Purpose

The purpose of this Notice is to provide you with information about the types of data we process about you, what we do with your data, and why we do it.

The types of data we process

We process personal data about different categories of people, including our clients, people involved in matters we act on for our clients, people who we or those working with us have relationships with, and third parties who interact with us (either directly or through our website).

Given the nature of the services we provide, the types of data we process are varied, but will usually include full names, contact details, and associated client information. Depending on the nature of our relationship with you, we may also process information about your business and company affiliations; identification (including copies of your passport); financial affairs; family, lifestyle and social circumstances; education and employment background; the services we provide to you or your company; your preferences; your relationship with our staff and consultants; the goods or services you or your company provide us; and your use of our website.

We may also process special categories of personal data about you, in which case we take particular care to only process such data in accordance with the strict legal parameters. This type of data can include information about your health (including information you provide about your dietary requirements when attending meetings – see below); racial or ethnic origin; religious or political beliefs; trade union membership; sex life or sexual orientation; genetic or biometric data; or philosophical beliefs.

We may obtain personal data from you directly, from our clients, from third parties involved in matters we act on for our clients, and from other third parties (including publicly available information). Such third parties might include, for example, recruitment agencies, regulators, suppliers and professional bodies.

For our clients

Where you are our client:

·       it will sometimes be necessary for you to provide us with information directly, if so, it is your responsibility to ensure that such information is complete in all material respects and not misleading. The accuracy and appropriateness of our advice may be affected as a consequence of your failure to do so;

·       you may also provide us with personal data about other people. Please ensure you provide them with a copy of this Notice, where appropriate to do so;

·       if any information changes, please let us know so that we can keep it updated on our systems;

·       please see the specific section below relating to the client due diligence information we collect.

What we do with your data

We process personal data for the purpose of providing legal services to our clients and also for our own general business purposes including (without limitation):

·       fraud prevention, anti-money laundering, anti-bribery and for the prevention or detection of crime;

·       ensuring the safety and security of our people, other clients and any premises (where we may also use CCTV);

·       disclosures to our auditors, our own legal and other professional advisors, our banks, insurers, and insurance brokers;

·       administering our clients' accounts with us, including providing e-billing services and tracing and collecting any debts;

·       managing our business performance, assessing client satisfaction (eg by surveys), enhancing the client experience, conducting specific tests on or developments to our existing or new systems, networks, applications and software, and general improvement of our services;

·       advertising, marketing and public relations, including sending you direct marketing communications (insofar as we are permitted by law) – see further details below.

The basis on which we process your data

We will only process your personal data where we have a lawful ground(s) for doing so.

In general, our lawful basis will be one or more of the following, that the processing is necessary for:

·       the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract;

·       compliance with our legal obligations;

·       the purposes of pursuing our legitimate interests (this includes carrying out the business of providing legal services and pursuing our general business interests);

·       the establishment, exercise or defence of legal claims;

·       a task carried out in the public interest/reasons of substantial public interest.

We may also process personal data on the basis that you have provided your consent, for example, through instructing us on a matter (including, in some instances, in respect of special categories of personal data about you – such as, data about your racial or ethnic origin, political opinions, religious beliefs or data concerning your health). Please note that you have the right to withdraw any such consent, which you can do by getting in touch with us using the contact details below.

Who we share your data with

In providing services to our clients and in complying with our legal obligations, we may share the personal data that we obtain about you, insofar as we are permitted by law to do so, with the following third parties:

·       third parties involved in any matter, including (without limitation) courts, tribunals, counterparties, experts, counsel, private investigators, and other third parties involved in a matter;

·       suppliers and service providers used by us in providing services, details of which can be made available on request, including (without limitation) postal services, document storage facilities, and IT service providers such as cloud providers of software as a service, data room providers and providers of our IT servers;

·       financial organisations, debt collection, credit reference and tracing agencies;

·       our auditors, our own legal and other professional advisors, our banks, insurers and insurance brokers;

·       government agencies (including Her Majesty's Revenue & Customs), regulators and other authorities (including (without limitation) the Information Commissioner and Ombudsmen); and

·       our and your trade associations, professional bodies and business associates.

How long we keep your data for

We keep personal data in accordance with our own retention procedures which are determined in accordance with our regulatory obligations and good practice.

These periods depend on the nature of the information being retained (for example, we apply different retention periods to our staff information as opposed to information on our client files) and are subject to change.

Client due diligence

As a law firm we are subject to certain requirements under anti-money laundering/counter-terrorist financing regulations and so we are required to obtain client due diligence information and documentation (CDD) in order to comply with our regulatory requirements.

CDD, which may include personal data about you, may be obtained from you directly or from publicly available sources or third-party information providers (such as company and risk intelligence databases). We may also confirm your identity using a credit reference agency, which may leave a "soft footprint" on your record, showing that someone in the legal sector has searched it.

We process CDD only for the purpose of complying with our regulatory obligations including, but not limited to, for the purposes of the prevention of money laundering and terrorist financing. Our lawful basis for this processing will generally be that such processing is necessary for the performance of a task carried out in the public interest, that the processing is necessary for compliance with a legal obligation to which we are subject, and/or that the processing is necessary for reasons of substantial public interest.

Please note that we require CDD in order to determine whether we can accept you as a client or proceed with a particular instruction from you (including assessing any third parties associated with this instruction). Therefore, if you do not provide the CDD we have requested, we are unlikely to be able to provide services to you.

Direct marketing

We may use your contact details to send you marketing materials, provided we are permitted to do so by law.  You always have the right to unsubscribe from any marketing. You can do so by contacting us directly using the details below.

Our marketing emails may contain cookies or similar technology to enable us to understand how you have interacted with our content including whether and when you opened our email.  If you are unhappy with this, please ensure you unsubscribe from our marketing.

Attendance at events

When you attend events or meetings arranged by us, you may choose to provide us with details of your dietary requirements and such information may include special category data. We will pass this information on to the relevant catering teams accordingly, who will be third parties contracted by the Firm.  You have the right to withdraw your consent to our processing of this information at any time by contacting us using the details below.

At some events there may be a photographer and/or film-maker present and the images they provide may be used for publicity and marketing purposes. This might include (but is not limited to), use in printed and online publicity, social media and press releases. If you would prefer us not to use your image, please contact the event organiser or speak to one of our staff onsite at the event.

Call recording software

Although it is not routine, in some instances, we may record telephone calls when using call conferencing software. In any case where you are on a call that is being recorded, you will hear an automated notification.  Generally, our purpose for recording the call will be to enable us to have a record of the discussion typed up and we will usually delete the recording once we have done so. However, in some instances we may retain a copy for longer insofar as is necessary. The recording may be temporarily stored by a third-party call conferencing software provider, on their servers outside the UK and outside the European Economic Area (EEA). The necessary standard contractual provisions are in place for this transfer.

E-signatures

In order to make signing contracts easier, we may use e-signature software. This involves inputting your contact details into our third-party e-signature software and uploading the relevant contract for signature, which may contain personal data about you. In general, the data will be stored on servers within the EEA and will be deleted following a short retention period.

Using our website: Cookies

There are some specific details we want to share with you regarding the use of our website, particularly in relation to Cookies.

A Cookie (in this more boring context) is a small file downloaded on to your computer or device when you access certain websites.  Generally Cookies identify you through your IP address and do not collect information about your identity.  For more information about Cookies please visit www.allaboutcookies.org.

Cookies allow us to distinguish you from other users of our website and help us to provide you with a good experience when you browse our website and also allow us to improve our website. We use Cookies for the purposes of:

·       understanding what brought you to our website and what pages you visited;

·       remembering you when you return to our website; and

·       providing you with safe restricted access areas.

You can manage Cookies by changing your browser settings to block or delete cookies. To find out how, visit www.allaboutcookies.org.  Please note that if you block all cookies you may not be able to access parts of our website.

Chamberlain Hamnett

Chamberlain Hamnett is a UK based law firm.  However, we undertake work globally and so your personal data may be processed by us in countries outside the UK and outside the EEA.

Your rights

You have the right to lodge a complaint with the Information Commissioner in respect of our processing of your personal data. Information can be found at www.ICO.org.uk. If you would like to raise your complaint with us in the first instance, please follow our Complaints Procedure which is available on request.

You may have rights under data protection laws to request from us access to, rectification of, or erasure of your personal data. You also have the right to request the restriction of any processing or to object to our processing of your personal data. Finally, you have the right to data portability. You can find more information about your rights at www.ICO.org.uk.

How to contact us about any matter raised in this notice

You can contact us via one of our partners who via doogie@cham.law.