Privacy Policy
This Privacy Notice was last updated on 14/05/2019
Summary
This Privacy Notice explains
(i) what information Thea Limited (‘we’, ‘us’, and ‘our’) gather about you,
(ii) what we use that information for,
(iii) to whom we give that information,
(iv) your rights in relation to your information, and
(v) whom you can contact for more information.
Scope
We take data protection very seriously and we are committed to protecting your personal information. This Privacy Notice describes how we use personal information that we obtain:
(a) By acting for you in connection with the matter(s) identified in an Engagement Letter that we have provided to you;
(b) Through our website www.thea.ltd.uk and
(c) In any other way.
It is our policy to collect only the minimum information required from you. If you believe we have collected excessive information about you, please contact our Principal by email at peter@thea.ltd.uk to raise any concerns you may have.
In this Privacy notice your personal information is sometimes called “personal data”. We sometimes collectively refer to handling, collecting, protecting or storing your personal information as ‘processing’.
Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information or services you want from us.
Personal information
Personal information is anything that enables you to be identified or identifiable, e.g. your name, email address, telephone number or IP addresses.
Collection of personal information
Below are some examples of how you may provide personal information to us:
- Giving us instructions;
- Contacting us (e.g. by mail, email or telephone);
- Searching and browsing our website for content;
- Subscribing to any newsletters and/or publications we produce;
- Registering for any events or conferences we organise or participate in;
- Submitting CVs or work history information;
- Contacting us for further information; and/or
- Providing us with business cards or other contact information.
We also collect domain information (e.g. IP address and referring URLs) as part of our analysis of the use of our website. This data enables us to become more familiar with how people visit our site, how often they visit and what parts of the site they visit most often. This information is collected automatically and requires no action on your part.
Use of personal information
When you provide personal information to us, we may use it for any of the purposes described in this Privacy Notice or as stated at the point of collection (or as obvious from the context of collection), including:
- To provide legal advice and services;
- To confirm and authenticate your identity;
- To update and enhance our records;
- To manage our practice, statutory returns and legal and regulatory compliance;
- To conduct quality and risk management reviews;
- To monitor and enforce compliance with our Terms of Business;
- Any other purposes for which you provided the information to us, including any of the purposes given in the ‘Collection of personal information’ section above; and/or
- To administer and manage our website.
We do not collect personally identifying information for sale to third parties.
Legal grounds for processing personal information
We rely on one or more of the following processing conditions:
- To perform our contractual obligations to you;
- To satisfy any legal and regulatory obligations to which we are subject;
- To satisfy our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses (provided these do not interfere with your rights);
- Where no other condition for processing is available, if you have given us your consent to process your personal information.
Your rights in relation to the personal information that we hold about you are set out in more detail below.
Security of personal information
We store as much electronic information as possible on external hard drives. These, and any hard-copy paper files we hold, are kept under lock and key. Emails are stored on external servers, typically for a maximum of 6 years after the conclusion of a matter. We use file-sharing applications such as Dropbox normally when this is your preferred method of providing information to us.
We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction.
Only authorised persons are provided access to personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure.
We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Sharing personal information
We may transfer, share or disclose the personal data we collect from you to third parties (and their respective subcontractors, and/or their subsidiaries and affiliates) for:
- The purposes for which the information has been submitted
- The purposes listed above under use of personal information
- The administration and maintenance of our website and/or
- Other internal or administrative purposes.
We also may transfer share or disclose personal data to third party service providers of identity management, accountancy, case management, website hosting and management, data analysis, data backup, security and storage services.
The third-party providers may use their own third-party subcontractors that have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors. If you nominate a third-party provider, however, we can assume no responsibility for the levels of security and confidentiality they maintain.
International transfers of personal information
Your personal information may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.
Where we collect your personal information within the EEA, transfer outside the EEA will be only:
- To a recipient located in a country which provides an adequate level of protection for your personal information; and/or
- Under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, e.g. standard (model) contractual clauses.
Other disclosures
We may also disclose personal information to third parties under the following circumstances:
- When explicitly requested by you;
- When required to deliver publications or reference materials as requested by you;
- When required to facilitate conferences or events hosted by a third party;
- For legal or regulatory compliance purposes; and/or
- As otherwise set out in this privacy statement.
We may also disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation. This includes disclosures outside the country where you are located.
Retention of personal information
We will retain your personal information only for as long as we need it, given the purposes for which it was collected, or as required to do so by law or contract (for example with our professional indemnity insurers).
We will typically archive our paper files with an external provider of archiving services within the UK at the conclusion of any matter. These will normally be retained for 6 years, and then securely shredded. Whilst we are not a paperless practice, we do seek to minimise the processing of documents in hard copy, and we try to store documents electronically on external hard drives where possible.
We may offer newsletters or blogs from time to time. You may be offered the opportunity to opt into these. Similarly, should you express an interest in specific topics, then we may contact you in relation to those topics.
Marketing
Where we are legally required to obtain your consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.
If you want to unsubscribe from mailing lists you should look for and follow the instructions we have provided in the relevant communications to you. Alternatively, you can at any time contact us to request that such communications cease.
We keep contact information (e.g. email addresses) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe we may keep certain limited information about you so that we may honour your request.
Rights in relation to your information
You have certain rights in relation to the personal information we hold about you. In particular, you have the right to:
- Request a copy of personal information we hold about you;
- Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
- Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
- Object to our processing of your personal information; and/or
- Withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).
If you would like to exercise these rights or understand if these rights apply to you, please contact us using the one of the following means below.
Our website
Our Website may link to third-party sites not controlled by us and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply. We encourage you to review each third-party site's privacy policy before disclosing any personally identifiable information.
We do not intend to collect special category (also known as sensitive) personal information through our website. Examples of special category information are: race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records.
We ask that you do not provide us with special category personal information when using our website.
Use of Cookies
Some pages on our website use "cookies," which are small files that the site places on your hard drive for identification purposes. These files may be used for site registration and customisation the next time you visit us, and to make navigating the website more user-friendly.
A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer as an anonymous tag that identifies your computer but not you. You should note that cookies cannot read data off of your hard drive. Your web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. By not accepting cookies, some pages may not fully function and you may find it harder to access certain information on our website.
Automated decision making
We will not use your personal information for automated decision making.
Contact us
If you have any questions or complaints about this Privacy notice or the way your personal information is processed by us, or would like to exercise one of your rights set out above, please contact us by one of the following means:
Email:
peter@thea.ltd.uk
Post:
Thea Limited
34 Farrow Lane
London SE14 5DB
United Kingdom
You also have the right to lodge a complaint with your local data protection regulator, which in the UK is the Information Commissioner Office (ICO). The ICO can be contacted by the following means:
Form: www.ico.org.uk/global/contact-us/email/
Telephone: 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers). If you're calling from outside the UK, please call +44 1625 545 700.
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF
We may update this Privacy notice at any time by publishing an updated version here. So that you know when we make changes to this Privacy statement, we will amend the revision date at the top of this page. The new modified or amended Privacy notice will apply from that revision date. Therefore, we encourage you to review this Privacy notice periodically to be informed about how we are protecting your information.