Tatham Law LLP is a limited liability company with its official number OC371070 and its registered office at 150 Minories, City of London, EC3N 1LS and regulated by the Solicitors Regulation Authority .
The data controller is Tatham Law LLP.
What personal information do we collect about you?
We may collect personal data from you which is defined by the General Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier. This means any information about you that enables you to be identified.
We may collect some, or all, of the following personal data:
- Name, date of birth and gender;
- Address, email address and telephone number;
- Company name, job title and profession;
- Payment information;
- Any other information relating to you which you may provide to us.
How do we obtain your personal information?
We collect information from you in different ways.
These ways include information that you provide us with, and information we gather as part of our engagement and acceptance process in the course of providing legal services to you. We may also collect information when you engage with our staff, as well as technical information when you visit our website.
Legal basis of processing
The GDPR requires us to meet at least one of the legal grounds for processing as set out in Article 6 of the GDPR. The grounds applicable to the personal data to which this notice relates are:
- Contract where the processing is necessary for us to perform a contract that you are a party to, or to take steps at your request prior to entering a contract;
- Legitimate interests where the processing is necessary for the purposes of our legitimate interests, and provided that your fundamental rights and freedoms which require protection of your data are not overridden by those legitimate interests (our legitimate interests comprise the marketing and provision of legal services);
- Legal compliance where the processing is necessary for compliance with a legal obligation to which we are subject;
- Consent where you have given your consent to our processing the data.
Special categories of personal data
If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, it is a condition of us receiving that information that:
- Our processing of such data is necessary for the establishment, exercise or defence of legal claims; or
- You expressly consent (and if the above is not applicable you hereby do expressly consent) to us processing that personal data set out below.
How do we use your personal information?
Your personal data will be used for the following purposes:
- To provide the services we are retained to provide either to you or to the organisation for which you work;
- For the establishment, exercise or defence of legal claims;
- Communicating with you including delivering relevant marketing communications and invitations to training and seminars and to networking and social events.
With whom do we share your personal information?
We will not share any of your personal data with any third parties for any purposes, unless we are legally required to do so.
Where do we store your personal data
The data that we collect from you will be stored in our computers and servers or those of our service providers. It will not be transferred to a third party outside the European Economic Area (“EEA”) unless to a processor acting on our behalf which is either (i) in a country that the European Union has decided has adequate data protection laws in place, or (ii) has provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.
We may take data outside the EEA to the extent necessary for the establishment, exercise or defence of legal claims, or to allow us to perform legal services whilst travelling outside of the EEA.
Your information is stored on our secure servers and we have various measures in place to help protect your personal information from unauthorised access, use, disclosure or alteration or destruction consistent with the GDPR.
How long do we keep your information?
We will not keep your personal data for any longer than is necessary based on the purpose for which it is retained.
Where we are working for you, your personal data will be kept for a period of seven years or such longer period as may be determined by the Solicitors Code of Conduct, or as directed by our Professional Indemnity Insurers.
What are your rights?
Under the GDPR you have the following rights, which we will always work to uphold:
- The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
- If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data; if you exercise this right we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
- The right to access details of the personal data we hold about you;
- The right to ask us to rectify any of your personal data that is inaccurate or incomplete;
- The right to ask us to delete your data in certain circumstances;
- The right to ask us to restrict the processing of your personal data in certain circumstances;
- The right to object to us using your data for a particular purpose or purposes in certain circumstances;
- In certain circumstances, the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.
If you wish to exercise any of these rights please contact us at firstname.lastname@example.org.
In the event of an access request, this should be made in writing or by email to email@example.com There is not normally any charge for an access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
You have the right to lodge a complaint about our use of your data with the Information Commissioner at https//www.gov.uk/data-protection/make-a-complaint or by telephone on 0303 123 1113.
Changes to this Privacy Notice
We may change this privacy notice from time to time. Any changes will be made available via our website.