We (“Serjeants LLP”) are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
(1) What information do we collect?
We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation);
(b) information that you provide to us for the purpose of registering with us (including name, address and email address);
(d) information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
(e) any other information that you choose to send to us.
(3) Using your personal information
The legal basis for the processing of your personal data is your consent and/or any other applicable legal basis, such as our legitimate interest (Article 6(1)(f) of the GDPR). We assume that if you are one of our clients, have made a website enquiry or subscribed to our mailing list, you are interested in hearing about the services we provide. We may use your personal information to:
(a) send you email notifications which you have specifically requested;
(b) send you our newsletter and other marketing communications relating to our business which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (and you can inform us at any time if you no longer require marketing communications);
(c) deal with enquiries and complaints made by or about you relating to the website;
(d) keep the website secure and prevent fraud;
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.
In addition, we may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(d) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
(5) International data transfers
Information which you provide may be transferred to countries (including United States, China, Japan, South Korea) which do not have data protection laws equivalent to those in force in the European Economic Area.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
You expressly agree to such transfers of personal information.
(6) Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
(7) Policy amendments
(8) Your rights
The GDPR provides the following rights for individuals:
- the right to be informed,
- the right of access,
- the right to rectification,
- the right to erasure,
- the right to restrict processing,
- the right to data portability,
- the right to object, and
- rights in relation to automated decision making and profiling.
(8a) The right to be informed
This policy includes the necessary information about how we use personal information. In particular, it provides details about the following:
- our contact details (as the “controller” of the personal data),
- the purpose of the processing and its lawful basis,
- third parties with which personal data is shared,
- retention periods for personal data, and
- the rights of individuals under the GDPR.
(8b) The right of access
Under the GDPR individuals have the right to obtain:
- confirmation that their data is being processed,
- access to their personal data, and
(8c) The right to rectification
Individuals are entitled to have their personal data rectified if it is inaccurate or incomplete.
We will respond to any request for rectification within one month. If appropriate, we will inform any third party of any rectification that we make following a request. If we decide not to take action in response to a request for rectification, we will explain why and inform the individual making the request of their further rights, e.g. to make a complaint.
(8d) The right to erasure
The right to erasure is also known as ‘the right to be forgotten’. Individuals have the right to have their personal data erased when it is no longer necessary in relation to the purpose for which it was originally collected or used, or if the individual objects to the processing of their personal data and there is no overriding legitimate interest for continuing the processing, for example.
If appropriate, we will inform any third party about the erasure of any personal data.
(8e) The right to restrict processing
Individuals have the right to block or suppress use of their personal data in certain circumstances, for example, if they contest the accuracy of the personal data. In this situation we would still be able to store the contested personal data but not use it until we have verified its accuracy.
If appropriate, we will inform any third party of any request to restrict processing.
(9) Retention of personal data
(10) Accountability and governance
In order to protect personal data, we comply with the provisions of the GDPR that promote accountability and governance. All personal information is stored securing and with the specific aim of preventing accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
We have procedures in place to detect, report and investigate any breach of personal data, including its unlawful destruction, loss, alteration, or unauthorised disclosure or access. If a breach is likely to result in a risk to the individual’s “rights and freedoms”, we shall notify you and provide the necessary information to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it.
(11) Concerns and complaints
If you have any concerns about the way in which we have handled personal data, you can raise it with us in writing. You have the right to make a complaint to the ICO (www.ico.org.uk).
(12) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
(13) Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.