This privacy has last been reviewed on 4 November 2020.
WHO WE ARE AND OUR APPROACH
We are CIS London & Partners LLP (we), and we are
committed to respecting your privacy.
We collect data about:
a) the users of this website;
b) individuals that subscribe to our newsletters, invitations, updates and
briefings (communications); and
c) our clients or their employees, agents and representatives, and we may
also collect data about the persons who transact or otherwise have legal
relationships with our clients
(you).
This privacy policy sets out how we collect, store, process, transfer,
share and use data by reference to which you can be identified ( personal data).
Before sharing your personal data with us, please make sure that you have
familiarised yourself with this privacy policy and contact us if any parts
of it are unclear.
TYPES OF PERSONAL DATA. PURPOSE OF PROCESSING. LAWFUL BASES AND
INDICATIVE RETENTION PERIODS
In collecting and processing your personal data we rely on one or
several lawful bases. Please refer to Table 1 below for the summary of
types of personal data, what it is used for, and on which lawful basis.
How long we store your personal data for depends on a number of
factors, but we never retain it longer than necessary for the purposes
for which it was collected. Please refer to the indicative retention
periods in Table 1 below.
Personal data provided by you
You submit your personal data to us when you subscribe to communications ( Public Services) or engage us to provide legal services to
you (Legal Services).
We always work to minimise the amount of your personal data in our
possession, and only request the personal data indispensable for the
rendering of the Public and/or Legal Services:
a) to render Public Services to you, we need to tailor our communications
to your needs and interests. To do this, we may need to collect your name,
contact information such as e-mail address and telephone number, and
information about your location and employment , such as company name and
job title; and
b) to render Legal Services to you, we need to comply with regulations
applicable to us, and have enough information to enable us to enter in a
contract with you and carry out our obligations before you. To this end:
-
we collect your identification and payment information including
your address and bank details; as well as information about your
other circumstances relevant to our engagement, determinable on a
case-by-case basis; and
-
you may need to provide other people’s personal data to us (e.g.
your family members, customers, employees, officers, shareholders
or beneficial owners). You must ensure that you have given those
individuals an appropriate notice that you are providing their
information to us and that they consent to that disclosure.
We have robust data protection policies in place. In the unlikely event of
a data breach affecting or capable of having affected your data, we will
notify you as soon as possible, but in any event within 48 hours of
becoming aware of the breach.
Personal data provided by a third party or collected by us independently
If you are our client, we may need to obtain additional information
relating to the subject matter of our engagement, and we may obtain it
independently from public registers and other third-party sources.
If you are not our client but have a legally significant relationship with
our client (for example, you are their family member or if you and our
client have entered or are about to enter into a contract), we may collect
your personal data within the framework of our client engagement. We will
notify you if this happens, unless we are legally exempt from this
notification requirement.
Table 1
PERSONAL DATA
|
PURPOSE
(HOW WE USE IT)
|
LAWFUL BASIS
|
INDICATIVE RETENTION PERIOD
|
Contact information.
Your name, phone number, address, email address.
|
Public Services:
we use this information to send you our newsletters,
invitations, updates and briefings.
|
Consent:
we use your personal data to the extent that you have given
a clear consent for us to process the data for this
purpose.
|
Until you terminate your subscription to our Public
Services.
|
Legal Services:
we use this information to provide Legal Services in
accordance with the terms of our engagement and communicate
with you in connection with the engagement.
|
Contract:
the processing is necessary for a contract we have with
you, or because you have asked us to take specific steps
before entering into a contract.
|
Six years after our last engagement with you ended or after
the last transaction between us, whichever is later.
|
Legal Services:
we use this information to prevent fraud, ensure compliance
with our professional obligations, and assist us in case of
a dispute.
|
Legitimate Interests:
the processing is necessary for our legitimate interests or
the legitimate interests of a third party, with no
overriding considerations.
|
Legal Services:
we share this information with legal directories and/or
include it in our promotional materials in the course of
promoting our Legal Services to third parties.
|
Consent:
we use your personal data to the extent that you have given
a clear consent for us to process the data for this
purpose.
|
Until you withdraw the consent or the promotional material
is made unavailable, whichever is earlier.
|
Identification information.
Proof of identity, e.g. copy of official government
identification or your utility bill.
|
Legal Services:
we use this information to verify your identity.
|
Compliance:
the processing is necessary for us to comply with the law.
|
Six years after our last engagement with you ended or after
the last transaction between us, whichever is later.
|
Legal Services:
we use this information to prevent fraud, ensure compliance
with our professional obligations, and assist us in case of
a dispute.
|
Legitimate Interests:
the processing is necessary for our legitimate interests or
the legitimate interests of a third party, with no
overriding considerations.
|
Employment information.
Information about your job title, employer and its
location.
|
Public Services:
we use this information to tailor the communications to
your interests.
|
Legitimate Interests:
the processing is necessary for our legitimate interests or
the legitimate interests of a third party, with no
overriding considerations.
|
Until you terminate your subscription to our Public
Services.
|
Legal Services:
we may use this information to provide Legal Services in
accordance with the terms of our engagement.
|
Contract:
the processing is necessary for a contract we have with
you, or because you have asked us to take specific steps
before entering into a contract.
|
Six years after our last engagement with you ended or after
the last transaction between us, whichever is later.
|
Legal Services:
we use this information to prevent fraud, ensure compliance
with our professional obligations, and assist us in case of
a dispute.
|
Legitimate Interests:
the processing is necessary for our legitimate interests or
the legitimate interests of a third party, with no
overriding considerations.
|
Information about your legal matter.
Details of the matter you engage us to assist with, when
they contain personal data.
|
Legal Services:
we use this information to provide Legal Services in
accordance with the terms of our engagement.
|
Contract:
the processing is necessary for a contract we have with
you, or because you have asked us to take specific steps
before entering into a contract.
|
Six years after our last engagement with you ended or after
the last transaction between us, whichever is later.
|
Legal Services:
we use this information to ensure compliance with our
professional obligations, and assist us in case of a
dispute.
|
Legitimate Interests:
the processing is necessary for our legitimate interests or
the legitimate interests of a third party, with no
overriding considerations.
|
Payment and transaction information.
Payment information, such as your credit card or bank
account details, and other information such as date and
time of your transaction.
|
Legal Services:
we use this information to invoice you for the Legal
Services in accordance with the terms of our engagement and
facilitate the transactions envisaged by it.
|
Contract:
the processing is necessary for a contract we have with
you, or because you have asked us to take specific steps
before entering into a contract.
|
Six years after our last engagement with you ended or after
the last transaction between us, whichever is later.
|
Legal Services:
we use this information to prevent fraud and assist us in
case of a dispute.
|
Legitimate Interests:
the processing is necessary for our legitimate interests or
the legitimate interests of a third party, with no
overriding considerations.
|
Location information.
Your current location, place of residence or business
address.
|
Legal Services:
we use this information to prevent fraud, and ensure
compliance with our professional obligations.
|
Legitimate Interests:
the processing is necessary for our legitimate interests or
the legitimate interests of a third party, with no
overriding considerations.
|
Six years after our last engagement with you ended or after
the last transaction between us, whichever is later.
|
Information supplied by third parties.
Any personal data relating to you obtained from third
parties or publicly available.
|
Legal Services:
we may combine this information with the information we
collect from you directly to provide Legal Services in
accordance with the terms of our engagement with you or our
Client. We may also use this information to prevent fraud,
ensure compliance with our professional obligations, and
assist us in case of a dispute.
|
Contract:
the processing is necessary for a contract we have with
you, or because you have asked us to take specific steps
before entering into a contract.
|
Six years after our last engagement with the ended or after
the last transaction between us and the Client, whichever
is later.
|
Legitimate Interests:
if we had a contract with you and after our contract is
over the processing may still be necessary for our
legitimate interests or the legitimate interests of a third
party in the absence of overriding considerations.
If we obtained your data from a Client for the purposes of
our contract with them, we use this data relying on the
legitimate interests pursued by our Client in the absence
of overriding considerations.
|
Personal data collected automatically
When you access and use this website we automatically collect information
about how you do so, in particular:
a) your IP address;
b) information about your browser;
c) date and time of access;
d) the pages you view; and
e) the links you follow.
We use this information in our Legitimate Interests to monitor and improve
the performance of this website. We only store this information for 30 days
following your respective visit to this website.
This website uses cookies: pieces of code that allow us to personalise our
website experience for you by recording your information such as IP
address, browser type, date and time of access, the pages you view and the
links you click on this website. A cookie is transferred to and kept on
your device.
The cookies we use are required for the operation of this website, to
analyse the visits to our website, and to recognise you when you return to
this website – for example, so we can display the website in your preferred
language. This also helps us to improve your browsing experience by helping
you find what you are looking for. We may use third-party analytics tools
such as Google Analytics, to help us measure traffic and usage trends and
to understand more about the demographics of our users. Please refer to
http://www.google.com/policies/privacy/partners and
https://tools.google.com/dlpage/gaoptout for details.
Most browsers enable you to change the cookie settings, but please be aware
that doing so could mean losing some of the functionality of this website.
CCTV
CCTV has a legitimate role to play in helping to maintain a safe and secure
environment for all our Personnel and visitors. We currently use a CCTV
camera to view and record individuals on our premises, relying on
Legitimate Interests as the legal basis for processing, namely crime
prevention.
CCTV monitors the entrance to our offices in London 24 hours a day and this
data is continuously recorded.
In order to ensure the balance of our legitimate interests and your rights
as Data Subjects, we will ensure that:
a) data gathered from CCTV is stored in a way that maintains its integrity
and security. This may include encrypting the data, where it is possible to
do so;
b) camera location is chosen to minimise viewing of spaces not relevant to
the legitimate purpose of the monitoring;
c) live feeds from the camera and recorded images are only viewed by
approved members of staff whose role requires them to have access to such
data. Recorded images will only be viewed in designated, secure premises;
and
d) data recorded by CCTV is retained for no longer than 30 days.
SECURELY STORING AND SHARING YOUR DATA WITH THIRD PARTIES
We never share your personal data obtained in connection with the provision
of Public Services, unless such disclosure is required by law or we
reasonably believe it is necessary to:
a) comply with applicable law or respond to the reasonable and lawful
requests of law enforcement and other official authorities, wherever
originating; or
b) enforce the terms of our engagement, and pursue or mitigate the amount
of damages arising from any breach of those terms.
We share your personal data obtained in connection with the provision of
Legal Services in the above cases too. When the terms or essence of our
engagement call for such disclosure, we share your personal data with:
a) third party service providers that perform services for us or on our
behalf, including accounting, payment, legal and translation services;
b) our affiliate offices, our agents and consultants based outside the EEA area;
c) third parties if you instruct us to do so, or when the terms of our
engagement so demand; and
d) legal directories and referees and/or the public, when you have given us
consent to do so for the promotion of our services with reference to your
feedback.
We have sufficient and reliable technical and organisational measures in
place that protect your personal data against accidental or unlawful loss,
destruction, alteration or damage.
We are an international legal practice with offices and service providers
located in various countries of the world. Cross-border transfers of your
personal data outside the EEA area, save for permitted exceptions, are only
made after we make sure there are appropriate safeguards in place: our
consultants working abroad are bound by
standard data protection clauses adopted by the European Commission
.
YOUR RIGHTS
If you are resident in the European Union, Iceland, Lichtenstein or Norway,
you have the following rights in respect of your personal data in our
possession. If you are resident elsewhere, please contact us at enquiries@cislondon.com if you
would like to know if these rights are available to you, and we will help
the extent required under applicable law.
Your data shall not be subject to automated decision-making.
Right to be informed
, i.e. to have up-to-date information regarding the purposes for the
processing of your personal data, applicable retention periods, and who it
will be shared with. All of this information has been included in this
privacy policy. You can access the current version of this privacy policy
at any time at privacy.cislondon.com and should do so periodically,
for we will not ordinarily notify you of the changes.
Right of access
, i.e. to obtain:
a) confirmation of whether we are processing your personal data, the
purposes for such processing, whether we share it with third parties, and
applicable retention periods; and
b) a copy of the personal data we hold about you.
Right to data portability
, i.e. to receive a copy of the personal data you have provided to us in a
structured, commonly used, machine-readable format, and/or to request the
transfer of your personal data to another person. This right is only
available to you in respect of the personal data that we collect and
process on the basis of Consent or Contract.
Right to rectification
, i.e. a limited right to have inaccurate personal data in our possession
rectified, and incomplete personal data completed.
Right to erasure
, also known as the right to be forgotten, i.e. to require
us to erase your personal data if:
a) the personal data is no longer necessary for the purpose which we
originally collected or processed it for;
b) we are relying on Consent for holding the data, and you withdraw your
consent;
c) we are relying on Legitimate Interests as our basis for processing, and
the you object to the processing of the data, and there is no overriding
legitimate interest to continue this processing;
d) we are processing the personal data for direct marketing purposes and
you object to that processing;
e) we have processed the personal data unlawfully;
f) we have to do it to comply with a legal obligation; or
g) we have processed the personal data to offer information society
services to a child.
Right to restrict processing
, i.e. to require us to limit the purposes for which we process your
personal data if:
a) you contest the accuracy of your personal data and we are verifying the
accuracy of the data;
b) the data has been unlawfully processed and you oppose erasure and
request restriction instead;
c) we no longer need the personal data but you need us to keep it in order
to establish, exercise or defend a legal claim; or
d) you have exercised your right to object (see below), and we are
considering whether our legitimate grounds override yours.
Right to object
, i.e. to ask us to stop processing your data. This right is available to
you if we process your personal data for direct marketing purposes only. If
we process your data relying on Legitimate Interests, this right is also
available to you, but it is subject to our being able to demonstrate
compelling legitimate grounds for the processing, which override your
interests, rights and freedoms. This right is also not available if the
processing is for the establishment, exercise or defence of legal claims.
If you are resident in France, you also have the right to set guidelines
for the retention and communication of your personal data after your death.
If you wish to exercise one of these rights, please contact us at enquiries@cislondon.com.
You also have the right to lodge a complaint to your local data protection
authority. Further information about how to contact your local data
protection authority is available at
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
.
CONTACTING US
Any questions with respect to this privacy policy should be sent to enquiries@cislondon.com or to
our offices at
CIS London & Partners LLP
4-6 Staple Inn Buildings
WC1V 7QH
London, UK