Arkas Law is committed to protecting your privacy. This Notice describes how and why we collect, store, use and share your personal data. It also explains your rights in relation to personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use your personal data, we are regulated under the EU General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as a ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
If you have any questions about how this Privacy Notice applies to you or want to make a complaint to us about how we handle your personal information, please contact the firm’s Privacy Partner, Pranavan Shantikumar, via the details set out in the ‘How to Contact Us’ section below).
WHOSE DATA DO WE PROCESS?
We process personal data about different categories of people including:
▪ our clients, counterparties, and other third parties in connection with legal services we agree to provide to you or the organisation you work for;
▪ people who request information from us or provide information to us;
▪ people who apply for a role or work experience opportunity with Arkas Law;
▪ third parties who interact with us either directly or through our websites;
▪ alumni of the Firm;
▪ people who are entered onto our mailing lists to receive publications and other marketing emails (with their consent).
WHAT INFORMATION DO WE COLLECT AND HOW?
The types of data we process are varied and depends on the nature of the services we are providing but will usually include the following:
▪ Identity and contact data: This may include your name, address, telephone number, date of birth, marital status, passport number, employment history, educational or professional background, tax status, employee number, job title and function, and other personal data which verifies your identity;
▪ Financial and payment data: This includes your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
▪ Business information: This includes information provided in the course of the contractual or client relationship between you and Arkas Law, or otherwise voluntarily provided by you or your organisation;
▪ Information relevant to our legal advice: This includes personal data relevant to any dispute, grievance, investigation, arbitration, or other legal advice we provide to you or information relating to the matter in which you are seeking our advice or representation;
▪ Profile and usage data: This includes your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites, including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs). To learn more about our use of cookies or similar technology please see our Cookies Policy.
▪ Technical data: This includes information collected during your visits to our website(s), the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies or similar technology, please see our Cookies Policy.
▪ Physical access data: This is information relating to details of your visits to our premises;
▪ Sensitive personal data: In the course of our client services, we may represent you and/or your organisation in legal matters that require us to collect and use sensitive personal information relating to you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life and sexual orientation, details of criminal offences, or genetic or biometric data).
For example, in housing and immigration matters, information about your medical conditions, race or any related criminal history may be relevant to the representation. Where we process sensitive personal information in the course of these and other similar client services, we do so to assist you and/or your organisation to establish, exercise or defend legal claims or to assist you and/or your organisation in fulfilling the rights and obligations of applicable laws.
We collect personal information directly from you, from our clients or other parties to a matter and their authorised representatives. We may also collect personal information from third parties such as your employer, landlord, other organisations that you have dealings with, regulators, government agencies, credit reporting agencies, publicly available records (including electronic data sources to carry out checks to enable us to comply with applicable law), information or service providers (some of whom may process your personal information on our behalf), recruitment agencies and other law firms or professional advisers. Your personal information may be collected in the firm’s contact database when you register to receive legal updates, or we otherwise receive your contact details.
We use cookies on our Websites. This Privacy Notice should be read alongside our Cookies Policy.
INFORMATION ABOUT OTHER PEOPLE
If you provide information to us about any person other than yourself, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
WHY AND HOW WE USE YOUR INFORMATION
We use your personal data for the purposes of providing legal services, fulfilling our legal and regulatory obligations and also for our general business purposes e.g. we may use your personal information to:
▪ deliver legal services to you and/or the organisation you work for, if you are a client;
▪ comply with our legal obligations to identify and verify the identity of our clients and their beneficial owners;
▪ administer your accounts with us, including providing e-billing services and tracing and collecting any debts;
▪ make disclosures to our auditors, our own legal and other professional advisors, our banks, insurers, and insurance brokers;
▪ comply with our legal and regulatory obligations, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, sanctions and embargo laws). This can include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes;
▪ run the firm’s business (e.g. carry out administrative or operational processes, including recruitment);
▪ improve our services and products to you, if you or the organisation you work for are a client or prospective client;
▪ process and respond to requests, enquiries or complaints received from you,
▪ exercise or defend our legal rights or to comply with court orders;
▪ maintain and develop our business relationship with you;
▪ communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives; to send you details of client surveys, marketing campaigns, or other promotional activities; and
▪ collect information about your preferences to personalise and improve the quality of our communications with you.
WHAT BASIS DO WE HAVE FOR PROCESSING YOUR PERSONAL DATA?
We will only use your personal information if and to the extent allowed by law. We will therefore only process your personal information if:
▪ it is necessary for the performance of a contract with you or the company you work for;
▪ it is necessary in connection with a legal obligation;
▪ you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your information with us; or
▪ if we (or a third party) have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include the provision of legal services, running the firm’s business and marketing relevant services directly to you.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may need to share personal data with:
▪ law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations;
▪ third parties involved in your matter e.g. professional advisers or experts we instruct on your behalf, courts, and tribunals, counterparties etc;
▪ financial organisations, debt collection, credit reference and tracing agencies;
▪ our auditors, our own legal and professional advisors, banks, insurers and insurance brokers;
▪ government agencies e.g. the Home Office in the case of an immigration matter, regulators, and other authorities;
▪ business associates, professional bodies and our and your trade associations;
▪ external service suppliers, representatives and agents that we use to make our business more efficient.
We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
WHERE IS YOUR PERSONAL DATA HELD?
Information may be held at our offices and those of our service providers, representatives and agents as described above (see ‘WHO WE SHARE YOUR PERSONAL DATA WITH’).
HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We will retain your information as long as necessary to:
▪ comply with legal, accounting or regulatory requirements;
▪ to respond to any questions, complaints or claims made by you or on your behalf;
▪ to show that we treated you fairly.
This means that we will keep your personal data after we have finished acting for you. We will not retain your data for longer than necessary for the purposes set out in this Notice. Different retention periods apply for different types of data. When it is no longer necessary to retain your personal data, we will delete or anonymise it. If you wish to know more about the Firm’s retention and destruction policy or any of the Firm’s different retention periods, please contact info@arkaslaw.co.uk.
YOUR RIGHTS
You have the following rights, which you can exercise free of charge:
▪ Access: the right to be provided with a copy of your personal data.
▪ Rectification: the right to require us to correct any mistakes in your personal data.
▪ To be forgotten: the right to require us to delete your personal data—in certain situations.
▪ Restriction of processing: the right to require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data.
▪ Data portability: the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party— in certain situations.
▪ To object: the right to object at any time to your personal data being processed for direct marketing (including profiling); and in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
▪ Not to be subject to automated individual decision making: the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
Please use the contact details below to exercise your rights. For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
PROMOTIONAL COMMUNICATIONS
We may use your personal data to send you updates directly (by email, text message, telephone or post) about legal developments that might be of interest to you and/or information about our services, including exclusive offers, promotions or new services.
We will always treat your personal data with the utmost respect and never share it with other organisations outside Arkas Law for marketing purposes.
You have the right to opt out of receiving promotional communications at any time – see how to contact us below.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
KEEPING YOUR PERSONAL DATA SECURE
We have appropriate security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
HOW TO CONTACT US
Please contact us to exercise your rights or if you have any questions about this Privacy Notice by calling us on 020 7269 7949, emailing us at info@arkaslaw.co.uk or by writing to us at Arkas Law, 150 Minories, London, EC3N 1LS.
If you would like this Notice in another format (for example audio or large print) please contact us (see ‘How to Contact Us’ above).
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: (0303 123 1113).