Personal data processing notice

Our processing of personal data

  1. Introduction

    1. Fladgate LLP (“we” “our” or “us”) processes personal data of a number of different categories of individuals where we are the data controller. This information is provided to individuals whose data we process (“you” or “your”) to comply with our obligations under Articles 13 and 14 of the GDPR.
    2. As we are a firm of solicitors, we are not required to give you information in certain circumstances where personal data we process is collected and processed by us in the context of our work advising and representing our clients. For more details see the Exemptions page. Because of these exemptions, the information in this notice is in many cases deliberately non-specific and illustrative.
    3. To make this information clear, we have divided the data we receive into the following groups:
      1. Data about individuals who are our clients.
      2. Data about partners and staff of the firm, consultants, secondees (including referandars), those on work experience, temporary staff, former partners and staff, next of kin, spouses, beneficiaries.
      3. Data about contacts who are not clients or personnel of clients.
      4. Data about third parties who are involved, directly or indirectly, in matters (including cases or transactions) in relation to which we are asked to advise or represent our clients.
      5. Data about our suppliers and supplier personnel.
      6. Data about individuals who apply for employment or partnership with the firm.
      7. Data about directors, shareholders, consultants, employees or other personnel of our clients.
    4. In addition to the above, individuals who interact with the firm in any of the above capacities should also refer to the following:
      1. Data about visitors to our office.
      2. Data collected through recording of Fladgate-arranged telephone conference calls.
  2. Data Controller details

    1. Fladgate LLP is a limited liability partnership, registered in England and Wales with registered number OC334334.
    2. Our address is 16 Great Queen Street, London, WC2B 5DG, UK (please mark any correspondence for the attention of the Head of Risk and Compliance. Our telephone number is +44 (0) 20 3036 7000. Our email address is privacy@fladgate.com (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).
  3. Collection, use and disclosure of data

    1. You can access more information using the links above to pages which explain:
      1. What categories of information we collect and retain;
      2. Where we will get the information from;
      3. The purpose and legal basis of processing; and
      4. Who we will disclose the information to.
  4. International Transfers

    We will not transfer personal data relating to you to a country which is outside the European Economic Area unless:

    1. The country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;
    2. Appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 by us or by our client (on whose behalf we would transfer the data); or
    3. One of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary):
      1. The transfer is necessary to perform, or to form, a contract to which we are a party:
        1. with you; or
        2. a third party where the contract is in your interests;
      2. The transfer is necessary for the establishment, exercise or defence of legal claims;
      3. You have provided your explicit consent to the transfer; or
      4. The transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.
  5. Retention of personal data

    1. Our retention and deletion policy can be found here.
  6. Your rights

    1. You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing. If you are based within the UK or the EEA or within another jurisdiction having similar data protection laws, in certain circumstances you will also have the following rights (effective 25 May 2018):
      1. right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs);
      2. right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete;
      3. right to erasure/”right to be forgotten”: where the processing of your information is based on your consent, the right to withdraw that consent and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we do not rely on your consent to carry out the processing or if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim);
      4. right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
      5. right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible; and
      6. right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
    2. Please note that if you withdraw your consent to the use of your personal information for purposes set out in our Privacy Policy, we may not be able to provide you with access to all or parts of our services.
    3. Please also note that some of the rights above may not be applicable to you (or to all of the information about you that we are processing) due to the application of one or more of the Exemptions.
    4. If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: http://www.ico.org.uk/
  7. What happens if we do not receive the information we need from you?

    1. If we do not receive the information we require in order to verify the identity of our client or the individuals who control or own our client, we cannot act for that client.
    2. We will not be able to act for an individual if we do not receive the personal data we require to communicate with that individual.
  8. Automatic decision making

    We do not make decisions based solely on automated data processing, including profiling.

April 2018