Shoosmiths Privacy Services Limited
WHAT IS THIS?
When you deal with Shoosmiths Privacy Services Limited (“SPS”), you trust us with your information. We take privacy seriously and we are committed to protecting the data you provide to us.
This policy explains when and why we process personal data collected from you or provided to us by third parties, how this data is used, the conditions under which it may be disclosed to others, and how it is kept secure. It also provides you with information regarding various rights you may have in respect of processing of your personal data by SPS.
This policy may be updated from time to time in accordance with changing privacy and data protection laws, so please re-visit this page occasionally to ensure that you are happy with any changes. If any amendments have an impact on how we process your personal data the notice will say so.
Where this policy refers to “SPS”, “we”, “our” or “us” below, it is referring to Shoosmiths Privacy Services Limited. This policy only relates to the data processing activities of SPS and of no other entity.
WHO WE ARE
Shoosmiths Privacy Services Limited is a limited company with registered company number 12970199 and its registered office is at 100 Avebury Boulevard, Milton Keynes MK9 1FH. SPS is a Controller of personal data registered with the Information Commissioner under registration number ZA808941.
SPS is a wholly-owned subsidiary of Shoosmiths LLP, a limited liability partnership and regulated law firm. This web page is hosted within the web domain of Shoosmiths LLP but all data received from you via this web page is segregated from, and not shared with, Shoosmiths LLP You can find more out about Shoosmiths LLP by visiting the home page at https://www.shoosmiths.co.uk.
OUR ROLE AS A UK REPRESENTATIVE
SPS’s primary business activity is to act as the representative for data protection purposes for customers who do not themselves have an office, branch or other presence in the United Kingdom, and who are required by law to appoint a representative. For clarity, we refer to these customers in this policy as our “Customers”, and we refer to our role as that of a “UK Representative”.
As the UK Representative of our Customer, we act as a point of liaison for any data protection queries or requests received from any individual in the United Kingdom who has had dealings with our Customer. This would include, for instance, a business contact of our Customer, an end-user or consumer of goods or services offered or sold by our Customer, or an individual whose data has been collected and analysed by our Customer. For clarity, we refer to that category of individuals as being “Data Subjects of our Customer”. For these purposes, each of our Customers are supplied with unique email addresses ending in “dataprivacyrep.com” and any email you send to an address containing that domain name will be received by us on behalf of, and as the UK Representative of, the relevant Customer.
We also act as point of liaison for any communications with the UK regulator, the Information Commissioner’s Office (ICO).
Our role as the UK Representative is not in substitution for the relevant Customer, and does not in any way affect the rights with that Customer. As well as contacting us you may also contact the relevant Customer directly.
HOW WE COLLECT YOUR PERSONAL DATA
When we refer to “personal data”, we mean information that could identify you directly, such as your name, or indirectly by a certain characteristic combined with information we already hold about you.
Where we act as a Controller
We may collect personal data about you if you are an individual who is employed by or a consultant of any of our Customers, in particular if you have been nominated by our Customer to be an authorised user of our online facilities. In this context, we may receive information about you either directly from you or from that Customer. That information may include your name, contact details, job title and employing organisation or entity. We act as a Controller of your personal data in this context.
Where we act as a Processor
If you are communicating with us as a Data Subject of our Customer, we may receive information directly from you, when you email us with your enquiry or request, or otherwise enter into correspondence with us. Any communication you send to us will be forwarded on to that Customer by us. We may receive further information about you in response from our Customer in relation to those communications. The information we receive about you may include your name, contact details, and the details from your and our Customer’s correspondence with us (including for example biographical details and personal or circumstantial details).
Where we receive information about you, we will only use that information for the purposes of providing our contracted services to our Customer as its UK Representative, and to comply with any regulatory or legal obligations we are subject to.
Information we automatically collect about you
TYPE OF PERSONAL DATA WE PROCESS ABOUT YOU
We may process a range of personal data about you. To make it easier to understand the information that we use about you, we have divided this information into categories in the table below and provided a short explanation of the type of information each category covers (please note that not all categories may be applicable to you):
Personal data included in this category
your activities, actions and behaviours
your life experiences and circumstances
information which can be used to address, send or otherwise communicate a message to you (i.e. email address, postal address, employer name and job title)
information contained in our correspondence or other communications with you or about you
we may record phone or video calls and meetings and retain transcripts of dialogue i.e. livechat conversations, for our records or for training purposes. If you visit one of our offices, your image may be recorded on CCTV for security purposes
HOW AND WHY WE USE YOUR PERSONAL DATA
As a Controller of your personal data, we may use the information we collect about you in the following ways.
Where we have a LEGITIMATE INTEREST
We may use and process your personal data where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
- to enter into and perform the contract we have with your business in its capacity as one of our Customers (where you are an employee, consultant or owner of that business);
- to assess and improve our service to our Customers
- for the prevention of fraud and other criminal activities;
- to inform you about relevant events, products, news updates and announcements you may be interested in;
- for network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (e.g. where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- to assist in the management of queries, complaints or claims;
- for the establishment, exercise or defence of our legal rights.
Where required by LAW
We may use and process your personal data in order to comply with other legal obligations to which we are subject, such as for the prevention of fraud and other criminal activities.
Special categories of personal data
We do not request any special categories of personal data about you
OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL DATA
Our suppliers and service providers
Our work for you may require us to provide information to third parties who will use your information for the purposes of providing services to us. Such third parties may include for example insurers, payment processing, software providers and mailing services.
When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their services and we have an agreement in place that requires them to keep your data secure and not to use it other than in accordance with our specific instructions.
Where we act as a UK Representative of our Customer
As mentioned above in this policy, where we act as a UK Representative of our Customer we shall forward all communications received from you to our Customer. In this context we act as a Processor of your personal data. Please note that all Customers for whom we act as UK Representative are based outside the UK.
Other ways in which we may share your personal data
We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to protect your vital interests, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and clients. However, we will always take steps to ensure that your privacy rights continue to be protected.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us for our use is stored on our secure servers which are located within the UK and the European Economic Area (EEA).
The third parties mentioned in the section headed “Others who may receive and have access to your personal data” may be located outside of the UK or they may transfer your data outside of the UK. Those countries may not have the same standards of data protection and privacy laws as in the UK, which means additional safeguards must be put in place. Whenever we transfer your data outside of the UK we impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the UK. Any third parties transferring your data outside of the UK must also have in place appropriate safeguards as required under data protection law.
HOW LONG WE KEEP YOUR PERSONAL DATA FOR
If we collect your personal data, the length of time for which we retain it is determined by a number of factors including the type of data, the purpose for which we use that data and our regulatory and legal obligations attached to this use.
We maintain internally a full schedule of types of data and the specified period of time for which we will retain this.
The only exceptions to this are where:
- the law requires us to hold your personal data for a longer period, or delete it sooner;
- you exercise your right to have the data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see the section headed “Erasing your personal data or restricting its processing”); or
- in limited cases, the law permits us to keep your personal data indefinitely provided we have certain protections in place.
Where we act as the Controller of your personal data, you have a number of rights under data protection law, in relation to your personal data for which we are the Controller. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, or clarification to enable us to find your personal data. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.
The remaining clauses of this section headed “Your Rights” only apply to you where we act as Controller of your personal data.
Accessing your personal data
You have the right to ask for a copy of the data that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal data if it concerns other individuals or we have another lawful reason to withhold that data.
We may charge you a reasonable fee based on administrative costs if you request a copy of data we have previously provided to you or if your request is manifestly unfounded or excessive.
In line with our environmental commitments, we will try to provide you with a copy of your data by electronic means where this is possible, unless you have specified otherwise in your request.
Correcting and updating your personal data
The accuracy of your data is important to us, therefore if you change your name or address/email address, or you discover that any of the other data we hold is inaccurate or out of date, please let us know by contacting us using the details set out at the end of this policy.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal data, you may withdraw your consent at any time by emailing or writing to us at the address at the end of this policy. (Please use “Withdrawal of consent” as the subject heading of your email).
If you withdraw your consent, our use of your personal data before you withdraw your consent is still lawful.
Objecting to our use of your personal data
Where we rely on our legitimate interests as the legal basis for processing your personal data for any purpose(s), you may object to our using your personal data for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal data and where our interests override yours, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection legislation, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.
Where you have agreed to us using your personal data for direct marketing purposes, you may subsequently object to and we will immediately comply with your request. If you would like to do so, please email us at [email protected] asking to unsubscribe. Any marketing email sent to you will also include an ‘unsubscribe’ function.
You may also contest a decision made about you based on automated processing by emailing or writing to us at the address at the end of this policy.
Erasing your personal data or restricting its processing
In certain circumstances, you may ask for your personal data to be removed from our systems by emailing or writing to us at the address at the end of this policy. Please note that this right is not an absolute right. Provided we do not have any continuing lawful reason to continue processing or holding your personal data, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal data where you believe our processing is unlawful, you contest its accuracy, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings. We may only process your personal data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes.
Transferring your personal data in a structured data file
Where we rely on your consent as the legal basis for processing your personal data or need to process it in connection with your contract, you may ask us to provide you with a copy of that data in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.
You can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that data.
Complaining about the use of your personal data
If you wish to complain about the way we use your personal data, you can e-mail us using the details set out at the end of this policy. If you are dissatisfied with our response to your complaint and remain concerned about the way we have processed your personal, you have the right to complain to the Information Commissioner’s Office (ICO) data or seek to enforce your rights through a judicial remedy. Please visit the ICO’s website for further details.
How we protect your personal data
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your personal data, we have in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we collect any special categories of personal data about you, we will apply additional security controls to protect it.
Where we have given you (or where you have chosen) a password which enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
Links to other websites
If you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check the policy of that third-party website.
Use of 'cookies'
We may from time to time send you emails with information about our products and services, relevant insights, webinar and event invitations and other news or announcements. We will send these to you at your given email address in your capacity as an employee, consultant or owner of one of our Customers, and not in a personal capacity.
If you would like to withdraw your consent or opt-out of receiving any email, you can do so by unsubscribing within the email communication or by contacting us at [email protected].
Unsubscribing from our marketing information will not remove our right to contact you regarding the work we carry out for you or any Customer you are associated with.
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. Any such recipients will be contractually bound to safeguard the data we entrust in them and will not contact you to offer services.
Please contact us on [email protected] with any queries about this Notice or about the way we process your personal data.
END OF POLICY