NR
PRIVACY NOTICE
WHY THIS NOTICE IS IMPORTANT
Please read this notice carefully. It sets out how we use your personal data and your rights as a data subject.
This Privacy Notice applies to personal data about:
- our clients (if they are individuals);
- our contacts at organisations for which we act;
- other professionals whom we instruct, or with whom we work (such as accountants, tax advisers, other solicitors, barristers, consultants, mediators, experts and translators); and
- individuals who are counterparties to any transaction, claim or legal proceedings on which we are advising; and
- contacts at organisations which are counterparties to any transaction, claim or legal proceedings on which we are advising.
ABOUT US
We are Northwood Reid Solicitors.
Northwood Reid is a partnership and the partners are Christine Reid and Paul Northwood.
Our address is the Oxford Centre for Innovation, New Road, Oxford OX1 1BY.
Northwood Reid is authorised and regulated by the Solicitors Regulation Authority, and its SRA number is 00446779.
We are registered with the UK Information Commissioner’s Office under registration number Z1064012.
PERSONAL DATA AND THE DATA PROTECTION PRINCIPLES
Personal data is information about an identifiable individual. Anonymous or anonymised data is not personal data.
Data Protection law obliges us to:
1. use your personal data lawfully, fairly and in a transparent way;
2. collect your personal data only for valid purposes which we have clearly explained to you and not use it in any way which is incompatible with those purposes;
3. collect and hold personal data which is relevant to the purposes we have told you about, and limited only to those purposes;
4. keep your personal data accurate and up to date;
5. keep your personal data only for as long as is necessary for the purposes we have told you about; and
6. keep your personal data securely.
HOW WE OBTAIN PERSONAL DATA
From you: We collect personal data from you when you:
- (or your organisation) asks us to advise you (or your organisation);
- communicate with us, by email, letter or phone;
- meet with us;
- attend a seminar or other event at which we speak; and
- update your information or give us further information.
Other Sources: We obtain personal data from other sources. Those sources include:
- your organisation;
- your organisation’s website;
- other websites (such as that of a former employer);
- search information providers such as Google;
- Linked-In;
- public registers such as Companies House;
- professional registers; and
- promotional materials.
THE TYPES OF PERSONAL DATA WE USE AND HOW WE USE THEM
The types of personal data we collect and use, the purposes for which we use your personal data, and the lawful bases we rely on to allow us to use your personal data in that way are set out below.
Where the lawful basis is our legitimate interests or the legitimate interests of a third party, we have also indicated what those interests are.
We may have more than one lawful basis for using your personal data.
| TYPE OF PERSONAL DATA |
HOW WE USE THAT DATA |
THE LAWFUL BASIS FOR OUR PROCESSING THAT DATA |
| Where our client is an individual, his or her name, address, email address, telephone number, date of birth, passport number and other details on his or her passport
Where our client is an organisation, the name, address, email address, telephone number, date of birth, passport number and other details on the passport of directors and other officers
|
To carry out identity, anti-money laundering and other checks required by law
|
Necessary to comply with our legal obligations
|
| The name, address, email address, phone number, employer or other organisation, and educational and professional history of our clients who are individuals and of our professional contacts |
To provide legal and other services |
Necessary in order to take steps, at your request, before entering into a contract or to perform a contract with you
Our legitimate interests in providing our services to our clients
Our clients’ legitimate interests in receiving our services and those of our professional contacts
|
| The name, address, email address, phone number, employer, educational and professional history of our client contacts |
To provide legal and other services |
Necessary in order to take steps, at your request, before entering into a contract or to perform a contract with you
Our legitimate interests in providing our services to our clients
Our clients’ legitimate interests in receiving our services and those of our professional contacts
|
| Your bank account details
|
To process payments |
Necessary in order to perform a contract with you
Your legitimate interests in receiving payments
|
| Information about your health or, for instance where relevant to any allegation of discrimination, your race, religion or sexual orientation |
To provide legal and other services |
Our legitimate interests in providing our services to our clients
Our clients’ legitimate interests in receiving our services and those of our professional contacts
Necessary for the establishment, exercise or defence of legal claims
|
| Other information you provide to us |
To provide legal and other services |
Necessary in order to take steps, at your request, before entering into a contract or to perform a contract with you
Our legitimate interests in providing our services to our clients
Our clients’ legitimate interests in receiving our services and those of our professional contacts
Necessary for the establishment, exercise or defence of legal claims
|
| Where you are a counterparty, information about you provided by our client or by your advisers or which comes to light in the course of the transaction, claim or proceedings |
To provide legal services |
Our legitimate interests in providing our services to our clients
Our clients’ legitimate interests in receiving our services and those of our professional contacts
Necessary for the establishment, exercise or defence of legal claims
|
| Where you are a witness in any legal claim, information about you provided by you, our client or by a counterparty or which comes to light in the course of the claim or proceedings |
To provide legal services |
Our legitimate interests in providing our services to our clients
Our clients’ legitimate interests in receiving our services and those of our professional contacts
Necessary for the establishment, exercise or defence of legal claims
|
CHANGE OF PURPOSE
We will use your personal data only for the purposes for which we collected it, unless:
a) we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose; or
b) we anonymise your personal data and use it for research or statistical purposes.
For an explanation as to how use of your personal data for a new purpose is compatible with the original purpose, please email Christine.Reid@Northwoodreid.com.
If we intend to use your personal data for an unrelated purpose, we will contact you to explain the legal basis which allows us to use your personal data for that unrelated purpose.
MARKETING
We do not use your personal data for marketing purposes.
AUTOMATED DECISION MAKING
We do not use your personal data for the purposes of automated decision making.
SHARING YOUR PERSONAL DATA
TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE EU
We may transfer your personal data outside the European Union (the EU), but we will not do so unless:
a) we transfer it to a country which the European Commission has decided ensures an adequate level of protection for personal data or if the recipient has entered into the Standard Contractual Clauses published by the European Commission. If you wish to see a copy of the Standard Contractual Clauses, please email Christine.Reid@Northwoodreid.com;
b) we transfer your personal data to an entity in the United States which participates in the Privacy Shield. That obliges the US entity to protect personal data shared between the Europe and the US. For more information please see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
c) you have given your explicit consent to the transfer of your personal data outside the EU. (If you have given that consent you may withdraw it at any time by emailing Christine.Reid@Northwoodreid.com;
d) we cannot perform a contract with you without making that transfer;
e) we cannot take steps you have requested us to take without making that transfer;
f) we cannot enter into or perform a contract with someone else and which is in your interests without making that transfer;
g) the transfer is necessary for important reasons of public interest; or
h) the transfer is necessary for the establishment, exercise or defence of legal claims.
Your personal data may be accessed by our staff when they are outside the EU, but the same safeguards will apply as though our staff were accessing your personal data from within the EU.
DATA SECURITY
We have appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those people who have a business need to know. They will process your personal data only on our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will tell the Information Commissioner’s Office and you of a breach of security involving your personal data if the law obliges us to do so.
HOW LONG WE KEEP YOUR PERSONAL DATA
We will keep your personal data only for so long as is necessary to achieve the purpose for which we have collected that data, or as required by law, or as required for in order to meet any legal, accounting, or reporting requirements.
The law requires us to keep information about our clients (including their contact details, details of their identity, financial information and information about transactions with them) for six years after they cease being clients.
When deciding what is the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from any unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your personal data. Please see Your Rights below.
If we anonymise your personal data, it will no longer be personal data and we may use it indefinitely.
YOUR RIGHTS
In certain circumstances you have the right to:
Request access to your personal data: You have the right to receive confirmation of whether or not we are holding or using your personal data and, if we are, to obtain a copy of your personal data.
Request the correction of your personal data: You have the right to have any incomplete or inaccurate personal data we hold about you corrected. We may need to verify the accuracy of any new data you provide.
Request the erasure of your personal data (the right to be forgotten): You have the right to ask us to delete or remove personal data where we have no good reason to continue using it.
You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to our using it (see below), where we may have used your personal data unlawfully or where we are required to erase your personal data to comply with the law. We may not always be able to comply with your request for erasure for legal reasons which we will inform you about if you request erasure.
Request a restriction on the processing of your personal data: You have the right to ask us to suspend the processing of your personal data in the following circumstances:
a) if you want us to establish the data's accuracy;
b) where our use of your personal data is unlawful but you do not want us to erase it;
c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
Object to the processing of your personal data: You have the right to object, where we are relying on our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data and that those grounds override your rights and freedoms.
Object to the use of your personal data for direct marketing purposes: You have the right to object where we are processing your personal data for direct marketing purposes.
Withdraw consent: Where you have given consent to our using your personal data for a specific purpose, you have the right to withdraw that consent at any time. Your withdrawal of consent will not affect the lawfulness of any use of your personal data based on your consent before you withdraw consent.
Request the transfer of your personal data (data portability): You have the right, where you provided your personal data to us, you gave consent to our using your personal data or we used that personal data to perform a contract with you and we have processed that data by automated means, to receive the personal data you have provided to us and to have us transmit that data to another person, if it is feasible to do so.
If you want to exercise any of the above rights please email Christine.Reid@Northwoodreid.com.
We try to respond to all legitimate requests within a month. It may take us longer than a month if your request is complicated or you have made a number of requests. In this case, we will notify you and keep you updated.
Normally you will not have to pay a fee to access your personal data or to exercise any other right, but, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any other right. This is to ensure that personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
YOU ARE NOT OBLIGED TO PROVIDE US WITH ANY PERSONAL DATA
You may decide not to give us any personal data, but if you decide not to provide data which is necessary for us to provide a service, to carry out your instructions, to verify your identity or carry out any checks required by law we may not be able to provide our services, we may not be able to comply with your instructions and, if we are unsure about your identity, we may not be able to comply with any request to exercise your rights.
LINKS TO OTHER WEBSITES
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those third-party websites and we are not responsible for their privacy policies or statements.
This Privacy Notice does not apply to any website operated by a third party. If you visit a third party website, please read its Privacy Notice or privacy statement to find out how it uses your personal data.
COMPLAINTS AND ENQUIRIES
We take any complaints we receive very seriously. Please bring it to our attention if you think that our collection or use of your personal data is unfair, misleading or inappropriate.
We also welcome any suggestions for improving our procedures.
This Privacy Notice was drafted with brevity and clarity in mind. It does not provide exhaustive details of our collection and use of personal data, but please feel free to contact us if you want any additional information or further explanation.
You have the right to make a complaint about the way we have used your personal data to the UK Information Commissioner’s Office (the ICO) at The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or www.ico.org.uk. Or, if you are based outside the UK but in the EU, you can make a complaint to the data protection supervisory authority in the country in which you live.
Please give us a chance to address your concerns before you contact the ICO or any other data protection supervisory authority.
HOW TO CONTACT US
If you want to ask us about this Privacy Notice, please email Christine.Reid@Northwoodreid.com.
CHANGES TO THIS PRIVACY NOTICE AND YOUR PERSONAL DATA
We keep this Privacy Notice under review. It was last updated on 25 May 2018.
It is important that your personal data is accurate and up to date. Please let us know if your personal data changes.
.