Last updated on 22 July 2023
What is personal data?
Personal data is any information that relates to an identified or identifiable natural person. For the purposes of GDPR, personal data means any information relating to an individual such as a name, an identification number, location data, online identified or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.
Who decides why and how we process your personal data?
We decide why and how we process your personal data. This includes, but is not limited to, the collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, or making available, alignment or combination, restriction, erasure, or destruction of your personal data.
What personal data we collect?
The categories of personal data we may collect and process, according to the particulars of each case, include:
- Identification and Other Background Verification Data: such as name, date of birth, educational background, employment, and professional history, copy of passport and utility bills.
- Contact Data: such as your telephone number and postal or email address.
- Compliance Details: Such as data that we are obliged to gather in compliance with legal requirements, this includes client due diligence information, such as proof of beneficial ownership or sources of funds, information related to anti-money laundering laws and regulations, international sanctions, and restrictive measures, as well as details of substantial legal disputes that might affect our capacity to execute our duties.
- Financial Data: such as payment related information or bank account details.
- Technical information: such as information from your visits to our website or in relation to materials and communications we send to you electronically, collected through cookies and other tracking technologies.
- Special Category Data: We process such sensitive information under limited circumstances, for instance, when we are legally or regulatorily obligated to do so or where you have provided us with such information as it is necessary for specific service, we are providing to you.
How we obtain your personal information?
We may collect or receive your personal data in a number of different ways:
- Where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions with us such as completing a form on our website.
- When a third party engages us to provide services and you hold an office or an interest in or have certain relationships with that third party.
- From publicly accessible databases or platforms – we might use these resources to ensure the contact information we have for you is precise and current, or for professional networking pursuits, like LinkedIn.
How will we use your personal data?
We are committed to using your personal data responsibly and in accordance with the applicable data protection laws. The ways we use your personal data are as follows (Permitted Purposes):
- Service Delivery: We primarily use your personal data to provide, administer, and improve our legal services. This may include using your data in legal proceedings, for drafting documents, or to conduct research pertinent to your case.
- Communication: We may use your contact information to communicate with you regarding our services, legal updates, newsletters, event invitations, and other information that may be relevant to you based on your interaction with us.
- Recruitment: If you apply for a job with us, we will use your personal data to process your application and assess your suitability for the position.
Website Improvement: We may use data collected from cookies and similar tracking technologies to enhance the functionality of our website, improve user experience, and to understand how our website is being used.
- Legal Compliance: We may use your personal data to meet our legal obligations, respond to requests from governmental bodies, or as necessary to manage risks and resolve disputes.
- Client Feedback: We may use your personal data to conduct surveys, seeking your feedback on our services, which helps us to improve and meet our commitment to delivering high-quality legal services.
What is our legal basis for processing your personal data?
The legal basis on which we handle your personal data varies, depending on the specific purposes for which we are using your data. We may rely on one or more of the following legal grounds:
- Consent: We might process your personal data when you have explicitly granted us permission to do so.
- Contractual Necessity: If we have a contractual agreement with you, we may need to process your data to fulfill our contractual obligations, or to take necessary actions upon your request before establishing a contract.
- Legitimate Interests: We may process your data when it is needed for legitimate interests pursued either by us or a third party. This only applies where it’s permissible and after thorough evaluations are conducted to balance any potential impact on your fundamental rights and freedoms, ensuring respect for your privacy.
- Legal Requirement: Sometimes we are legally obliged to process your data to comply with a law or regulation.
Your personal data may be disclosed under the following circumstances:
- We may share your data with other legal professionals, consultants, or experts who are directly involved in your case, in accordance with your instructions.
- If you request foreign legal advice, we may share your personal data with law firms overseas.
- In the process of providing legal services to our clients, if we collect your personal data, we may disclose it to the respective client and, where the law permits, to others for the provision of these services.
- For fraud prevention and crime detection, your personal data may be shared with organisations providing services such as credit risk reduction and anti-money laundering checks. This includes financial institutions, credit reference agencies, and regulatory bodies.
- Your data may be shared with courts, law enforcement agencies, regulatory authorities, or other legal practitioners when it’s reasonably necessary for the establishment, exercise, or defense of a legal or equitable claim, or for a confidential alternative dispute resolution process.
- Service providers, whether within the country or abroad, may also be given instructions to process your personal data for the Permitted Purposes. These service providers will always operate under our instructions, and we will retain control and responsibility for your personal data, implementing appropriate safeguards to ensure its integrity and security.
Beyond these situations, we will only disclose your personal data when you explicitly direct us or give us permission to do so, when we are obliged by legal or regulatory requirements, upon official or judicial requests, or when it’s necessary for us to investigate suspected fraudulent or criminal activities.
If you fail to provide personal data
Generally, the provision of your personal data to us is completely voluntary; typically, there are no adverse consequences if you opt not to provide this information or withhold consent. However, there are situations where we cannot proceed without certain personal data, such as when your instructions or orders necessitate the collection of personal data, or when we are required to perform a compliance screening as per legal mandates. In these instances, we unfortunately cannot fulfill your requests without first acquiring the necessary personal data, and we will promptly communicate this to you.
How do we keep your personal data safe?
We employ suitable technological and procedural safeguards to maintain the confidentiality and security of your personal data, in line with our internal guidelines concerning the storage, access, and disclosure of personal data. Your personal data may be stored within our digital systems or in physical file formats.
Personal data we receive from you about other people
Your personal information will be retained by us only as long as necessary to accomplish the Permitted Purposes or until you retract your consent, following the applicable laws (where relevant). Specifically, we will hold your personal data when needed to establish or protect against legal claims until the relevant retention period ends, the claims are resolved, or due to obligations under national or European law.
When deciding the suitable retention period for personal data, we take into account factors such as the volume, nature, and sensitivity of the personal data, the possible risk of damage from unauthorised access or disclosure of your personal data, the objectives of processing your personal data and if those objectives can be realised by other means, and the relevant legal obligations.
What rights do you have?
- Request access to your personal data. The right to access, update or delete the information we have on you.
- Request correction of the personal data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
- Object to processing of your personal data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your personal data on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request erasure of your personal data. You have the right to ask us to delete or remove personal data when there is no good reason for us to continue processing it.
- Request the transfer of your personal data. We will provide to you, or to a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw your consent. You have the right to withdraw your consent on using your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific services.
To do any of the above, please contact us at email@example.com .To enable us to process your request, we may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification. This is to ensure that we appropriately protect the personal data we hold from unauthorised access requests and comply with our security obligations.