Osbornes values your privacy and cares about the way in which your personal data is treated. This policy describes what personal data we collect about you, how we obtain it, how we use it, on what basis, how long we keep it for, who we share it with, how we protect it, and your rights regarding its control and processing.
In this policy ‘Osbornes’ or ‘Osbornes Law’ refers to Osbornes Solicitors LLP, an English law firm authorised and regulated by the Solicitors Regulation Authority, and ‘personal data’ is defined as any information relating to an individual, whether it relates to their private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, social services records, records of criminal convictions, or a computer’s IP address.
Personal data we collect about you: We may collect personal data from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal services or as a result of your relationship with one or more of our staff and clients.
The personal data that we process includes:
- Basic data, such as your name (including prefix or title), the company you work for, your title or position and your relationship to a person;
- Contact data, such as your postal address, email address and phone number;
- Financial data, such as payment-related information;
- Identification and background data provided by you or collected as part of our business acceptance, employment or recruitment processes;
- Technical data, such as data from your visits to our website or in relation to materials and communications we send to you electronically;
- Data you provide to us for the purposes of attending meetings and events, including access and dietary requirements;
- Personal data provided to us by or on behalf of our clients or generated by us in the course of providing services to them, which may include special categories of data (to include records of criminal convictions); and
- Any other data relating to you which you may provide to us or ask us to obtain on your behalf.
How we obtain your personal data: We collect data from you:
- As part of our business acceptance processes and about you and others as necessary in the course of providing legal services;
- When you provide it to us, or interact with us directly, for instance engaging with our staff or registering on one of our websites;
- When monitoring our technology tools and services, including our websites and email communications sent to and from Osbornes; and
- We may collect or receive data about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publically available sources.
How we use your personal data: Osbornes collects and processes personal data about you in a number of ways, including through your use of our websites and in the provision of services by us. We use that data:
- To provide and improve our website, including auditing and monitoring its use;
- To promote our services, including sending legal updates, publications and details of events;
- To manage and administer our relationship with you and our clients;
- To provide and improve our services to you and to our clients, including handling the personal data of others on behalf of our clients;
- To provide data requested by you;
- To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims; and
- For the purposes of employment and recruitment.
Use of our websites: Some facilities on our websites invite you to provide us with personal data, such as our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal data and we only use that data for those purposes.
Marketing and other emails: We use personal data to understand whether you read the emails and other materials, such as legal publications, that we send to you, click on the links to the data that we include in them and whether and how you visit our website after you click on that link (immediately and on future visits). We do this by using software that places a cookie on your device which tracks this activity and records it against your email address. Removal of this cookie will not affect your experience on our websites. Please see ‘Use of our websites’ for more information on cookies and how to manage and remove them.
If you receive marketing emails from us and no longer wish to do so, you may unsubscribe at any time either by using the unsubscribe facility in the marketing email or emailing our Data Protection Manager, Sandra Hillard, at DPO@osborneslaw.com with the subject line ‘unsubscribe’.
Meetings, events and seminars: We will collect and process personal data about you in relation to your attendance at our offices or at an event or seminar organised by Osbornes or its business partners. We will only process and use special categories of personal data about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your data with IT and other service providers or business partners involved in organising or hosting the relevant event.
Legal and other services: We collect, create, hold and use personal data in the course of and in connection with the services we provide to our clients. We will process identification and background data as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks. We will also process personal data provided to us by or on behalf of our clients for the purposes of the work we do for them. The data may be disclosed to third parties to the extent reasonably necessary in connection with that work. Please also see ‘Who we share your personal data with’ and ‘Which countries we transfer your personal data to’ below.
On what basis we use your personal data: We use your personal data on the following bases:
- To perform a contract, such as engaging with an individual to provide legal or other services;
- To comply with legal and regulatory obligations;
- For the establishment, exercise or defence of legal claims or proceedings; and
- For legitimate business purposes. This means the interest of Osbornes in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Please see ‘How we use your personal data’ for more detail.
How long we keep your personal data: Your personal data will be retained in accordance with our data retention policy which categorises all of the data held by Osbornes and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the data is collected and used, taking into account legal and regulatory requirements to retain the data for a minimum period, limitation periods for taking legal action, good practice and Osbornes’ business purposes.
If you purchase legal services from us we will usually retain your personal data for 15 years, starting from when we cease to act for you. After 15 years your personal data is destroyed, unless you have asked us to store your will or other important legal documents for you.
Who we share your personal data with: We may share your personal data with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Suppliers to whom we outsource certain support services such as word processing, photocopying, and translation;
- Our professional advisers and auditors;
- IT service providers to Osbornes;
- Third parties engaged in the course of the services we provide to clients and with their prior consent, such as barristers, expert witnesses, medical agencies, costs drafting agencies and technology service providers; and
- Third parties involved in hosting or organising events or seminars.
Where necessary, or for the reasons set out in this policy, personal data may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your data to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your data to new Osbornes entities or to third parties through which the business of Osbornes Solicitors LLP will be carried out.
We do not sell, rent or otherwise make personal data commercially available to any third party, except with your prior permission.
How we protect your personal data: We use appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures to ensure that your personal data remains protected and secure in accordance with applicable data protection laws.
Your rights regarding your personal data: The European Union’s General Data Protection Regulations and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request details of the data we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it amended or deleted, to restrict our processing of that data, to stop unauthorised transfers of your personal data to a third party and, in some circumstances, to have personal data relating to you transferred to another organisation. You may also have the right to make a complaint in relation to our processing of your personal data with the Information Commissioner’s Office.
If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal data’) or that you may not be able to make use of the legal services offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your data as soon as possible.
Enquiries, complaints & requests: Osbornes has a Data Protection Manager (‘DPO’). All enquiries, complaints and requests relating to personal data should be directed to the firm’s DPO in the first instance, who is Sandra Hillard. The DPO can be contacted at the firm’s offices by telephone (020 7485 8811), by post to Livery House, 7-9 Pratt Street, London NW1 0AE, or by email to DPO@osborneslaw.com. If you are not satisfied with the way your query is handled, you can contact the ICO direct (see www.ico.org.uk for details). The firm’s ICO registration number is Z5534120.
Data controller: The firm’s IT systems are located within the EEA and controlled by Osbornes. Osbornes Solicitors LLP is the data controller in relation to your personal data.
Policy updates: This policy was last updated on 8 May 2018. Any changes to this policy will be notified to you as promptly as possible in accordance with our legal obligations.