Privacy Policy
“Clients” includes natural persons who have engaged us to provide
legal advice to them in their personal capacity;
“Authorised Persons” includes natural persons who have instructed
us on behalf of a company, partnership, trust, estate, agency, department,
corporate body of any description or any other group or organisation; and
“Subscribers” includes natural persons that have signed up to one
of our newsletters or bulletins, have attended or registered to attend
one of our events or follow us on social media.
IMPORTANT INFORMATION AND WHO WE ARE
This policy applies to the personal data of past and present
Clients, Authorised Persons and Subscribers. Please note that you may fall
in to more than one of these categories so we may hold your personal data in a number
of capacities. If you are a past or present employee, member or consultant of the firm,
we will hold further personal data about you.
This policy does not form part of any contract that you may have with the Firm.
It is provided for information purposes only.
Controller
Provenio Litigation LLP is a ‘data controller’ and responsible for deciding how we hold
and use your personal data. We are required under data protection laws to notify
you of the information contained in this policy.
Contact Details
For further details please contact data@proveniolaw.com or write to us at:
Data Protection, Provenio Litigation LLP, 7th Floor, Walker House,
Exchange Flags, Liverpool L2 3YL.
You have the right to make a complaint at anytime to the
Information Commissioner’s Office(ICO), the UK supervisory authority
for data protection issues (www.ico.org.uk). We would, however, appreciate
the chance to deal with your concerns before you approach
the ICO so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review.
This version was last updated on 20 September 2019.
It is important that the personal data we hold about you is accurate
and current. Please keep us informed if your personal data changes
during your relationship with us.
Third-party links
This website may include links to third-party websites,
plug-ins and applications. Clicking on those links or enabling those
connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible
for their privacy statements. When you leave our website, we encourage you
to read the privacy policy of every website you visit.
Registrations
Our limited liability partnership registration number is OC421348.
Our ICO registration number is ZA501904.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information
about an individual from which that person can be identified. It does not include
data where the identity has been removed (such as anonymous data).
There are some ‘special categories’ of more sensitive personal data which
require a higher level of protection.
Clients and Authorised Persons
We collect, store and use some or all of the following categories
of personal information about Clients and Authorised Persons:
1. Client take-on information: name, title, address, telephone number,
email address, job title, photographic identification, date of birth, credit check;
2. File information: name, title, address, telephone number,
email address, job title, bank account details;
3. Matter information: the categories of personal information that we hold
about you for the purposes of specific matters that we are providing advice on
will vary according to the type of matter. Where we have collected
this information other than from you, we will always ask
you to confirm its accuracy. By way of example this category may include,
amongst other things: tax details, employment details, directorships,
shareholding details or personal correspondence;
4. Relationship information: title, name, address, telephone number,
email address job title, client relationship details (i.e. length of relationship,
contacts engaged with at the Firm, calls, meetings and other engagement
with the Firm), services details (number of engagements,
references, reviews and testimonials) and dietary preferences;
5. Marketing information: name, title, address, telephone number,
email address, job title,company, engagement details (click-throughs, open rates,
bounce rates, return to sender notifications) event attendance history,
dietary preferences, payment details and marketing preferences;
6. Social media information: username, company details and
engagement details (shares, likes, retweets, reactions, comments); and
7. Monitoring: CCTV footage, swipe/fob records, PC login details,
use of our IT and communications systems, vehicle details. We may also collect,
store and use the following ‘special categories’ of more sensitive personal
information about Clients and Authorised Persons:
8. Relationship information (sensitive): special access
requirements, allergies; and
9. Matter information (sensitive): The categories of personal information
that we hold about you for the purposes of specific matters that
we are providing advice on will vary according to the type of matter.
Where we have collected this information other than from you, we will always ask
you to confirm its accuracy. By way of example this category may include,
amongst other things: race or ethnicity, philosophical or religious beliefs, political
opinions, trade union membership, medical conditions, prescriptions,
surgeries, medical history, disabilities, biometric data and sexual orientation.
Subscribers
We collect, store and use some or all of categories of personal information
set out in paragraphs 4, 5, 6 and 7 above under the Clients and Authorised Persons
heading as it relates to Subscribers.
We may also collect, store and use the same ‘special category’ of more
sensitive personal information about Subscribers as set out in paragraph 8 above.
If you fail to provide certain personal information when we request it,
we may not be able to perform our contract with you properly (such as providing you
with legal advice) or we may be prevented from achieving our legitimate interests
(such as engaging with you on social media).
We have a statutory obligation to conduct the checks that we use the client
take-on information of Clients and Authorised Persons for. If you choose not to provide
that information, we will not be able to engage you as a client of the Firm.
HOW IS YOUR PERSONAL DATA COLLECTED?
Clients and Authorised Persons
As part of our file opening procedures, we will collect personal information
in categories 1 and 2 above directly from Clients and Authorised Persons.
When we take instructions, we will collect personal information
in categories 3 and 9 above directly from Clients and Authorised Persons.
We may also obtain further information about specific matters from other sources
including publicly available registers, court transcripts, credit searches
and private investigators.
Over the course of our relationship, we will collect personal information
in categories 4 and 5 above directly from Clients and Authorised Persons.
We may also collect further information from other sources such as
Companies House or market information providers.
When Clients and Authorised Persons engage with our social media accounts
on Facebook, Twitter and Linkedin, we collect personal information in category 6 above
either from Clients and Authorised Persons directly or from social media platforms.
When Clients or Authorised Persons visit our premises or use our IT
or communications systems, we collect personal information falling within
category 7 above.
Subscribers
We collect personal information in categories 4, 5 and 8 above directly
from Subscribers over the course of our relationship, this may be when you attend
one of our events, sign up to a newsletter, when you instruct us on a matter,
or some other time when you engage with us directly.
We may also source some of this information from other sources such as
Companies House or market information providers.
We collect personal information in category 6 above either from you directly
or from social media platforms when you engage with our social media accounts
on Facebook, Twitter and Linkedin.
We collect personal information falling within category 7 above when Subscribers
visit our premises or use our IT or communications systems.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to.
Most commonly, we will use your personal data in the following circumstances:
• where we have obtained freely given, specific, informed and unambiguous
consent from you to use your personal data in certain ways;
• where we need to perform the contract we are about to enter into
or have entered into with you;
• where it is necessary for our legitimate interests (or those of a third party)
and your interests and fundamental rights do not override those interests; or
• where we need to comply with a legal obligation.
Click here to find out more about the types of lawful basis
that we will rely on to process your personal data.
Purposes for which we will use your personal data
Clients and Authorised Persons
Below, we have set out the purposes for which we use each category
of personal data and the lawful bases which are relevant to those purposes.
We use your take-on information to conduct certain compliance
checks that we are required to carry out by law, these include conflict of interest,
‘know your client’ and anti-money laundering searches. Our lawful basis for
this is that we have a legal obligation to conduct these checks.
We use your file information for communicating with you during
the course of our engagement, this includes taking your instructions,
providing legal advice and invoicing for fees and disbursements.
We use your matter information to provide legal advice to you.
In both cases, for Clients, our lawful basis for this is that it is necessary
in order to perform the contract for legal services that we have with you.
In both cases, for Authorised Persons, our lawful basis for this is
that it is necessary in order to pursue the legitimate interest of the entity
you represent in seeking legal advice.
We use your relationship information to manage our relationship
with you at all times. Our lawful basis for this is that it is necessary in order
to pursue our legitimate interests in creating deep and lasting relationships with
our Clients and with Authorised Persons.
We use your marketing information for marketing purposes, this includes
contacting you with relevant newsletters, bulletins and other
information about our services, inviting you to events and measuring engagement
with our communications to ensure that the content that we create is relevant
and useful. Our lawful basis for this is your consent. You have the right to withdraw
this consent or amend your marketing preferences at any time by contacting
data@proveniolaw.com.
We hold your social media information in the course of operating our
social media accounts on Twitter, Facebook and LinkedIn. Our lawful basis for this
is that it is necessary in order to pursue our legitimate interest in maintaining
a visible, engaging and relevant social media presence.
We use monitoring to ensure network and information security,
including preventing unauthorised access to our systems and preventing malware
distribution and to ensure compliance with our IT and communications policies.
Our lawful basis for this is our legitimate interests in securing
our information and systems.
‘Special categories’ of particularly sensitive personal information require higher
levels of protection. We need to have further justification for collecting,
storing and using this type of personal information. Below we have identified
the further justification on which we are relying to process Clients’
and Authorised Persons’ special category personal data. We have in place
an appropriate policy and safeguards which we are required by law
to maintain when processing such data.
We use relationship information (sensitive) to ensure that our office and events
are inclusive and accessible to all our Clients. Our lawful basis for this
is our legitimate interest in ensuring that Clients and Authorised Persons can access
and make use of our office and events. Our further justification is that
any information that we use to ensure accessibility is information that you
have manifestly made public.
We use matter information (sensitive) to provide legal advice to you.
For Clients, our lawful basis for this is that it is necessary in order to perform
the contract for legal services that we have with you. For Authorised Persons, our lawful
basis for this is that it is necessary in order to pursue the legitimate interest
of the entity you represent in seeking legal advice. Our further justification is that
it is necessary for the establishment, exercise or defence of legal claims.
Subscribers
The purposes for which we use each category of personal data
and the lawful bases which are relevant to those purposes for Subscribers
are set out below.
We use your relationship information to manage and strengthen our relationship
with you at all times. Our lawful basis for this is necessary in order to pursue
our legitimate interests in creating and maintaining deep and lasting relationships
with our contacts.
We use your marketing information for marketing purposes, this includes
contacting you with relevant newsletters, bulletins and other information
about our services, inviting you to events and measuring engagement
with our communications to ensure that the content that we create is relevant
and useful. Our lawful basis for this is your consent. You have the right to withdraw
this consent or amend your marketing preferences at any time by contacting
data@proveniolaw.com.
We hold your social media information in the course of operating
our social media accounts on Twitter, Facebook and LinkedIn. Our lawful basis
for this is that it is necessary in order to pursue our legitimate interest in maintaining
a visible, engaging and relevant social media presence.
We use monitoring to ensure network and information security,
including preventing unauthorised access to our systems and preventing malware
distribution and to ensure compliance with our IT and communications policies.
Our lawful basis for this is our legitimate interests in securing our
information and systems.
As with our Clients and Authorised Persons, we have identified
the further justification on which we are relying to process Subscribers’ special
category personal data. We have in place an appropriate policy and safeguards which
we are required by law to maintain when processing such data.
We use relationship information (sensitive) to ensure that our office and events
are inclusive and accessible to all our clients. Our lawful basis for this is our
legitimate interest in ensuring that Subscribers can access and make use of our office
and events. Our further justification is that any information that we use to ensure
accessibility is information that you have manifestly made public.
Change of purpose
We will only use your personal information for the purposes for which
we collected it, unless we reasonably consider that we need to use it for another
purpose and that purpose is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify
you and we will explain the lawful basis which allows us to do so.
DISCLOSURE OF YOUR PERSONAL DATA
Data sharing
We share your data with third parties, including third-party service providers,
courts and other lawyers. We require all third parties to respect the security
of your data and to treat it in accordance with the law.
Third-party service providers require access to your personal data
in the course of providing their services to us. We engage third parties to provide
the following services: public relations and marketing, IT support, practice management
ssystems, document management systems, case management systems, printing
and reprographics support and event hosting services.
All third parties are required to take appropriate security measures to protect
your personal information in line with our policies. We do not allow third parties
to use your personal data for their own purposes. We only permit them
to access your personal data for specific purposes and in accordance
with our instructions.
We may also need to share your personal information with a regulator
to comply with the law.
International Transfers
We do not transfer your personal data outside the European Economic Area (“EEA”).
DATA SECURITY
We have put in place appropriate security measures to protect your
personal information from being accidentally lost, used or accessed in an unauthorised
way, altered or disclosed. In addition, we limit access to your personal information
to those people who have a business need to know. They will only process your personal
information on our instructions and they are subject to a duty of confidentiality.
We have put procedures in place to deal with any suspected data security breach
and will notify you and any applicable regulator of a suspected breach
where we are legally required to do so.
DATA RETENTION
We will only retain your personal information for as long as necessary
to fulfil the purposes we collected it for, including for the purposes of satisfying
any legal accounting, or reporting requirements.
We retain client take-on information in category 1 for 6 years from the date
that we take you on as a Client or open a client file on your instructions
as an Instructing Officer.
We retain relationship information in categories 4 and 8 for the period
of our relationship with you and for 2 years afterwards.
We retain marketing information in category 5 for the period
of our relationship with you and for 5 years afterwards.
We retain social media information in category 6 for the period during
which we are connected on any given social media platform only.
For details on how long we retain client file, matter file and monitoring
information in categories 2 – 4 and 7 – 9, please see our Retention Policy.
In some circumstances we may anonymise your personal information
so that it can no longer be associated with you, in which case we may use
such information without further notice to you.
Where you have chosen to unsubscribe from marketing communications,
we will retain your contact details to ensure that you are not sent any further
communications. This information will be held indefinitely.
YOUR RIGHTS
Under certain circumstances, you have the right under data protection laws to:
Request access to your personal information. This is commonly
known as a subject access request. This enables you to receive a copy
of the personal information we hold about you and to check
that we are processing it lawfully.
Request correction of the personal information that we hold about you.
This enables you to have any incomplete or inaccurate information we hold
about you corrected.
Request erasure of your personal information.This enables you to ask
us to delete or remove personal information where there is no good reason
for us continuing to process it. You also have the right to ask us to delete
or remove your personal information where you have exercised your right
to object to processing (see below).
Object to processing of your personal information where we are
relying on a legitimate interest (or those of a third party) and there is something
about your particular situation which makes you want to object
to processing on this ground. You also have the right to object where
we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information.
This enables you to ask us to suspend the processing of personal information
about you, for example if you want us to establish its accuracy
or the reason for processing it.
Request the transfer of your personal information to another party.
Request the reconsideration of an automated decision.
This enables you to ask us to reconsider a decision that was made solely
by automated means or to ask for human intervention.
If you want to review, verify, correct or request erasure of your
personal information, object to the processing of your personal data,
request that we transfer a copy of your personal information to another party
or request the reconsideration of an automated decision, please
contact data@proveniolaw.com.
No fee usually required
You will not have to pay a fee to access your personal information
(or to exercise any of the other rights). However, we may charge a reasonable fee
if your request for access is clearly unfounded or excessive. Alternatively, we may
refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm
your identity and ensure your right to access the information (or to exercise any of
your other rights). This is another appropriate security measure to ensure that personal
information is not disclosed to any person who has no right to receive it.
Time Limit to Respond
We try to respond to all legitimate requests within one month.
Occasionally it could take us longer than a month if your request is particularly
complex or you have made a number of requests. In this case, we will notify
you and keep you updated.
GLOSSARY
LAWFUL BASIS
Legitimate Interest means the interest of our business in conducting
and managing our business to enable us to give you the best service and the best
and most secure experience. We make sure we consider and balance any potential
impact on you (both positive and negative) and your rights before
we process your personal data for our legitimate interests. We do not use
your personal data for activities where our interests are overridden
by the impact on you (unless we have your consent or are otherwise required
or permitted to by law). You can obtain further information about how we assess our
legitimate interests against any potential impact on you in respect of specific
activities by contacting us.
Performance of Contract means processing your data where
it is necessary for the performance of a contract to which you are a party
or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is
necessary for compliance with a legal obligation that we are subject to.
THIRD PARTIES
Internal Third Parties
Other companies in the Provenio Group acting as joint controllers or processors
and who are based in the UK and Ireland and provide administration
services and undertake leadership reporting.
External Third Parties
• Service providers acting as processors based in the UK who provide
IT and system administration services.
• Professional advisers acting as processors or joint controllers
including lawyers, bankers, auditors and insurers based in the UK and Ireland
who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities acting as processors
or joint controllers based in the United Kingdom who require reporting
of processing activities in certain circumstances.