Privacy

PRIVACY NOTICE
 
This notice is addressed to individuals who are either clients of Powell Gilbert LLP (we, our or us) in their own right, or representatives of a client (including prospective clients), visitors to our website or social media accounts, and other individuals that may deal with us, including suppliers and individuals related to a matter we are working on. We collectively refer to these categories of individuals as “you”.

If you are applying for a job, or you are a staff member of the firm, a different policy will apply, which will be provided to you.
 
It describes how we process that data when you deal with us, receive our services, visit our website www.powellgilbert.com (our site), interact with us via our social media accounts, complete a survey, or make a complaint.

1. Who we are and how to contact us
 
We are Powell Gilbert LLP of 85 Fleet Street, London EC4Y 1AE. If you have any questions about this policy, or how we process your personal data, email us at dataprotection@powellgilbert.com or call us on + 44 20 3040 8000.
 
If you have a complaint, we ask you to get in touch with us as soon as you can. You can, of course, make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues, at https://ico.org.uk/concerns/.
 
In this notice, we refer to our clients’ transactions, disputes and other situations requiring legal advice as “matters”. “SRA” refers to the Solicitors Regulation Authority.
 
2. Who is responsible for your personal data
 
For the purposes of the EU General Data Protection Regulation, as it is applied in the UK, we process your personal data as a controller.
 
It is important that the personal data we hold is accurate and current. Please inform us if your personal data changes during your relationship with us.
 
3. Changes to this policy
 
This notice was last updated on 25 May 2018. You can obtain previous versions by contacting us.
 
Any changes that we make to this policy in the future will be posted on this page and, where appropriate, notified to you by email.
 
4. Third-party links
 
Our site, and information that we may post on our site or via our social media accounts, may include links to third-party websites, plug-ins and applications for your convenience and information. If you use these links, you will leave our site or our accounts. When you access a site or social media account that is owned by a third party, we do not control the content and are not responsible, or liable, for how they process your personal data. For example, they may send their own cookies to users, collect data or solicit personal data from you.
 
5. Where we get your personal data from and how we use it
 
Your name, address and other contact details
 
We get these from you, or your organisation. We use these for:
 
  • If you are our client, communicating with you in connection with your matters, this being necessary to take steps at your request prior to entering into a contract, and the performance of our contract with you.
  • If you are a representative of our client, or are an individual connected to any matter on which we are advising, we use this information for communicating with you and your colleagues in connection with your organisation’s matters, which we have a legitimate interest in when entering into a contract, and performing our contract with your organisation.
  • If you or your organisation is a supplier, for agreeing our terms and managing our relationship with you, which we have a legitimate interest in doing, or, if you are an individual, for the performance of our contract with you.
  • Telling you about our services and legal issues which we believe will be of interest to you, this being necessary for promoting our business, which we have a legitimate interest in doing. See further detail about our marketing below.
  • Obtaining information from credit reference agencies about your ability to pay our charges, and then collecting and processing those charges, this being necessary for ensuring that we get paid promptly, which we have a legitimate interest in doing.
 
Information about your affairs
 
By this we mean information about the matter we are advising on which relates to you, including our communications with you or about you. We get this from you, other people connected with your affairs (e.g. other parties to your transactions and disputes), official sources (e.g. details of your company directorships and shareholdings from Companies House) and occasionally other public sources. We use it for:
 
  • Providing our services, this being necessary to take steps at your request prior to entering into a contract, and the performance of our contract, with you.
  • If you are a representative of our client, or are an individual connected to any matter on which we are advising, we use this information for communicating with you and your colleagues in connection with your organisation’s matters, which we have a legitimate interest in when entering into a contract, and performing our contract with your organisation.
  • Completing our file opening procedures, including avoiding conflicts of interest (i.e. between your interests and those of our other clients), this being necessary for complying with our legal obligations under common law and the SRA code of conduct for solicitors, and for the performance of our contract with you.
  • Dealing properly and fairly with complaints, this being necessary for complying with our legal obligations under the SRA code of conduct for solicitors and for the performance of our contract with you; we also have a legitimate interest in doing this to manage our business properly and maintain our relationships with our clients and other third parties.
  • Defending claims against us, for which we have a legitimate interest to manage our business properly
  • Managing payments, and collecting and recovering money owed to us.
  • Keeping proper business records (e.g. accounts and copies of invoices), this being necessary for complying with our legal obligations under The Companies Act 2006 and the SRA code of conduct for solicitors; we also have a legitimate interest in managing our business properly.
  • Keeping records of your identity and affairs, assessing the likelihood that money laundering or terrorism financing might be taking place, and notifying the appropriate authorities if necessary. We have a legitimate interest in doing this and, where they apply, this is necessary for complying with our legal obligations under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
  • Obtaining professional indemnity insurance and processing claims under the policy, this being necessary for complying with our legal obligations under The SRA Indemnity Insurance Rules 2013; we also have a legitimate interest in obtaining and benefitting from this insurance cover.
  • Sending you information in accordance with the SRA’s requirements, this being necessary for complying with our legal obligations under the SRA code of conduct for solicitors.
  • Conducting strategic business planning about our services and our clients, which we have a legitimate interest to do.
  • If you or your organisation is a supplier, for agreeing our terms and managing our relationship with you or your organisation which we have a legitimate interest in doing, or, if you are an individual for the performance of our contract with you.
  • If we sell part of all of our business, or restructure our business, then we may disclose appropriate personal data about you as necessary for that purpose provided we have in place appropriate confidentiality restrictions, which we have a legitimate interest to do.
 
Information we collect through your use of our website
 
This is personal data about the information you search for or view, your device you are using, its software, and the telephone and other unique numbers associated with it, the network you are using, and the unique address associated with your connection to the internet. We use this for presenting our website content to you in the best way and for testing and improving it, all this being necessary for ensuring its proper operation and for developing it, which we have a legitimate interest in doing.
 
Sensitive personal data / special categories of personal data
 
While it is extremely unlikely, depending on the nature of the services that we provide to you, we may collect special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic data. We may also need to collect information about actual or alleged criminal convictions and offences. We will tell you how we collect this type of data, and for what purposes, at the time.
 
Automated decision making
 
We provide a very personal service and we do not make any decisions which could have a legal effect, or other significant effect on you, based solely on automated processing of your personal data.
 
6. Change of purpose
 
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like to understand more about any of our purposes, please contact us. We will notify you to explain if we need to use your personal data for an unrelated purpose.
 
7. Marketing
 
We hope that you enjoy and value our marketing material. We may send you this information by various means, including email, text message, post, telephone, or social media. We respect your right to choose what marketing messages you receive. You can opt out of any marketing material that we send you at any time by clicking the unsubscribe link in our emails, unsubscribing from our social media accounts, or by contacting us.
 
We may ask you to confirm or update your marketing preferences over time, such as when you instruct us to provide further services in the future, or if there are changes in the law or the regulation or structure of our business.
 
8. How long we store your personal data
 
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  Where we no longer have a need to keep your information, we will delete or anonymise it. 
 
9. What personal data do you have to provide?
 
It is entirely up to you what personal data you provide, although if you withhold any relevant information our advice may be inadequate or inappropriate, or we may even have to decline to advise or continue providing our advice. However, if there is any indication of money laundering or terrorism financing by anyone, we may have to ask you for certain information and we will not be able to do any more work until you provide it. Your failure to provide it may trigger a report to the authorities. We will tell you when this is the case if we can, although the law may prevent us from doing so.
 
10. Transferring your personal data outside the EU
 
We do not generally transfer your personal data outside the UK or the European Economic Area (EEA), although we may do so for administrative reasons or on your request.  Wherever we do so, we will take legally required steps to ensure that appropriate safeguards are in place to protect your personal data, and you may contact us for an explanation of the basis on which we have done so and, where relevant, to request a copy of the legal safeguards which we have put in place.
 
We have no control over the routes emails take, and even emails exchanged between two people in the UK could appear on equipment in countries outside the EEA, where they may not be protected by strong privacy or data protection laws. You will probably not consider this an issue, but if you have any concerns please raise them with us and we will make alternative arrangements.
 
11. Keeping your personal data confidential – Disclosures to third parties
 
Our duty to keep information about you and your affairs confidential is set by law (including the SRA’s code of conduct for solicitors). In summary, we have to keep it confidential unless: (i) we need to disclose it in the course of providing our service to you; (ii) you have given us permission to disclose it to a particular person; or (iii) the law or a rule or order of the court requires us to disclose it.
 
We may need to disclosure your personal data to businesses that we use to support our services, this being necessary for them to provide that service (which we have a legitimate interest in them doing). For example, we may engage sub-contractors in providing our advice, such as consultants, or engage other professionals on your behalf. We also use support service providers such as IT support, cloud storage, off-site disaster recovery, storage, archiving, shredding, payment services, call answering and conference calling, marketing and advertising services, analytics, and search and social media information and optimisation services. Those businesses have all signed confidentiality agreements which only permit them to use personal data as necessary to provide their services to us, and that their staff had made appropriate confidentiality commitments.
 
We may also be required to disclose your personal data to our professional indemnity insurer in relation to any actual or potential claims.
 
If our business, or part of it, should ever be put up for sale, or we re-structure our business, we may allow potential buyers or transferees, to have access to your personal data and matter files after they have signed confidentiality agreements which restrict their use of it to that transaction.
 
12. Security
 
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  This includes:
 
  • We limit access to your personal data to those employees, consultants, or external third parties who have a business need to know. Where those parties act as our processors, they will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  • Our computer files - including backups and archives - are encrypted.
  • We take reasonable precautions to reduce the risk of hackers gaining access to our computers.
  • Third parties have access to our office very rarely, and when they do they are closely supervised.
  • Our office is kept locked whenever it is unattended.
  • Our staff receive regular data protection training.
 
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
 
If you would like to know more about our data security measures please contact us.
 
A warning about website security
 
Information carried over the Internet is not secure; information can be intercepted, lost, redirected, changed and read by other people. If you need to send us personal data securely then please contact your main point of contact.
 
13. Your rights
 
You have the right to ask us:
 
  • To receive a copy of the personal data we hold about you and to check that it is being lawfully processed.
  • Where the legal basis for our processing is your consent, or that it is necessary for the performance of our contract with you, you are entitled to receive a copy of your personal data (or have it passed to a third party) in a common and structured electronic format.
  • To correct your personal data if it is wrong and to complete it if it is incomplete.
  • How and why we are processing your personal data, the legal basis for that processing, who we have disclosed it to and who we will disclose it to (which we have done in this privacy notice).
  • To stop using your personal data for direct marketing.
  • To restrict our processing your personal data - you may want to do this while we consider your request to have it corrected.
  • To erase your personal data, but we will retain your data for the purposes of dealing with any claims or we have any other legitimate reason to retain it.
 
You also have the right:
 
  • To withdraw your consent to our processing your personal data (where that is relevant) at any time.
  • To object to how we are processing it, for example if we are processing it on the basis of a legitimate interest and that does not override your individual rights.
  • To complain to the Information Commissioner’s Office about our processing or our response to your requests and objections – www.ico.org.uk/concerns/ 0303 123 1113
 
No fee is usually required - You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or refuse your request, if your request is clearly unfounded, repetitive or excessive.
 
What we may need from you - We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
 
Time limit to respond - We try to respond to all legitimate requests. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
 
We will be pleased to discuss any of this with you.
 
 
© Powell Gilbert LLP 25 May 2018