CIS London & Partners LLP Privacy Policy

This privacy has last been reviewed on 4 November 2020.

WHO WE ARE AND OUR APPROACH

We are CIS London & Partners LLP (we), and we are committed to respecting your privacy.

We collect data about:

a) the users of this website;

b) individuals that subscribe to our newsletters, invitations, updates and briefings (communications); and

c) our clients or their employees, agents and representatives, and we may also collect data about the persons who transact or otherwise have legal relationships with our clients

(you).

This privacy policy sets out how we collect, store, process, transfer, share and use data by reference to which you can be identified ( personal data).

Before sharing your personal data with us, please make sure that you have familiarised yourself with this privacy policy and contact us if any parts of it are unclear.

TYPES OF PERSONAL DATA. PURPOSE OF PROCESSING. LAWFUL BASES AND INDICATIVE RETENTION PERIODS

In collecting and processing your personal data we rely on one or several lawful bases. Please refer to Table 1 below for the summary of types of personal data, what it is used for, and on which lawful basis.

How long we store your personal data for depends on a number of factors, but we never retain it longer than necessary for the purposes for which it was collected. Please refer to the indicative retention periods in Table 1 below.

Personal data provided by you

You submit your personal data to us when you subscribe to communications ( Public Services) or engage us to provide legal services to you (Legal Services).

We always work to minimise the amount of your personal data in our possession, and only request the personal data indispensable for the rendering of the Public and/or Legal Services:

a) to render Public Services to you, we need to tailor our communications to your needs and interests. To do this, we may need to collect your name, contact information such as e-mail address and telephone number, and information about your location and employment , such as company name and job title; and

b) to render Legal Services to you, we need to comply with regulations applicable to us, and have enough information to enable us to enter in a contract with you and carry out our obligations before you. To this end:

    1. we collect your identification and payment information including your address and bank details; as well as information about your other circumstances relevant to our engagement, determinable on a case-by-case basis; and
    2. you may need to provide other people’s personal data to us (e.g. your family members, customers, employees, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and that they consent to that disclosure.

We have robust data protection policies in place. In the unlikely event of a data breach affecting or capable of having affected your data, we will notify you as soon as possible, but in any event within 48 hours of becoming aware of the breach.

Personal data provided by a third party or collected by us independently

If you are our client, we may need to obtain additional information relating to the subject matter of our engagement, and we may obtain it independently from public registers and other third-party sources.

If you are not our client but have a legally significant relationship with our client (for example, you are their family member or if you and our client have entered or are about to enter into a contract), we may collect your personal data within the framework of our client engagement. We will notify you if this happens, unless we are legally exempt from this notification requirement.


Table 1

PERSONAL DATA

PURPOSE
(HOW WE USE IT)

LAWFUL BASIS

INDICATIVE RETENTION PERIOD

Contact information.
Your name, phone number, address, email address.

Public Services: we use this information to send you our newsletters, invitations, updates and briefings.

Consent: we use your personal data to the extent that you have given a clear consent for us to process the data for this purpose.

Until you terminate your subscription to our Public Services.

Legal Services: we use this information to provide Legal Services in accordance with the terms of our engagement and communicate with you in connection with the engagement.

Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Six years after our last engagement with you ended or after the last transaction between us, whichever is later.

Legal Services: we use this information to prevent fraud, ensure compliance with our professional obligations, and assist us in case of a dispute.

Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, with no overriding considerations.

Legal Services: we share this information with legal directories and/or include it in our promotional materials in the course of promoting our Legal Services to third parties.

Consent: we use your personal data to the extent that you have given a clear consent for us to process the data for this purpose.

Until you withdraw the consent or the promotional material is made unavailable, whichever is earlier.

Identification information.
Proof of identity, e.g. copy of official government identification or your utility bill.

Legal Services: we use this information to verify your identity.

Compliance: the processing is necessary for us to comply with the law.

Six years after our last engagement with you ended or after the last transaction between us, whichever is later.

Legal Services: we use this information to prevent fraud, ensure compliance with our professional obligations, and assist us in case of a dispute.

Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, with no overriding considerations.

Employment information.
Information about your job title, employer and its location.

Public Services: we use this information to tailor the communications to your interests.

Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, with no overriding considerations.

Until you terminate your subscription to our Public Services.

Legal Services: we may use this information to provide Legal Services in accordance with the terms of our engagement.

Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Six years after our last engagement with you ended or after the last transaction between us, whichever is later.

Legal Services: we use this information to prevent fraud, ensure compliance with our professional obligations, and assist us in case of a dispute.

Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, with no overriding considerations.

Information about your legal matter.
Details of the matter you engage us to assist with, when they contain personal data.

Legal Services: we use this information to provide Legal Services in accordance with the terms of our engagement.

Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Six years after our last engagement with you ended or after the last transaction between us, whichever is later.

Legal Services: we use this information to ensure compliance with our professional obligations, and assist us in case of a dispute.

Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, with no overriding considerations.

Payment and transaction information.
Payment information, such as your credit card or bank account details, and other information such as date and time of your transaction.

Legal Services: we use this information to invoice you for the Legal Services in accordance with the terms of our engagement and facilitate the transactions envisaged by it.

Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Six years after our last engagement with you ended or after the last transaction between us, whichever is later.

Legal Services: we use this information to prevent fraud and assist us in case of a dispute.

Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, with no overriding considerations.

Location information.
Your current location, place of residence or business address.

Legal Services: we use this information to prevent fraud, and ensure compliance with our professional obligations.

Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, with no overriding considerations.

Six years after our last engagement with you ended or after the last transaction between us, whichever is later.

Information supplied by third parties.
Any personal data relating to you obtained from third parties or publicly available.

Legal Services: we may combine this information with the information we collect from you directly to provide Legal Services in accordance with the terms of our engagement with you or our Client. We may also use this information to prevent fraud, ensure compliance with our professional obligations, and assist us in case of a dispute.

Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Six years after our last engagement with the ended or after the last transaction between us and the Client, whichever is later.

Legitimate Interests: if we had a contract with you and after our contract is over the processing may still be necessary for our legitimate interests or the legitimate interests of a third party in the absence of overriding considerations.

If we obtained your data from a Client for the purposes of our contract with them, we use this data relying on the legitimate interests pursued by our Client in the absence of overriding considerations.

Personal data collected automatically

When you access and use this website we automatically collect information about how you do so, in particular:

a) your IP address;

b) information about your browser;

c) date and time of access;

d) the pages you view; and

e) the links you follow.

We use this information in our Legitimate Interests to monitor and improve the performance of this website. We only store this information for 30 days following your respective visit to this website.

This website uses cookies: pieces of code that allow us to personalise our website experience for you by recording your information such as IP address, browser type, date and time of access, the pages you view and the links you click on this website. A cookie is transferred to and kept on your device.

The cookies we use are required for the operation of this website, to analyse the visits to our website, and to recognise you when you return to this website – for example, so we can display the website in your preferred language. This also helps us to improve your browsing experience by helping you find what you are looking for. We may use third-party analytics tools such as Google Analytics, to help us measure traffic and usage trends and to understand more about the demographics of our users. Please refer to http://www.google.com/policies/privacy/partners and https://tools.google.com/dlpage/gaoptout for details.

Most browsers enable you to change the cookie settings, but please be aware that doing so could mean losing some of the functionality of this website.

CCTV

CCTV has a legitimate role to play in helping to maintain a safe and secure environment for all our Personnel and visitors. We currently use a CCTV camera to view and record individuals on our premises, relying on Legitimate Interests as the legal basis for processing, namely crime prevention.

CCTV monitors the entrance to our offices in London 24 hours a day and this data is continuously recorded.

In order to ensure the balance of our legitimate interests and your rights as Data Subjects, we will ensure that:

a) data gathered from CCTV is stored in a way that maintains its integrity and security. This may include encrypting the data, where it is possible to do so;

b) camera location is chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring;

c) live feeds from the camera and recorded images are only viewed by approved members of staff whose role requires them to have access to such data. Recorded images will only be viewed in designated, secure premises; and

d) data recorded by CCTV is retained for no longer than 30 days.

SECURELY STORING AND SHARING YOUR DATA WITH THIRD PARTIES

We never share your personal data obtained in connection with the provision of Public Services, unless such disclosure is required by law or we reasonably believe it is necessary to:

a) comply with applicable law or respond to the reasonable and lawful requests of law enforcement and other official authorities, wherever originating; or

b) enforce the terms of our engagement, and pursue or mitigate the amount of damages arising from any breach of those terms.

We share your personal data obtained in connection with the provision of Legal Services in the above cases too. When the terms or essence of our engagement call for such disclosure, we share your personal data with:

a) third party service providers that perform services for us or on our behalf, including accounting, payment, legal and translation services;

b) our affiliate offices, our agents and consultants based outside the EEA area;

c) third parties if you instruct us to do so, or when the terms of our engagement so demand; and

d) legal directories and referees and/or the public, when you have given us consent to do so for the promotion of our services with reference to your feedback.

We have sufficient and reliable technical and organisational measures in place that protect your personal data against accidental or unlawful loss, destruction, alteration or damage.

We are an international legal practice with offices and service providers located in various countries of the world. Cross-border transfers of your personal data outside the EEA area, save for permitted exceptions, are only made after we make sure there are appropriate safeguards in place: our consultants working abroad are bound by standard data protection clauses adopted by the European Commission .

YOUR RIGHTS

If you are resident in the European Union, Iceland, Lichtenstein or Norway, you have the following rights in respect of your personal data in our possession. If you are resident elsewhere, please contact us at enquiries@cislondon.com if you would like to know if these rights are available to you, and we will help the extent required under applicable law.

Your data shall not be subject to automated decision-making.

Right to be informed , i.e. to have up-to-date information regarding the purposes for the processing of your personal data, applicable retention periods, and who it will be shared with. All of this information has been included in this privacy policy. You can access the current version of this privacy policy at any time at privacy.cislondon.com and should do so periodically, for we will not ordinarily notify you of the changes.

Right of access , i.e. to obtain:

a) confirmation of whether we are processing your personal data, the purposes for such processing, whether we share it with third parties, and applicable retention periods; and

b) a copy of the personal data we hold about you.

Right to data portability , i.e. to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format, and/or to request the transfer of your personal data to another person. This right is only available to you in respect of the personal data that we collect and process on the basis of Consent or Contract.

Right to rectification , i.e. a limited right to have inaccurate personal data in our possession rectified, and incomplete personal data completed.

Right to erasure , also known as the right to be forgotten, i.e. to require us to erase your personal data if:

a) the personal data is no longer necessary for the purpose which we originally collected or processed it for;

b) we are relying on Consent for holding the data, and you withdraw your consent;

c) we are relying on Legitimate Interests as our basis for processing, and the you object to the processing of the data, and there is no overriding legitimate interest to continue this processing;

d) we are processing the personal data for direct marketing purposes and you object to that processing;

e) we have processed the personal data unlawfully;

f) we have to do it to comply with a legal obligation; or

g) we have processed the personal data to offer information society services to a child.

Right to restrict processing , i.e. to require us to limit the purposes for which we process your personal data if:

a) you contest the accuracy of your personal data and we are verifying the accuracy of the data;

b) the data has been unlawfully processed and you oppose erasure and request restriction instead;

c) we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim; or

d) you have exercised your right to object (see below), and we are considering whether our legitimate grounds override yours.

Right to object , i.e. to ask us to stop processing your data. This right is available to you if we process your personal data for direct marketing purposes only. If we process your data relying on Legitimate Interests, this right is also available to you, but it is subject to our being able to demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms. This right is also not available if the processing is for the establishment, exercise or defence of legal claims.

If you are resident in France, you also have the right to set guidelines for the retention and communication of your personal data after your death.

If you wish to exercise one of these rights, please contact us at enquiries@cislondon.com.

You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm .

CONTACTING US

Any questions with respect to this privacy policy should be sent to enquiries@cislondon.com or to our offices at

CIS London & Partners LLP
4-6 Staple Inn Buildings
WC1V 7QH
London, UK

 

© CIS LONDON LLP