PRIVACY POLICY

1. Introduction

 

The Privacy Policy describes and explains how we may collect, use, share and process your Personal Data.

This Privacy Policy is addressed to individuals outside our Firm with whom we interact, including but not limited to visitors to our website and other online properties, individual clients, contact persons for our clients and/or prospective clients and other individuals about whom the Firm obtains Personal Data.

We encourage you to read this Privacy Policy carefully and to regularly check this Policy to review any changes we might make to the terms of this Policy.

 

2. Categories of Personal Data

 

We collect the following data:

  • Identification data such as name, gender, titles, date and place of birth, nationality, languages, pictures;
  • Contact data such as email address, postal address, telephone number, public social media profile(s) and other similar contact data;
  • Family data such as contact details about information about your family life including family, children, hobbies;
  • Professional data such as job titles, salary, work history, employment history, name and contact information of your former or current employer(s), academic degrees, certifications;
  • Job applicant data in connection with employment opportunities at our firm such as resumes, certifications, academic degrees, name and contact information of your former or current employer(s);
  • Matter data such as instructions, information and materials that we may need to provide you with services and legal advice, details of individuals instructing our Firm, personal data included in correspondence, transaction documents, evidence or other materials that we process in the course of providing services and legal advice;
  • Client service data such as personal data received from clients with respect to employees, customers or other individuals known to clients, invoicing details and payment history, client feedback;
  • Marketing data such as individual participation in conferences and in-person seminars, credentials, associations, product interests, preferences;
  • Registration data such as newsletters requests, event/seminar registration, dietary preferences, subscriptions, downloads, usernames/passwords;
  • Compliance data such as government identifiers, passports or other identification documents passport and national identity number, bank statements, tenancy agreements, beneficial ownership data and due diligence data;
  • Payment details such as billing address, payment method, bank account number or credit card number, cardholder or accountholder number, car or account security details, card “valid from” date and card expiry date, invoice records, payment records, SWIFT details, IBAN details, BACS details, payment amount, payment date and records of cheques;
  • Device data related to our website and any other online properties such as device type, operating system, browser settings, IP address, language settings, dates and times of connecting to a website, username, password, security login details, and other technical communication information;
  • Special categories of personal data that we may process in limited circumstances where you have provided us with such information necessary for providing you with a specific service such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, sexual orientation and health data.

 

3. Collection of Personal Data

 

We may collect or obtain Personal Data about you from the following sources:

  • Directly from you: We may obtain your Personal Data when you provide it to us (e.g., where you contact us via email, telephone, text messaging, fax transmissions, or by any other means);
  • Relationship Data: We may collect your personal data in the course of our relationship with you (e.g., if we provide legal services to you, in the course of corresponding with you);
  • Data you make public: We may collect or obtain Personal Data that you choose to make public including via social media (e.g. if you make a public post, we may collect information about your social media profile);
  • Site Data: We may collect or obtain your Personal Data when you visit our website or use any features or resources available on or through our website;
  • Registration details: We may collect or obtain your Personal Data when you use, or register to use our website or services.
  • Content and advertising information: If you choose to interact with any third party content or advertising on our website, we may receive Personal Data about you from the relevant third party.
  • Third party information: We may collect or obtain your Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; etc.).

 

4. Creation of Personal Data

 

We may create Personal Data about you, including but not limited to records of your communications and interactions with us, attendance at events we hold or interviews in the course of applying for a job with us.

We may record telephone calls, meetings, depositions, and other interactions in which you are involved, in accordance with applicable law.

 

5. Use of Personal Data

 

We collect and process your Personal Data so that we can:

  • provide you with our services;
  • communicate with you;
  • verify your identity where this is required;
  • update our records about you;
  • detect, prevent and investigate fraud and money laundering;
  • comply with all our legal and regulatory obligations under applicable law;
  • provide, operate, manage and improve our website and services;
  • send you marketing communications that may be of interest to you;
  • prevent and detect cyber-attacks;
  • allow you to participate in surveys;
  • consider individuals for employment;
  • respond to your inquiries;
  • send you important information regarding the website, changes to our Privacy Policy, Terms of business or any other administrative matter.

 

6. Sharing of Personal Data

 

We may share your Personal Data with the following recipients:

  • Legal & Regulatory Authorities: We may share your Personal Data with any legal, governmental, regulatory or supervisory authority in order to comply with any subpoena, court order, request or other legal process for the purposes of reporting any actual or suspected breach of applicable law or regulation.
  • Law Enforcement Agencies & Courts: We may share your Personal Data with any relevant party, law enforcement agency or court to the extent necessary for the establishment, exercise or defense of legal rights. We may also share your Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
  • Financial institutions: We may share your Personal Date with financial institutions in connection with invoicing and payments.
  • Third party acquirers: We may share your Personal Data with any corporate purchaser or prospect to the extent permitted by law as part of any merger, acquisition, sale of firm assets transition of services to another provider, reorganization, dissolution or liquidation.
  • Public & Prospective Clients: We may disclose to the public or to prospective Clients that you are a Client of the Firm and describe the work we do for you. We may also disclose information on your Matter, including but not limited to the value of the Matter, the identity of the other parties and the closing date of the Matter.
  • Suppliers and service providers: We may share your Personal Data with suppliers and service providers who will perform services in connection with the purposes identified in this Policy.

We may share your Personal Data with third parties that provide business support services on the basis that our suppliers have agreed or will agree to keep any information they receive from us confidential. Business support services include, but are not limited to, translation, word processing, photocopying, printing, data handling.

We may share your Personal Date with public notaries, foreign counsel, experts, accountants, auditors, consultants, barristers, lawyers and other outside professional advisors to our Firm on the basis that they have agreed or will agree to keep any information they receive from us confidential.

We may also share Personal information with infrastructure and IT services providers, providers of our client intake system, our finance systems and our customer relationship management databases, third party consultants who provide us with support in respect of business analytics and marketing campaigns, providers of external venues where we host conferences and events.

We require such parties by contract to provide reasonable security for Personal Data and to use and process such Personal Data on our behalf only. If you choose to interact with any such third-party providers, we recommend that you review their Privacy Policy before interacting with them.

  • Data Processors: If we engage a third party to Process your Personal Data, the Processor will be subject to binding contractual obligations to: only Process the Personal Data in accordance with our prior written instructions; and use measures to protect the confidentiality and security of the Personal Data as well as any additional requirements under applicable law.

 

7. Data Security

 

We take reasonable precautions to ensure the confidentiality, integrity and security of your Personal Data.

We have put in place reasonable security measures to ensure the protection of your Personal Data. Such measures include, but are not limited to, physical safeguards (locks, restricted access areas, etc.), administrative safeguards (restrictions of disclosure to staff and service providers on a need-to-know basis, authorization processes, etc.) and technical safeguards (passwords, encryption, multifactor authentication, etc.).

While we have taken reasonable and appropriate precautions to ensure the security of your Personal Data, we cannot guarantee the security of any Personal Data you transmit to us or that is stored with us and we cannot guarantee that your Personal Data will be absolutely safe from intrusion by others.

When you share your Personal Data with us, you do so at your own risk and you are responsible for ensuring that any Personal Data that you send to us is sent securely.

You have an important role in protecting your Personal Data. We recommend that you keep your Username and Password confidential and log off from our website when your session is over to prevent unauthorized access to your information. If you believe that your username or password have been compromised you should immediately contact us as detailed below.

 

8. Data Accuracy

 

We take every reasonable step to ensure that your Personal Data is accurate and kept up to date.

We also take every reasonable step to ensure that any inaccurate Personal Data that we process is erased or rectified without delay.

From time to time we may ask you to confirm the accuracy of your Personal Data.

If you believe your Personal Data is inaccurate, incomplete or not up to date, please contact us as mentioned below.

 

9. Data Minimization

 

We take every reasonable step to ensure that the Personal Data we Process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.

 

10. Data Retention

 

We take every reasonable step to ensure that your Personal Data is only retained for as long as it is needed without exceeding what is necessary for the purposes set out in this Policy:

  • For marketing purposes, we will retain your Personal Data for as long as you accept marketing communications from us and we will securely delete such data in accordance with applicable law upon request.
  • For other purposes, we will retain your Personal data for as long as it is necessary for the purpose(s) for which it was intended, unless applicable law requires a longer retention period.

 

11. Refusal to Provide Personal Data

 

You have the right not to provide us with your Personal Data.

If you do not provide us with your Personal Data, we may not be able to respond to your request, provide legal services to you or provide you with marketing that we believe you would find valuable.

You are not required to provide all Personal Data identified in this Privacy Policy to use our website or to interact with us. However, certain functionalities will not be available if you do not provide us with your Personal Data.

 

12. Marketing

 

We may Process your Personal Data to send you marketing communications that may be of interest to you, via email, telephone, text messaging, or any other means of communication.

You have the right to refuse such communications at any time. If you no longer wish to be contacted for marketing purposes, please follow the unsubscribe link in the relevant communication or contact us as per below.

After you unsubscribe, we will not send you further promotional emails. However, we may continue to contact you to the extent necessary for the purpose of any services you have requested.

 

13. Your Data Protection Rights

 

Subject to applicable law, you may have a number of rights regarding our processing of your Personal Data, including:

  • The right not to provide us with your Personal Data: You have the right not to provide us with your Personal Data. If you do not provide us with your Personal Data, we may not be able to respond to your request, provide legal services to you or provide you with marketing that we believe you would find valuable.
  • The right of access: You have the right to request access to your Personal Data and copies of your Personal Data which we will provide you in electronic form. We may require you to prove your identity before providing you with the requested information and we may charge you a reasonable administration fee.
  • The right to rectification: You have the right to request that we rectify any information you believe to be inaccurate. You also have the right to request that we complete any information you believe is incomplete. You also have the right to request that we update any information you believe is not up to date.
  • The right to be forgotten: You have the right to request that we erase Personal Data that we process about you. Unless we are required to retain such data in order to comply with legal and regulatory obligations under applicable law or to establish, exercise or defend legal claims, we will erase your Personal Data upon your request.
  • The right to data portability: You have the right to request that we transfer your personal Data to another organization or directly to you under certain conditions.
  • The right to object: You have the right to object to our processing of your Personal Data. If you object to our processing of your Personal Data we shall no longer process the Personal Data unless:
    • we have compelling legitimate grounds for the processing which override your interests rights and freedoms.
    • we process your Personal Data for the establishment, exercise or defense of legal claims.
    • we are legally bound to process your Personal Data.
  • The right to restrict processing: You have the right to request that we restrict our processing of your Personal Data where:
    • you believe such data to be inaccurate.
    • our processing is unlawful.
    • we no longer need to process your Personal Data for a particular purpose but are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
    • If you have objected to processing of your Personal Data pending the verification whether our legitimate grounds override yours.
  • The right to withdraw consent: Where we process your personal Data on the basis of your consent, you have the right to withdraw your consent at any time. This includes cases where you wish to opt out from marketing messages that you receive from us. The withdrawal of your consent shall not affect the lawfulness of the processing of your Personal Data on the basis of your prior consent and does not prevent the processing of your Personal Data in reliance upon other available legal bases.
  • The right not to be subject to automated decision making and profiling: You have the right not to be subject to automated processing and profiling. Please note that we do not use automated decision making without human intervention in a way that produces legal effects concerning you or otherwise significantly affects you.
  • The right to lodge a complaint with a supervisory authority: If you are in the EEA (European Economic Area) you have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws.

If you have any queries or concerns regarding these rights or regarding this Privacy Policy or if you wish to exercise one or more of the rights described in this Privacy policy, please contact us as detailed below.

Please note that we may require you to prove your identity before we can give effect to these rights.

 

14. Exercising Your Rights

 

You can exercise any of the rights described in this Privacy Policy and under data protection laws by contacting us as detailed in Section 19 below.

Save as described in this Privacy Policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their excessive number or repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Please note that we may require you to prove your identity before we can give effect to these rights.

 

15. Cookies

 

We use online identification technologies such as cookies, web beacons, and similar tracking technologies on our website. To learn more about our use of cookies, please send us a request.

 

16. Third-Party Websites

 

Our website may contain links and references to other websites administered by unaffiliated third parties. Our Privacy Policy does not apply to such third-party sites.

When you click a link to visit a third-party website, you will be subject to the Privacy practices of that website.

We encourage you to familiarize yourself with the privacy and security practices of any linked third-party websites before providing any Personal Data on that website.

 

17. Data Controller

 

Unless we specifically state otherwise, our Firm is the data controller of the personal data we process and is responsible for ensuring the compliance of our systems and processes with data protection laws to the extent that they are applicable to us.

If you have any queries or concerns regarding this Privacy Policy please contact us as detailed below.

 

18. Changes to our Privacy Policy

 

From time to time, it may be necessary for us to amend or update this Policy without prior notice to reflect changes in our data protection practices or in the applicable data protection laws.

We will post the updated version of our Policy on our website and these changes will become effective at the date posted below.

We encourage you to visit our Website periodically to stay informed about our privacy practices.

 

19. Contact us

 

If you have any queries or concerns regarding this Privacy Policy or if you wish to exercise one or more of the rights described in Section 13 of this Privacy Policy, please contact us (info@rifaat-associates.com)