Please click on a heading below to get more information about a particular area of our policy.
- Types of information we collect
- How we collect information
- What happens if you fail to provide us information?
- Purposes for collecting information and our lawful grounds for processing
- Changes to the purposes of processing
- How we share your information
- Correcting, updating or removing your details
- Third party links
- International transfers
- Data security
- Data retention
- Requesting access to your information
- Your other privacy rights
We are Kemp IT Law, a firm of solicitors specialising in IT law that is authorised and regulated by the Solicitors Regulation Authority. Our SRA No. is 612693. Our address is 21 Napier Avenue, London, SW6 3PS. Our VAT No. is 182 8389 66.
3. Types of information we collect.
We collect non-personal information such as statistical data and certain personal information (information about an individual from which that person can be identified) when you use this website, become a client, represent a client, or sign up for client alerts or for an event.
The types of personal information we collect about you are as follows:
- Identity and Contact Data includes first name, maiden name, last name, username or similar identifier, title, job title, organisation, organisation address, email address and telephone numbers;
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
- Usage Data includes information about how you use our website and our services;
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences;
- Client Financial Data, which may include bank account details and details of any fees and payments;
- Client Onboarding Data includes identification and background information, information relating to anti-money laundering, conflict and financial/credit checks, and other information required as part of our regulated client onboarding procedures. This may include special categories of personal data, such as information relating to biometric data from passports. We also obtain information from publicly available sources such as public registers of companies, charities, public registers of sanctioned persons and entities (such as HM Treasury in the UK) and other public sources including any services accessible on the Internet which you are using for professional networking purposes e.g. LinkedIn; and
- Client Matter Data includes data provided by you as a client, generated by us based on our interactions with you or by others (e.g. other advisers) during the course of a matter.
4. How we collect information.
We collect most information from you as part of the client onboarding process, or when you fill in a form, contact us to engage us in services or provide feedback, or when you sign up to receive client alerts or to attend an event. You do not have to give us any personal information to use most of our website but if you want to sign up for our events or materials you will. We collect information for clients alerts, etc. and events registration as follows.
- Client alerts, etc. To subscribe for client alerts, white papers, invitations to events and webinars and other materials, please email your contact at the Kemp IT Law or email@example.com. To unsubscribe, update your details via the subscription form or email us at firstname.lastname@example.org.
- Event registration. To register for an event, please email your contact at the Kemp IT Law or email@example.com. During registration we will collect Identity and Contact Data. This information enables us to process and fulfil your registration online so we can contact you about the event.
5. What happens if you fail to provide us information?
If you fail to provide personal information that we need to perform a contract with you or by law, then we may not be able to provide you with the service the contract relates to. We will notify you when this is the case.
7. Purposes for collecting information and our lawful grounds for processing.
We will use your personal information only where we have a lawful basis for doing so. The lawful basis for processing your personal data will depend on the purpose for which it was obtained. The table below sets out the purposes for which we may process your personal information and the relevant lawful basis/bases that allow for that processing:
|Purpose of Processing||Type(s) of Data||Our Lawful Basis for Processing|
|Managing our relationship with you and providing legal services||
|Administration purposes and the protection of our business and the website – e.g. accounting, billing, troubleshooting, data analysis, testing, IT system maintenance, support, reporting, hosting of data, and to defend our business interests including exercising our legal rights.||
|To register you as a new client||
|Marketing and promotions:
*“Legitimate interests” means our legitimate interests in conducting and managing our practice where these interests are not overridden by your fundamental rights, interests and freedoms.
8. Changes to the purposes of processing.
We will only process your personal information for the purpose(s) for which we collected it. If we do need to use your personal information for a new purpose, we will notify you of this, explain the lawful basis we will be relying on, and, if necessary, ask for your consent.
We may need to share your information with certain third parties:
- Our suppliers who provide us with services acting as processors, including IT services, hosting services, website analytics, event organisers and marketing providers;
- Other law firms and other professional services providers or advisers such as barristers as part of the services we provide to clients;
- Our professional advisers including accountants, bankers, auditors, insurers who provide us with professional services based in the UK;
- Regulators such a HM Revenue & Customs, the Solicitors Regulation Authority and other authorities based in the UK who require information about our processing activities from us; and
- In the unlikely event of a sale, any organisation that acquires our practice.
We do not share or transfer the information we have collected except as set out in this policy. Where we share your personal information with third parties we will ensure they respect your privacy and keep your information secure.
We will send you marketing communications if you have signed up for client alerts or registered for events, in either case, where you have not opted out of receiving that marketing. You can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.
11. Correcting, updating or removing your details.
If your personal information changes or if you no longer wish to receive our service, please let us know and we will correct, update or remove your details. You can do this by emailing us at firstname.lastname@example.org.
12. Third party links.
13. International transfers.
In providing services to you, we may need to transfer your personal information to the United States and other countries outside of the EU that do not afford the same level of data protection as the UK. Your personal data may also be processed by our suppliers outside of the EU. Where your data is processed outside of the EU, we will ensure your personal information is protected by putting in place appropriate safeguards such as EU Commission Standard Contractual Clauses. You can find the current version of these clauses at the Annex of Commission Decision2010/87/EU : 5 February 2010 – please see http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.
If you would like more information about international transfers of your personal information, please contact us by email at email@example.com or by phone no 0203 011 1667.
14. Data security.
Whilst we store and use your personal information we will ensure appropriate security for it by including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as is required by the law.
15. Data retention.
We will not keep your personal information longer than is necessary for the purposes for which we use it. We will retain your personal information for the periods that are required by law, our regulators and for our arrangements with our insurers, whichever is the longest. This will generally be seven years after the year:
- in which we received it; or
- (if later) when the client matter or relationship that was the context for receiving it ended.
We will delete or destroy it when it is no longer required.
16. Requesting access to your information.
Under data protection law, individuals have the right to request access to information about them that we hold. To make a request for your personal information please contact firstname.lastname@example.org.
17. Your other privacy rights.
By law you have certain additional privacy rights. These are to:
- have your personal information corrected if it is inaccurate or incomplete;
- have your information erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time you request erasure;
- restrict the use of your information in certain circumstances e.g. where you have told us information is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your information but will not process it further until we have checked and confirmed whether the information is inaccurate;
- object to the processing of your information in certain circumstances – e.g. you may object to processing of your information for direct marketing purposes;
- data porting – where you have provided us with personal information and we use this information either on the basis of your consent or to perform a contract with you, you have the right to receive your personal information from us in a commonly used and machine readable format, and the right to require us to transmit your personal information to someone else if it is technically feasible;
- object to decisions being taken by automated means; and
- to withdraw your consent at any time to processing where we are relying on consent as the lawful basis – e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain services to you – We will let you know if this is the case at the time you withdraw your consent.
If you have any concerns about the way we are collecting or using your personal information, please contact us in the first instance. You also have the right to lodge a complaint with the UK’s supervisory authority for data protection matters – the Information Commissioner’s Office at https://ico.org.uk/concerns/