Privacy Notice and Policy
Privacy Notice and Policy
This notice and policy describes how Leon Kaye Solicitors collects, uses, shares, and processes Personal Data about:
- Visitors to our website
- Contact persons for our clients and/or prospective clients
- Contact persons for suppliers of goods and services to us
- Any other individuals about whom we obtain Personal Data
Personal Data means information that (either in isolation or in combination with other information held by us) enables you to be identified as an individual or recognised directly or indirectly.
Unless we state otherwise, Leon Kaye Solicitors is the data controller of the Personal Data we process, and is responsible for ensuring that the systems and processes we use are compliant with data protection laws, to the extent applicable to us.
Our staff are required to comply with notice and policy when dealing with Personal Data and complete data protection training where appropriate.
Collection of Personal Data
We collect the following categories of Personal Data about our website visitors, clients, prospective clients, suppliers and other third parties:
- Basic data: Name, gender, title, organisation, job responsibilities, phone number, mailing address, email address, contact details and information about family life (excluding special categories of data) including family, children, hobbies and interests.
- Special categories of data: in limited circumstances, where you have provided us with such information, as it is necessary for a specific service we are providing to you: [religious or other beliefs, racial or ethnic origin, sexual orientation, health data and details of trade union membership.]
- Registration data: newsletter requests, event/webinar registrations, dietary preferences (excluding special categories of data), subscriptions, downloads, and username/passwords.
- Client service data: Personal Data received from clients in respect of employees, customers or other individuals known to clients, invoicing details and payment history, and client feedback.
- Marketing data: Data about individual participation in conferences and in-person seminars, credentials, associations, product interests, and preferences.
- Transaction data: Personal data contained in documents, correspondence or other materials provided by or relating to transactions conducted by our clients.
- Compliance data: Government identifiers, passports or other identification documents, dates of birth, beneficial ownership data, and due diligence data.
We collect Personal Data from a number of sources, either directly from the data subjects, or from clients, colleagues and publicly available sources. Where we receive data from our clients about employees, customers or other individuals, the client is responsible for ensuring that any such data is transferred to us in compliance with applicable data protection laws.
Use of Personal Data
We use Personal Data for the following purposes and legal bases for such processing:
- To provide legal advice and respond to inquiries we use basic data, registration data, client service data, and device data. We need to process your information in this way in order to perform our obligations under our contracts with our clients.
- To manage our business operations and administer our client relationships we use basic data, special categories of data, registration data, marketing data and client service data. This processing is necessary in order to perform our obligations under our contracts with our clients (e.g. issuing and processing invoices) and suppliers (e.g. managing the supply of goods and services to us).
- To make our website easier to use we use device data. It is necessary for our legitimate interests to monitor how our website is used to help us improve the layout and information available on our website and provide a better service to users.
- To protect the security and effective functioning of our website and information technology systems we use basic data, registration data, transaction data, and device data. It is necessary for our legitimate interests to monitor how our website is used to detect and prevent fraud, other crimes and the misuse of our website. This helps us to ensure that you can safely use our website.
- To provide relevant marketing such as providing you with information about events or services that may be of interest to you including legal services, legal updates, client conferences or networking events, and groups of specific interest (e.g. specific types of networking groups) we use marketing data, basic data, special categories of data, registration data, client service data, and device data. It is necessary for our legitimate interests to process this information in order to provide you with tailored and relevant marketing, updates and invitations.
- To address compliance and legal obligations, such as complying with our tax reporting obligations, checking the identity of new clients and to prevent money laundering and/or fraud we use compliance data, basic data, registration data, transaction data, and device data. This processing is necessary for the purposes of complying with legal requirements to which we are subject.
Sharing of Personal Data
We may share Personal Data with the following categories of recipients:
- Suppliers and service providers: We share Personal Data with suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above. These include: infrastructure and IT services providers, for example, the providers of our client intake system, our finance systems and our customer relationship management databases; third party consultants who provide us with support in respect of business analytics and marketing campaigns; and the providers of external venues where we host conferences and events. We require such parties by contract to provide reasonable security for Personal Data and to use and process such Personal Data on our behalf only.
- Financial institutions: We share Personal Data with financial institutions in connection with invoicing and payments.
- Mandatory disclosures and legal claims: We share Personal Data in order to comply with our tax reporting obligations, comply with any subpoena, court order or other legal process, to comply with a request from our regulators, governmental request or any other legally enforceable demand. We also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
If you have questions about the parties with which we share Personal Data, please contact us as specified below.
You have control of our use of Personal Data for direct marketing. You can choose to not receive such communications at any time. If you no longer wish to receive any marketing communications, please click the unsubscribe link here or contact us as specified below.
Data Subject Rights
If you are in the European Economic Area (EEA) you have the following rights:
- Access. Subject to certain exceptions, you have the right to request a copy of the Personal Data we are processing about you, which we will provide to you in electronic form. At our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your Personal Data, we may charge a reasonable administration fee.
- Rectification. You have the right to require that any incomplete or inaccurate Personal Data that we process about you be amended.
- Deletion. You have the right to request that we delete Personal Data that we process about you, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to request that we restrict our processing of your Personal Data where:
- you believe such data to be inaccurate;
- our processing is unlawful; or
- we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
- Portability. You have the right to request that we transmit the Personal Data we hold in respect of you to another data controller, where this is:
- personal information which you have provided to us; and
- we are processing that data on the basis of your consent or in order to perform our obligations under contract to you (such as to provide legal services).
- Objection. Where the legal justification for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
If you are in the EEA you also have the right to file a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws.
We have implemented technical and organisational measures in an effort to safeguard the Personal Data in our custody and control. Such measures include: [ ]
While we endeavour to always protect our systems, website, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be completely safe from intrusion by others.
You also have an important role in protecting Personal Data. You should not share any username, password or other authentication data provided to you with anyone, and we recommend that you do not re-use passwords across more than one website or application. If you have any reason to believe that your username or password has been compromised, please contact us as specified below.
We will store and transfer some or all your Personal Data in or to the UK and the EEA, as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. This means that it will be fully protected under UK and EU data protection laws. Transfers of Personal Data to the EEA from the UK are permitted without additional safeguards.
We may store and transfer some or all of your Personal Data in or to “third countries” outside of the UK. We will take additional steps in order to ensure that your data is treated just as safely and securely as it would be under UK data protection laws.
When you submit Personal Data to us you are transferring your data across borders.
You are not required to provide all Personal Data identified in this notice and policy to use our website or to interact with us offline, but certain functions will not be available if you do not provide Personal Data. If you do not provide Personal Data, we may not be able to respond to your request, provide legal services to you, or provide you with marketing that we believe you would find valuable.
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
We typically retain Personal Data related to marketing activities for as long as you accept marketing communications from us, and we will securely delete such data in accordance with applicable law upon request. For Personal Data that we collect and process for other purposes, we will typically retain such Personal Data for as long as it is necessary to fulfil the purposes outlined in this notice and policy and as otherwise specified in applicable record retention policies and procedures.
Our website may contain links and references to other websites administered by unaffiliated third parties. This notice and policy does not apply to such third party sites. When you click a link to visit a third party website, you will be subject to that website’s privacy practices.
Personal Data about our employees and contractors are addressed through our internal policies and procedures, and are outside the scope of this notice and policy.
We may update this notice and policy from time to time as our services and privacy practices change, or as required by law. The effective date of our notice and policy is as stated below, and we encourage you to visit our website periodically to stay informed about our privacy practices. We will post the updated version of the notice and policy on our website, and ask for your consent to the changes if legally required.
If you have questions or comments regarding this notice and policy, please contact us:
Leon Kaye Solicitors
2nd floor 591-593 Kings Road
Phone: 0207 228 2020 (Chelsea office) or 0207 095 0930 (Knightsbridge office)
Leon Kaye of Leon Kaye Solicitors is responsible for the content of this notice and policy.
Updated: May 2021