Square One Law LLP (Square One Law or we) respects your privacy and is committed to protecting your personal data.
For the purposes of the Data Protection Act 2018, the data controller is Square One Law LLP of Anson House, Fleming Business Centre, Burdon Terrace, Jesmond, Newcastle upon Tyne, NE2 3AE.
In our day to day business activity, we may need to collect information which identifies you as an individual, for example, so that you can take advantage of our services or so we can respond to a request or question from you. This privacy notice will inform you about the kinds of personal information we collect, how we look after it, what we use it for and tell you about your privacy rights and how the law protects you.
If you have any questions about this notice, including any requests to exercise your legal rights, please contact us on firstname.lastname@example.org. You can also contact us by post at the address above.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) if you have any concerns about how we collect and use your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so we ask that you contact us in the first instance.
Personal information we collect from you
We may collect the following personal information from you:
- name, job title and organisation
- contact information, including address, email address and telephone number
- information relating to the engagement for, and fulfilment of, legal services on your or your organisation’s behalf
- transaction data including details about payments to and from you and other details of services you have received from us
We may collect personal information from you in the following circumstances:
From direct interactions from you, for example:
- when you, either on your own behalf or on behalf of your organisation, engage us to perform services
by corresponding with us by telephone, email, post or otherwise for any reason
- in face to face meetings or events and when we take your business card
- when you register to attend one of our events or request to join our mailing list
We may also collect personal information about you from publicly available sources such as:
- Companies House
Where we need to collect personal data by law, or under the terms of an agreement we have with you and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
We may use your personal data in the following ways:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where we need it in order to operate our business, that is, where it is in our legitimate interests to use it and this does not have any adverse impact on, and rather provides a positive benefit to, you. For example, where you or your organisation becomes a client or you request information or a quotation from us relating to a service we offer
- when you become a client, in order to perform the contract we enter into or are about to enter into with you
- when you ask to receive communications from us about training, events or services we offer but you are not a client, we will send you such information where we have your consent to do so (you can withdraw this consent at any time by contacting email@example.com)
- to comply with a legal obligation to which we are subject, for example where we need to store records to comply with our regulatory requirements
Please note that your information may be used in our legitimate interest to send you details of similar services or events that we offer that we have identified as likely to be of interest to you if you are an existing client or have recently attended an event that we have hosted. This will be in accordance with the marketing preferences that you indicated when you provided your personal information to us and/or in line with the provisions on consent to marketing in the current e-privacy rules (Privacy and Electromic Communications Regulations 2002).
If at any point you would like to opt-out of receiving marketing communications from us, or would like to change the channels (such as email or post) that we use to contact you, please use the unsubscribe function on the communication, or contact us at firstname.lastname@example.org or use the postal address above.
We will not pass your personal data to third parties for marketing purposes unless you have given your consent that it is acceptable to do so.
Who we share your personal information with
We may have to share your personal data with third parties, including third party service providers acting as processors based in the UK who provide us with services such as IT cloud and system administration services.
We require all third parties with whom we share your personal data to respect the security of your data and to treat it in accordance with the law. We enter into appropriate written data processing agreements with our third party service providers and do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Other than with our third party service processors we will not share your data with third parties except in specific circumstances including:
- where required to do so to comply with a legal or regulatory obligation by regulators, government bodies and law enforcement agents or enforce our terms of business
- if Square One Law or substantially all of its assets are acquired by a third party, in which case personal data will be one of the assets acquired by the third party
- where it is necessary in order to carry out our services to you
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights include the right to;
- request access to your personal data
- request correction of your personal data
- request erasure of your personal data
- object to processing of your personal data
- request restriction of processing your personal data
- request transfer of your personal data
- withdraw consent to processing (note that we usually have other grounds for processing your personal data but if that changes and we process you personal data on the basis of consent, you have the right to withdraw the consent at any time)
In some circumstances the law may allow us to refuse your request.
You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you or to exercise any of the rights noted above, please write to email@example.com or at Compliance, Square One Law LLP, Anson House, Fleming Business Centre, Burdon Terrace, Newcastle upon Tyne, NE2 3AE.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may be entitled to refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner’s Office of a breach where we are legally required to do so.
International data transfers
We do not transfer your personal data outside the European Economic Area (EEA).
Length of data retention periods
By law and in accordance with professional conduct regulations, we have to keep basic information about our clients (including contact, identity, financial and transaction data) for a number of years following completion of the services we have performed for them. If you would like further details of our document retention policy please contact firstname.lastname@example.org.
Where you are not a client but have given us your personal data for another reason, for example to receive marketing communications from us, we will store this information until you request that we stop sending you such communications or until we have not heard from you for a period of 3 years.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require further explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at the following email address email@example.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Changes to the Privacy Notice and your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.