Our processing of personal data

 

Introduction

 

1.      Phillips Lewis Smith Limited (“we” “our” or “us”) processes personal data of a number of different categories of individuals in cases where we are the data controller. This Personal Data Processing Notice is provided to individuals whose data we process (“you” or “your”) to comply with our obligations under Articles 13 and 14 of the GDPR.

 

2.      Phillips Lewis Smith Limited is a limited company, registered in England and Wales with registered number 09466510. Our address is 13 Craven Street, London, WC2N 5PB, UK (please mark any correspondence for the attention of our Practice Manager. Our telephone number is +44 (0) 20 7925 2244. Our email address is privacy@ruphlaw.co.uk.

 

3.      The categories of individuals are divided into the following groups:

·        Individuals who are our clients.

·        Staff of the firm, consultants, those on work experience, temporary staff, former staff, spouses.

·        Contacts who are not clients or personnel of clients.

·        Third parties who are involved, directly or indirectly, in matters (including cases or transactions) in relation to which we are asked to advise or represent our clients.

·        Our suppliers and supplier personnel.

·        Individuals who apply for employment with the firm.

·        Directors, shareholders, consultants, employees or other personnel of our clients

 

4.      If you require further information on the type of data we collect, the source of those data, the legal basis of our processing of such data, and any third-party recipients of those data, please contact privacy@ruphlaw.co.uk.   

 

5.      Notwithstanding the above, we are not required to give you information in certain circumstances where personal data we process is collected and processed by us in the context of client matters where those personal data concerned has not been received from the individual concerned and where we are required to be kept confidential subject to an obligation of professional secrecy regulated by English law (see Article 14 of the GDPR).

 

6.      In addition, we are exempted from providing information about disclosures of personal data to us or by us where the disclosure is:

 

6.1     required by an enactment, a rule of law, or an order of a court;

6.2     necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings);

6.3     necessary for the purpose of obtaining legal advice or otherwise establishing, exercising or defending legal rights.

6.4     processing of personal data that consists of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings. (Schedule 2 of the Data Protection Act 2018)

 

7.      As we are a firm of solicitors, we are not required to give you information in certain circumstances where personal data we process is collected and processed by us in the context of our work advising and representing our clients.

 

 

International Transfers

 

8.      We will not transfer personal data relating to you to a country which is outside the European Economic Area unless:

8.1     the country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;

8.2     appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 by us or by our client (on whose behalf we would transfer the data); or

8.3     one of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary):

·        the transfer is necessary to perform, or to form, a contract to which we are a party with you or a third party where the contract is in your interests;

·        the transfer is necessary for the establishment, exercise or defence of legal claims;

·        you have provided your explicit consent to the transfer; or

·        the transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.

 

 

Data Security

 

9.      We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 

10.   We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

 

Your rights

 

11.   You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing. If you are based within the UK or the EEA or within another jurisdiction having similar data protection laws, in certain circumstances you will also have the following rights:

·        right to access

·        right to rectification

·        right to erasure/right to be forgotten

·        right to restriction of use of your information

·        right to data portability

·        right to object

 

12.   Please note that if you withdraw your consent to the use of your personal information for purposes set out in our Privacy Policy, we may not be able to provide you with access to all or parts of our services.

 

13.   Please also note that some of the rights above may not be applicable to you (or to all of the information about you that we are processing) due to the application of one or more of the Exemptions.

 

14.   If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: http://www.ico.org.uk/