Listening and protecting
DRAPER LANG LLP - CLIENT PRIVACY NOTICE
We are committed to respecting your privacy and the privacy of any of your employees, workers, contractors or other business contacts (together referred to as “Individuals”).
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, Individuals’ rights in relation to Individuals’ personal information and on how to contact us in the event you or any Individual has a complaint.
This notice applies to our current and past clients and their Individuals who are living persons.
References to we, our or us in this privacy notice are to the “Group”, being Draper Lang LLP and the Employment Law Partnership Limited. Details of our trading entities are as follows:
Draper Lang LLP is a limited liability partnership company incorporated in England and Wales. Registered Number: OC371676. Registered Office: 12A Hart Street, Henley on Thames, Oxon RG9 2AU
The Employment Law Partnership Limited is a limited company incorporated in England and Wales and regulated by the Royal Institution of Chartered Surveyors. Registered Number: 07912413. Registered Office: 12A Hart Street, Henley on Thames, Oxon RG9 2AU
For the purposes of this notice the controller is the Group entity that you or your business has engaged.
When you / Individuals interact with us in relation to our work, you / they may provide us with or we may obtain personal information about you / them (subjects). The subjects may be you (if you have engaged us as an individual client), your Individuals, the living persons that you may wish to contract with or persons that you may have a dispute with. The information we may obtain includes:
You may also provide us with or we may collect, store and use the following “special categories” of more sensitive personal information regarding subjects:
We obtain the information regarding subjects from you, as part of our work for you and as a result of our investigations in pursuit of your instructions to us. We may, instruct third parties (such as enquiry agents) to obtain personal information regarding subjects.
If you are providing information regarding subjects to us, it is your responsibility to ensure that you have the right to provide the information to us.
We will only use personal information regarding subjects in accordance with applicable data protection legislation, including the Data Protection Act 1998 and the EU General Data Protection Regulation and its UK implementing legislation (the Data Protection Act 2018).
Most commonly, we will subjects’ personal information in the following circumstances:
We may also use subjects’ personal information in the following situations, which are likely to be rare:
We need all the categories of information in the list in paragraph 1 above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use subjects’ personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. These legitimate interests are to manage our relationship with you, determine our respective rights and obligations and to properly conduct our business. There may be more limited circumstances where we process personal data pursuant to your or a subjects’ consent.
The situations in which we will process subjects’ personal information are listed below.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of subjects’ personal information.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.
We will only use subjects’ personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use subject’s personal information for an unrelated purpose, we will (if required by law) notify the subject and explain the legal basis which allows us to do so.
Please note that we may process subjects’ personal information without the subject’s knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
“Special categories” of particularly sensitive personal information require differing levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect the subject’s interests (or someone else’s interests) and the subject is not capable of giving consent, or where the subject has already made the information public.
We will use the subject’s personal information in the following special categories in the following ways:
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as set out in paragraph 8 below. Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We may share subjects’ personal information where it is necessary to administer the working relationship or we have a legitimate interest in so doing. We may also disclose subjects’ personal information to third parties if we are under a duty to disclose or share subjects’ personal information in order to comply with any legal obligation, or in order to enforce or apply such other terms as apply to our relationship, or to protect rights, property, or safety of our other employees, workers and contractors our customers, ourselves or others where we have a legitimate interest in doing so. This includes exchanging information with other companies and organisations for the purposes of providing references and fraud protection.
”Third parties” includes third-party service providers (including consultants, Counsel and designated agents) and other entities within the Group.
The third parties we share subjects’ personal information with where required by law are courts and governmental agencies.
The third parties we share subjects’ personal information with where it is necessary to administer the working relationship with you include (where you are a consultant) the client of ours for whom you are ultimately providing services to.
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect subjects’ personal information in line with our policies. We do not allow our third-party service providers to use subjects’ personal data for their own purposes. We only permit them to process subjects’ personal data for specified purposes and in accordance with our instructions.
We may share subjects’ personal information with other third parties, for example in the context of the possible restructuring of the business. We may also need to share subjects’ personal information with a regulator or to otherwise comply with the law.
In certain cases the disclosure of subjects’ personal information to a third party as described in this paragraph 3 may involve subjects’ personal information being transferred outside of the United Kingdom. This may be to:
For more information about the circumstances in which subjects’ personal information may be disclosed to third parties and the safeguards we put in place to protect subjects’ your personal information when we do so, please contact us as described in paragraph 8.
We have put in place appropriate security measures to prevent subjects’ personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to subjects’ personal information to those employees, agents, consultants, contractors and other third parties who have a business need to know. They will only process subjects’ personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
The duration for which we retain subjects’ personal information will differ depending on the type of information and the reason why we collected it. However, in some cases personal information may be retained on a long term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement we retain all electronic records for a period of 15 years.
It is important to ensure that the personal information we hold about you / subjects is accurate and up-to-date, and you should let us know if anything changes, for example if you /subjects move home or change phone number or email address. You can contact us using the details in paragraph 8 or via your usual Group contact.
Under certain circumstances, by law subjects have the right to:
If you want to review, verify, correct or request erasure of your or any subjects’ personal information, object to the processing of such personal data, or request that we transfer a copy of such personal information to another party, please use the contact details in paragraph 8.
Subjects will not have to pay a fee to access their personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if any request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you or the subject to help us confirm your / their identity and ensure the right to access the information (or to exercise any other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Your confidence in us is important and we would not wish to give you any cause for concern, however if you do have any concerns about how we use your or any subjects’ personal information, please contact us as described in paragraph 8 and we would be happy to discuss this with you further. If necessary, you may make a complaint as set out in our terms of business.
If we are unable to resolve your complaint, you may make a complaint to the Information Commissioner’s Office. Please see https://ico.org.uk/for-the-public/raising-concerns/ for more information.
We reserve the right to alter this privacy notice at any time. Such alterations will be posted on our website at http://www.draperlang.co.uk/footer/privacy-policy. You can also obtain an up-to-date copy of our privacy notice by contacting us as described in paragraph 8. Should you object to any alteration, please contact us.
If you need to contact us about this notice or any matters relating to the personal information we hold on you, you can do so via your usual contact or via our Data Privacy Manager, David Blomfield by email at firstname.lastname@example.org
We hope that the contents of this privacy notice address any queries that you may have about the personal information we may hold about Subjects and what we may do with it. However, if you do have any further queries, comments or requests, please contact us as described in paragraph 8 above.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
DRAPER LANG LLPMay 2018