Steinfeld Law LLP – Privacy Notice
Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
The EU General Data Protection Regulation ((EU) 2016/679 (GDPR) replaces the Data Protection Directive 95/46/EC with effect from 25 May 2018. It is designed to harmonize data privacy laws across Europe, to enhance and empower all EU citizens’ data privacy rights and to reshape the way organizations processing personal data approach data privacy from the outset.
The GDPR and related EU/UK data protection laws apply to organizations worldwide that process personal data of EU/UK citizens. Protecting your personal data, your confidential information and your privacy is important to us, therefore we apply the same level or protection whether you are an EU citizen or not. How we use your information is explained in this Privacy Notice.
The scope and purpose of this Privacy Notice
This Privacy Notice explains how Steinfeld Law LLP (“we”, “us”, “our”), collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us as a client, acting for a client or being generally interested in our services and our publications in accordance with applicable data privacy laws and the GDPR. When we do this we are the ‘controller’ of this information for the purposes of the GDPR and other applicable data protection laws. Our Data Protection Officer is Cyma Hanif, (email@example.com).
We may provide supplemental privacy notices on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data. Those supplemental notices should be read together with this Privacy Notice.
The term “Personal Data” as used in this Privacy Notice means any information relating to you such as your name, contact details, bank account details, etc. Personal Data does not include data from which you can no longer be identified such as anonymised aggregate data.
What information do we collect about you, how do we collect it and what do we use it for?
The kinds of Personal Data we may collect include your contact details (such as your address, email address and telephone number) and information such as your business address, nationality, place of residence, job title and payment data such as data necessary for processing payments which we will request from you. In addition, we collect the Personal Data you choose to provide to us, e.g. if you contact us by letter, telephone, email or any other means of electronic or personal communication.
We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data only if:
1. you have consented to us doing so;
2. we need to do so in order to perform the contract or engagement we have entered into with you;
3. we need to do so to comply with a legal or regulatory obligation; or
4. if we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms. Such legitimate interests will be the providing of legal services by us, administrative or operational processes within our firm and direct marketing.
Your Personal Data may be processed by the Firm to comply with anti-money laundering checks, and to deliver legal services to you and/or the person, firm or company you work or act for. We may also use your Personal Data to inform you about our services, new (legal) developments and our marketing events.
Please note that we may use or disclose Personal Data if we are required by law or regulation to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
Accuracy of information
It is important that the Personal Data we hold about you is accurate and current. Please let us know if your Personal Data changes during your relationship with us.
What if you do not provide the personal data we request?
It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to accept an engagement from you, to provide all or some of our legal services, to enter into a contract or engagement with you or to send you the requested (marketing) information.
Change of purpose, anonymization
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.
With whom will we share your information?
When using your Personal Data for the purposes and on the legal basis described above we may share your Personal Data with other law firms and services providers we work with. We may also have to share your Personal Data with regulators, public institutions, courts or other third parties.
For the purposes described above we may have to transfer your Personal Data to a third party outside of the European Economic Area (EEA) and in a jurisdiction not being subject to an adequacy decision of the European Commission. We will always ensure that there is a legal basis and a relevant safeguard method for such data transfer so that your Personal Data is treated in a manner that is consistent with and respects the EU/UK laws and other applicable laws and regulations on data
protection. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused.
Your rights in relation to your information
Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individuals rights under the GDPR.
If you want to exercise any of these rights, please:
We will respond to you within one month from when we receive your request.
We hope that you are happy with our service and that we or Cyma Hanif, our Data Protection Officer, can resolve any issues or complaints that arise. Please get in touch if you have any concerns (See Get in touch below).
However, the GDPR also gives you the right to lodge a complain with a supervisory authority, in particular, in the European Union (or European Economic Area) the country or state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
Right to withdraw consent
In case you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right fully or partly to withdraw your consent. To withdraw your consent, please contact our Data Protection Officer (see Get in touch below). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing
which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
In case we processed your Personal Data for direct marketing purposes, you have the right to object at any time, in which case we will no longer process your Personal Data for such marketing purposes.
How long will we retain your information?
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.
Keeping personal data about you secure
We will take appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to data. Personal data may be kept on our personal data technology systems, or in paper files.
You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will make an updated copy of such privacy notice available on our website (www.steinfeldlaw.co.uk). The changes will take effect as soon as they are posted on this website.
Get in touch
If you have any questions about this privacy notice or the information we hold about you, please contact our Data Protection Officer.
The best way to reach us is to email our Data Protection Officer on firstname.lastname@example.org or alternatively, please write to us at 22 Manchester Square, London, W1U 3PT or call us on 0207 725 1319.