain circumstances
- claim compensation for damages caused by Our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to Us
- let Us have enough information to identify you, including your name, organisation name and e-mail address,
- let Us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let Us know the information to which your request relates.
HOW TO COMPLAIN
We hope that We can resolve any query or concern you raise about Our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.