Osbornes values your privacy and cares about the way in which your personal data is treated. This policy describes what personal data we collect about you, how we obtain it, how we use it, on what basis, how long we keep it for, who we share it with, how we protect it, and your rights regarding its control and processing.
In this policy ‘Osbornes’ or ‘Osbornes Law’ refers to Osbornes Solicitors LLP, an English law firm authorised and regulated by the Solicitors Regulation Authority, and ‘personal data’ is defined as any information relating to an individual, whether it relates to their private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, social services records, records of criminal convictions, or a computer’s IP address.
Personal data we collect about you: We may collect personal data from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal services or as a result of your relationship with one or more of our staff and clients.
The personal data that we process includes:
How we obtain your personal data: We collect data from you:
How we use your personal data: Osbornes collects and processes personal data about you in a number of ways, including through your use of our websites and in the provision of services by us. We use that data:
Use of our websites: Some facilities on our websites invite you to provide us with personal data, such as our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal data and we only use that data for those purposes.
Marketing and other emails: We use personal data to understand whether you read the emails and other materials, such as legal publications, that we send to you, click on the links to the data that we include in them and whether and how you visit our website after you click on that link (immediately and on future visits). We do this by using software that places a cookie on your device which tracks this activity and records it against your email address. Removal of this cookie will not affect your experience on our websites. Please see ‘Use of our websites’ for more information on cookies and how to manage and remove them.
If you receive marketing emails from us and no longer wish to do so, you may unsubscribe at any time either by using the unsubscribe facility in the marketing email or emailing our Data Protection Officer, Sandra Hillard, at DPO@osborneslaw.com with the subject line ‘unsubscribe’.
Meetings, events and seminars: We will collect and process personal data about you in relation to your attendance at our offices or at an event or seminar organised by Osbornes or its business partners. We will only process and use special categories of personal data about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your data with IT and other service providers or business partners involved in organising or hosting the relevant event.
Legal and other services: We collect, create, hold and use personal data in the course of and in connection with the services we provide to our clients. We will process identification and background data as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks. We will also process personal data provided to us by or on behalf of our clients for the purposes of the work we do for them. The data may be disclosed to third parties to the extent reasonably necessary in connection with that work. Please also see ‘Who we share your personal data with’ and ‘Which countries we transfer your personal data to’ below.
On what basis we use your personal data: We use your personal data on the following bases:
How long we keep your personal data: Your personal data will be retained in accordance with our data retention policy which categorises all of the data held by Osbornes and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the data is collected and used, taking into account legal and regulatory requirements to retain the data for a minimum period, limitation periods for taking legal action, good practice and Osbornes’ business purposes.
If you purchase legal services from us we will usually retain your personal data for 15 years, starting from when we cease to act for you. After 15 years your personal data is destroyed, unless you have asked us to store your will or other important legal documents for you.
Who we share your personal data with: We may share your personal data with certain trusted third parties in accordance with contractual arrangements in place with them, including:
Where necessary, or for the reasons set out in this policy, personal data may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your data to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your data to new Osbornes entities or to third parties through which the business of Osbornes Solicitors LLP will be carried out.
We do not sell, rent or otherwise make personal data commercially available to any third party, except with your prior permission.
How we protect your personal data: We use appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures to ensure that your personal data remains protected and secure in accordance with applicable data protection laws.
Your rights regarding your personal data: The European Union’s General Data Protection Regulations and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request details of the data we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it amended or deleted, to restrict our processing of that data, to stop unauthorised transfers of your personal data to a third party and, in some circumstances, to have personal data relating to you transferred to another organisation. You may also have the right to make a complaint in relation to our processing of your personal data with the Information Commissioner’s Office.
If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal data’) or that you may not be able to make use of the legal services offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your data as soon as possible.
Enquiries, complaints & requests: Osbornes has a Data Protection Officer (‘DPO’). All enquiries, complaints and requests relating to personal data should be directed to the firm’s DPO in the first instance, who is Sandra Hillard. The DPO can be contacted at the firm’s offices by telephone (020 7485 8811), by post to Livery House, 7-9 Pratt Street, London NW1 0AE, or by email to DPO@osborneslaw.com. If you are not satisfied with the way your query is handled, you can contact the ICO direct (see www.ico.org.uk for details). The firm’s ICO registration number is Z5534120.
Data controller: The firm’s IT systems are located within the EEA and controlled by Osbornes. Osbornes Solicitors LLP is the data controller in relation to your personal data.
Policy updates: This policy was last updated on 8 May 2018. Any changes to this policy will be notified to you as promptly as possible in accordance with our legal obligations.