1. About Us
2. Information We May Collect From You
2.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect personal information from you in the course of our business, through your use of our Website, when you contact us or request information from us, when you engage us to provide legal services and/or when you engage with any of our staff and clients.
2.2. The personal data we may collect and process about you includes:
- information such as your name, title, the company you work for, and your position;
- contact information such as your address, email address and telephone number;
- financial information such as your bank details and other payment related information;
- identification and background information provided by you and/or collected as part of our client identification process, including photographic identification (such as copies of your passport and/or driving licence), proof of address etc;
- special categories of personal data which you may provide in the course of us providing our services to you (e.g. ethnicity, religion, health information and medical details);
- information you may provide when completing any feedback forms, questionnaires and/or other forms we may send to you;
- information you may provide to us for the purposes of attending meetings and events (e.g. dietary requirements);
- information you may provide when you contact us by any means, including via email;
- information you pay provide if you interact with us via our social media (such as your username, ‘likes’, ‘retweets’, ‘shares’, and comments’);
- marketing and communication data where applicable, including your preferences in receiving marketing information from us; and
- any other information relating to you which you may provide to us.
2.3. Where we need to collect personal data by law, or under the terms of a contract which we have with you, and you fail to provide that data when requested, we may not be able to provide our services and perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the provisions of our services to you but we will notify you if this is the case at the time.
3. How we obtain your personal information
3.1. We may obtain your personal information in the following ways:
- when a client instructs us to provide legal services, we will ask for the information that we need to provide those services; this information includes contact details, billing information, information necessary to conduct anti-money laundering and financial/reputational checks in order to open a file on the matter, and information relevant to the services we provide. Information provided by a client may include personal data that relates to persons whose information is relevant to the instruction; for example when we advise on a business transaction or a regulatory investigation or represent a client in a legal dispute;
- when you provide it to us, or interact with us directly, for instance engaging with our staff;
- through monitoring our technology tools and services, including our Website and email communications sent to and from Centrefield;
- from publically available sources such as public registers, publications and general internet searches;
- where applicable, when you sign up to receive newsletters from us and/or register for an event, we will ask you to provide your contact details and other relevant information; and/or
if you apply for a job with us, we will ask you for information relevant to your application.
3.2. If you provide information to us about another person, you must ensure that you comply with any legal obligations and data protection laws that may apply to your provision of the information to us.
4. How we use your personal information
4.1. We collect and process personal information about you in a number of ways, including through your use of our Website and in the provision of legal services. In particular, we use your personal information in the following ways:
- to provide and improve our legal services to our clients (including handling the personal information of others on behalf of our clients);
- to manage and administer our relationship with our clients and any person that interacts with us;
- to fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims;
- to conduct client due diligence (including financial and reputational checks) and conflict checks prior to taking instructions from a new client;
- for fraud prevention, anti-money laundering checks and for the prevention and detection of crime;
- to provide information requested by you;
- to promote our services, including sending legal updates, publications and details of events;
- to administer the Website and for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes);
- to identify you when you visit the Website, improve the Website and monitor the pages you access to assist in providing a better service to you;
- to ensure that content from the Website is presented in the most effective manner for you and your computer;
- to help diagnose problems with our systems and/or to administer the Website;
- for research and analysis purposes so that we can monitor and improve the services which we provide;
- to contact you to obtain further information which we may require regarding our interaction with you, including to assist in the provision of our services to you; and
- where applicable, for the purposes of recruitment.
4.2. We will only process special category data where the processing is necessary for the purpose of providing our clients with advice regarding a particular legal matter on which we have been instructed.
5. The basis on which we use your personal information
5.1. We will only use your personal data in accordance with applicable data protection laws. We rely on a number of lawful bases for our use and processing of your personal data namely:
- where we need to perform any contract we are about to enter into or have entered into with you;
- where there is a legitimate business interest for us to use your personal information. We will only rely on our legitimate business interest, where it is fair and reasonable to do so and it is appropriate and relevant to our business relationship to you. Please see section 4 ‘How we use your personal information’ for further details;
- to comply with legal and regulatory obligations;
- for the establishment, exercise or defence of legal claims or proceedings; and/or
- where we have obtained freely given, specific and informed consent from you to use your personal data, for example through instructing us on a matter.
6. Who we may share your personal information with
6.1. We may disclose your personal information to third parties in the following circumstances:
- in providing our services, we may disclose a client’s personal information in respect of that client’s matter to third parties to the extent that such disclosure is reasonably necessary in connection with that particular matter, such as the courts service, tribunals, barristers, experts and other third parties involved in that matter;
- suppliers and service providers to whom we outsource certain support services (such as IT service providers, document processing and dictation service providers, translation service providers, data room management providers, postal services, document storage facilities, providers of anti-money laundering / financial checks and debt collection service providers);
- other legal advisers for example advisers who may be based outside of the UK where advice in a particular jurisdiction is required in connection with a client’s matter;
- our auditors, accountants, legal advisers and other professional advisers;
- our insurers and insurance brokers;
- with your prior consent, we may seek publicity concerning our involvement in any transaction or case which you instruct us on where appropriate (this will not extend to disclosing any confidential information about any particular matter);
- we may make known publically that you are/have been a client of ours, for example in submissions for legal directories (this will not extend to disclosing any confidential information about any particular matter(s));
- when disclosure is requested by: (i) a court; (ii) a government agency (e.g. HMRC); and/or (iii) a regulatory body (e.g. the Solicitor’s Regulation Authority);
- if our business or substantially all of our assets are acquired by a third party, in which case personal data held by us may be transferred; and/or
- to protect the rights, property and/or safety of Centrefield LLP or any other third party.
7. Your rights regarding your personal information
7.1. The General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.
7.2. In particular, you have the right to:
- request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
- request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
- request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below). Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
- object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms;
- request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy or the reason for processing it;
- request the transfer of your personal data to you or to a third party; and
- withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our services to you. We will advise you if this is the case at the time you withdraw your consent.
7.3. Where you request access to your personal information, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights in relation to how we process your personal data). This is a security measure to ensure that personal data is not disclosed to any person who does not have a right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
7.4. You will not have to pay a fee to access your personal data (or to exercise any of your other rights in relation to how we process your personal data). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
8. Protecting your personal data
8.1. We protect your personal information by implementing appropriate technical and organisational security measures to prevent access by unauthorised persons and any unlawful processing, accidental loss, destruction or damage. Although we make every effort to seek to protect your personal information, we cannot guarantee the security of any data transmitted electronically and any transmission is at your own risk.
9. Keeping your personal data
9.1. We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.
9.2. To determine the appropriate retention period for any personal information, we will consider: (a) its content; (b) its sensitivity; (c) the potential risk of harm from unauthorised use or disclosure; (d) the purposes for which it is processed; (e) whether we can achieve those purposes through other means; and (f) the applicable regulatory or legal requirements regarding the retention of such information.
10. Marketing Communications
We may send you marketing communications from time to time which we consider may be of interest to you. You may unsubscribe from receiving such marketing communications at any time by clicking on the unsubscribe link in the relevant email, contacting any of our staff or by contacting us at email@example.com.
11. Links to other websites
Our Website may contain links to other websites owned and operated by third parties. These third party websites will have their own privacy policies that will govern the use of any personal information you submit whilst visiting those sites and/or engaging the services of other third parties external to us. We do not accept any responsibility or liability for these policies or the privacy practices of any third parties over which we have no control. You should check the policies of such entities before submitting any personal information to them. Your use of third party websites is at your own risk.
12. Transfers outside the EEA
In order to provide our services we may need to transfer your personal information to locations outside the European Economic Area (EEA). The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure to the extent possible in accordance with applicable data protection laws.
13. Changes to your data
We aim to keep any personal information we hold up to date, accurate and error free. Please help us to keep your information accurate and up to date by notifying us of any relevant changes to your personal data (for example where you change address). You can do this by contacting the member of staff responsible for your matter or by contacting firstname.lastname@example.org.
You have the right to make a complaint to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the Information Commissioner’s Office so please contact us in the first instance.