December 5th, 2019
SPG Law (a trading name of Excello Law Limited- SRA License Number 512898)
The term “Personal Data” means any information relating to you, who can be identified, directly or indirectly, by reference to other information that we have access to.
WHAT TYPE OF PERSONAL INFORMATION DO WE COLLECT?
The information described below is in addition to any personal data we are required by law to process in any given situation.
CLIENT DATA: When joining a litigation case, we may collect contact and identity details such as name, telephone number, email, postal addresses, date of birth, payment details, tax residence information, copies of photo identifications such as your driving license and/or passport/identity card, information about nationality/citizenship/place of birth, your national identification number, identity verification documents, and signature in order to comply with our legal and regulatory obligations.
We may also collect special categories of more sensitive data such as health, physical and mental health information, depending on the necessity of the legal case. We also hold information relating to your online engagement with material published by SPG, which we use to ensure that our marketing communications to you are relevant, timely and in accordance with your marketing preferences. Where relevant, we may also hold additional information that someone in your organisation has chosen to disclose to us. If we need any additional personal data for any reason, we will inform you.
SUPPLIER DATA: We may collect your contact details or the details of individual contacts at your organisation (such as names, telephone numbers, email and/or postal addresses). Depending on the circumstances, we may also collect bank details for payment purposes.
JOB APPLICANT DATA: We may collect your C.V., work history, name, contact details, details of professional status, records and qualifications, referees, salaries and social media profiles if you decide to apply for a job within our company.
PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS: To ask for a reference, we may need the referee’s contact details (such as name, email address and telephone number). We will also need these details if a Job Applicant or a member of our staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.
WEBSITE USERS: We collect a limited amount of data from our website users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, including the time and duration of visit, your CPU speed, the operating system/platform you are using, the frequency with which you access our website, your browser type, the location you view our website from, and the language you choose to view it in. We may record site traffic patterns, “clickstreams”, and the times that our website is most popular. If you contact us or submit an application for a consultancy via the website, we will collect any information that you provide to us, for example, your name and/or contact details. We may use that information to respond, assess and respond to your application or enquiry.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect personal data through the website in two ways:
- Personal data that we receive directly from you
2. Personal data that we collect automatically (see website users)
Personal data that we receive DIRECTLY FROM YOU:
• Where you contact us proactively, usually via an online form, by phone or email; and/or
• Where we contact you, whether by phone, email or any other form of communication.
WEBSITE USERS: When you visit our website, there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via our website, for example, when you submit a query.
• We collect your data automatically via cookies, in line with cookie settings in your browser.
HOW DO WE USE YOUR PERSONAL DATA?
The personal data that we collect is utilised to enhance our professional relationship with you:
CLIENT DATA – Below are the various ways in which we use your data in order to ensure the smooth running of our agreements and dealings with you:
- Professional services activities – Processing your data in order to store your details (and updating them when necessary) on our database, so that we can contact you in relation to our relevant activities; and keeping records of our conversations and meetings, so that we can provide targeted services to you and in order to comply with our legal and regulatory obligations.
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.
- Marketing activities – We may process your data for the purpose of targeting you with appropriate marketing and PR campaigns. Subject to any applicable local laws and requirements, we will only send you marketing and PR information.
If you are not happy about this, you have the right to opt out of receiving marketing and PR materials from us and can find out more about how to do so by emailing email@example.com
- To help us to establish, exercise or defend legal claims – In more unusual circumstances, we may use your personal data to help us to establish, exercise or defend legal claims.
SUPPLIER DATA: We will only use your information:
• To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements or our dealings with you;
• Facilitating our payroll and invoicing processes, for example, in relation to consultants or self-employed contractors;
• To help us to target appropriate marketing campaigns, where this arises and with your consent; and
• In more unusual circumstances, to help us to establish, exercise or defend legal claims.
• If you are not happy about this, you have the right to opt out of receiving marketing material from us and can find out more about how to do so by emailing firstname.lastname@example.org
PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES, EMERGENCY CONTACTS AND DEPENDENTS:
We will only use the information about you for the following purposes:
• If a Job Applicant or staff member put you down on our form as an emergency contact, we will contact you in the case of an accident or emergency affecting them; or
• If you were put down by a Job Applicant as a referee, we will contact you in order to take up a reference; or
• If you were put down by a staff member as a next of kin or dependent, we will store your personal data to ensure the personnel records of the staff member are correct and disclose your information to the relevant benefits provider.
• If you are not happy about this, you have the right to object and can find out more about how to do so by emailing email@example.com
WEBSITE USERS: We use your data to help us to improve your experience of using our website, for example, by analysing your recent search criteria to help us to present information to you that we think you will be interested in.
WHAT ARE OUR LEGAL BASES FOR PROCESSING YOUR DATA?
• We can process your data where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you, which require protection of personal data.
• You have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please contact firstname.lastname@example.org .
• To ensure that we provide you with the best service possible, we use and store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations and meetings.
• We think this is reasonable – we deem these uses of your personal data to be necessary for our legitimate interests in order to carry out our business activities.
• We have to make sure our business runs smoothly so that we can carry on providing services. We therefore also need to use your data for our internal administrative activities, such as invoicing where relevant.
• We have our own obligations under the law, which is a legitimate interest of ours to insist on meeting. If we believe in good faith that it is necessary, we may, therefore, share your data in connection with crime detection or tax collection.
• We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. Where you are a sole trader, we also hold your financial details, so that we can pay you for your services.
• We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS:
• If you have been put down by a Job Applicant or a member of SPG as one of their referees, we use your personal data in order to contact you for a reference.
• If a staff member has given us your details as an emergency contact, we will use these details to contact you in case of an accident or emergency. We have a legitimate interest to store this data and use it in appropriate circumstances on behalf of our staff.
• If a staff member has given us your details as a dependent or a next of kin, we will use your personal data as appropriate for the purpose of benefits or employment rights.
We have a legitimate interest to store this data and use it in appropriate circumstances on behalf of our staff.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.
• You have to give us your consent freely, without us putting you under any type of pressure;
• You have to know what you are consenting to – so we’ll make sure we give you enough information;
• We will keep records of the consents that you have given in this way.
• In some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you which are related to the services we provide as long as you do not actively opt-out from these communications.
• As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time by emailing email@example.com
We also have legal and regulatory obligations that we need to comply with.
• If we believe in good faith that it is necessary, we may share your data in connection with crime detection or tax collection.
• We also may share your data with regulatory agencies or other relevant bodies in order to comply with our regulatory obligations.
• We will keep records of your personal data (including personal data contained in communications and calls) in accordance with our legal and regulatory obligations.
We can process your data where we are carrying out necessary steps in relation to a contract to which you are a party or prior to you entering into a contract, for example, because you wish to instruct us to carry out legal services for you.
ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data, in connection with exercising or defending legal claims.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of people:
- Any of our offices;
• Individuals and organisations who hold information related to a Job Applicant’s reference or application to work with us, such as current or prospective employers and employment and recruitment agencies;
• Tax, audit, regulatory bodies or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, in connection with any anticipated litigation or in compliance with our legal and regulatory obligations);
• Third-party service providers (including suppliers) who perform functions on our behalf (including benefit providers such as pension providers, private medical insurance, dental insurance, and childcare providers, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, transport and distribution suppliers, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
• Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
• Marketing technology platforms and suppliers; and
• If SPG merges with or is acquired by another business or company in the future, we may share your personal data with the new owners of the business or company (and provide you with notice of this disclosure). We do not sell any personally identifiable information provided to us to any unrelated third party, but, as set out above, we may share it with related entities or with unrelated third parties in connection with our own marketing activities or the maintenance and operation of our site, or as may be legally required. Please do not to send confidential or sensitive information to us through this site.
HOW DO WE SAFEGUARD YOUR PERSONAL DATA?
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of necessary technical and organisational measures including but not limited to encrypted systems, to hold your personal data securely in both electronic and physical form.
All our Partners, staff, third party services and cross borders who have or may have access to your personal data, are instructed and subjected to confidentiality obligations. We take all the appropriate measures to maximally secure personal information and to deal with any suspected data breach.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate amount of time after we have parted ways, depending on local law requirements, type of data in question, any overarching legal and regulatory, our legitimate business and risk-management needs. We may, for example, be required to retain certain data for the purposes of tax reporting or responding to tax queries. In other instances, there may be some other legal, regulatory or risk-management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).
In determining the appropriate retention period for various types of personal data, in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we need to process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT YOU HAVE GIVEN TO US?
You retain various rights in respect of your data, even once you have given it to us. These are described below:
- Right to be informed
- Right to access*
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision making and profiling
*Right to access: This right enables you to ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. This is called Data Subject Access Request (SAR). We may ask you to verify your identity and for more information about your request. The SAR has no costs for you unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
To get in touch or exercise any of these rights, please contact us at firstname.lastname@example.org . We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
TRANSFERRING YOUR DATA INTERNATIONALLY
• to third parties (such as regulatory authorities, advisers or other suppliers to SPG)
• to overseas suppliers
• to a cloud-based storage provider
We want to make sure that your data are stored and transferred in a way that is secure. We will therefore only transfer data outside of the European Economic Area (EEA) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
• by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
• transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
• where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a client of ours); or
• where you have consented to the data transfer.
To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with, to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.
WHAT’S A COOKIE?
A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
Cookies are used by nearly all websites. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. You can disable cookies by using the link at the bottom of the page.