Howat Avraam LLP (“HA”, “we”, “us”, “our”) understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.howatavraamsolicitors.co.uk (“Website”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
2. INFORMATION ABOUT THE COMPANY
Howat Avraam LLP is a limited liability partnership incorporated and registered in England under company number OC393947 whose registered address is 154-160 Fleet Street, London, EC4A 2DQ. We are also authorised and regulated by the Solicitors Regulation Authority (Reg No. 613022).
Howat Avraam LLP owns and operates the Website.
3. WHAT IS PERSONAL DATA?
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject) and an ‘identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
4. WHAT DOES THIS POLICY COVER?
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
5. WHAT DATA DO WE COLLECT?
In order to deliver services to you and to comply with our regulatory requirements, we may collect some or all of the information listed below. The following list is not exhaustive:
• Full name;
• Contact details including personal telephone or mobile, personal email & residential address. Where you are engaging with HA on behalf of a corporate entity, we may also collect and
hold your corporate contact details;
• A copy of your driving licence and/or passport/identity card which may include details of your age, date of birth, sex/gender, photograph, nationality, place of birth, etc.;
• Utility bills or other correspondence confirming your residential address;
• Financial information including your bank account details, copies of bank statements (where appropriate), details of investments, pensions and other benefits, etc.;
• Employment information including role, salary, responsibilities, etc.; and
• Any other personal information that you provide to us during the course of our instructions.
Depending on the nature of our instructions, the personal information that you provide to us may include sensitive personal data such as medical and sickness records, information relating to criminal convictions, etc. Where we process information of this type, we will only do so with your explicit consent and in accordance with your instructions.
To the extent that you access our Website we will also collect certain data from you. See Website Users below for further details.
Suppliers, Consultants & Contractors
The data we collect about our suppliers, consultants and contractors is fairly limited. We simply need to make sure that our relationship with you runs smoothly. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and corporate email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.
To the extent that you access our Website we will also collect certain data from you automatically. See Website Users below for further details.
We collect a limited amount of data from users of our Website, which we use to help us to improve your experience when using the Website and to help us manage the services we provide. This includes information such as your IP address, operating system and browser type as well as how you use our Website, the frequency with which you access our Website and the location that you view our Website from. If you contact us via the Website, we will collect any information that you provide to us.
6. HOW DO WE COLLECT YOUR DATA?
Clients & Suppliers
Personal data that you give to us. For example, where you contact us proactively by phone or by email, where you provide information to us during the course of our engagement with you, or where we contact you, either directly or as a result of our business development activities more generally.
Personal data that we receive from elsewhere. Where appropriate and in accordance with any local laws and requirements, we may seek more information from other sources by way of due diligence or other market intelligence.
Marketing communications from HA may contain tracking facilities within the actual emails. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include (but is not limited to); the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity. This information is used to refine future email campaigns and supply the subscriber with more relevant content based around their activity. In accordance with current ‘spam’ laws, all of our marketing messages contain an ‘unsubscribe’ option and subscribers are free to opt out of receiving further communications at any time.
Personal data that you give to us. For example, where you contact us through the Website.
7. HOW DO WE USE YOUR DATA?
All personal data is processed and stored securely (whether in hard copy or in digital form), for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times. For more details on data security, see section 8 below.
Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of our contract with you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests to hold and process your data in that way.
We’ve listed below the various ways in which we may use your data in order to establish and maintain our relationship with Clients:
• Due to the nature of our business, we are required to carry out certain due diligence and identification checks on all of our clients before we are able to provide services to you. We
may therefore process and store your personal data (and update it when necessary) for these purposes;
• Storing your contact details (and updating them when necessary) on our database, so that we can contact you during the course of our engagement, provide you with information and legal
services and respond to your enquiries;
• Storing any other personal information that you provide to us in connection with our relationship with you and keeping records of our conversations and meetings to enable us to provide
you with legal services;
• Storing your bank and other financial information to facilitate our accounting and invoicing processes;
• Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you; and
• to comply with our legal and/or regulatory obligations.
We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests. We will not, as a matter of course, seek your consent when sending marketing messages to a corporate postal or email address. However, where you are an individual, we may need your consent for the marketing aspects of these activities which are not covered by our legitimate interests and we’ll ask for this via an explicit opt-in.
If you are not happy about how we are using your data, in certain circumstances you have the right to object (see below).
We’ve listed below the various ways in which we may use your data in order to establish and maintain our relationship with Suppliers:
• To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements;
• To offer services to you or to obtain support and services from you;
• To perform certain legal obligations; and
• To help us to target appropriate marketing campaigns.
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests. We will not, as a matter of course, seek your consent when sending marketing messages to a corporate postal or email address.
If you are not happy about how we are using your data, in certain circumstances you have the right to object and/or opt out (as appropriate) (see below).
We use your data to help us to improve your experience of using our Website.
8. HOW AND WHERE DO WE STORE YOUR DATA?
Data security is very important to us and we have taken suitable measures to safeguard and secure data collected directly from you or through our Web Site.
Your data will only be stored in the UK.
Steps we take to secure and protect your data include (but are not limited to):
• firewalls and anti-virus software;
• authentication protection and limited user access to contact database;
• Hard copy personal data is stored in locked cabinets with limited personnel access.
We will periodically review our security policies and implement changes from time to time. However, the Internet is not a risk-free place for communication and for that reason, we cannot and do not guarantee complete security, as it does not exist on the Internet. It is your responsibility to ensure that you have adequate and up-to-date anti-virus software and firewalls installed on your devices.
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We only keep your personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it.
Where you are (or have been) a Client or a Supplier of HA, we will be required to retain certain aspects of your personal information for a period of 7 years after the termination of our contractual relationship with you for regulatory and/or compliance purposes or such longer period as we may notify you in respect of particular information.
Where the above does not apply, we will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for three years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our services. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.
10. DO WE SHARE YOUR DATA?
We may sometimes contract with third parties to supply services to you on our behalf or to process your data on our behalf. These may include client relationship management, software and IT support, advertising and marketing and accounting services. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
We may compile statistics about the use of our Website. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
In certain circumstances, we may be legally required to share certain data, which may include your personal data, for example, where we are involved in legal proceedings or where we are complying with legal requirements, a court order or a request from a government authority.
11. YOUR RIGHTS
As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
• The right to be informed about our collection and use of personal data;
• The right of access to the personal data we hold about you;
• The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 14);
• The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, but if you would like us to delete it sooner, please contact us using the details in section 14);
• The right to restrict (i.e. prevent) the processing of your personal data;
• The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
• The right to object to us using your personal data for particular purposes; and
• Rights with respect to automated decision making and profiling.
If you would like to exercise any of these rights or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact are set out in section 14. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
12. HOW CAN YOU ACCESS YOUR DATA?
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us using the contact details below in section 14 for further details.
You may exercise your right to access your personal information and right to rectify it by sending us an email at the following address: Rebecca.Gardner@hasolicitors.co.uk. We may need to verify your identity prior to disclosing any personal information in order to ensure that we are not disclosing personal information to, or about, the wrong person.
13. HOW CAN YOU CONTROL YOUR DATA?
In addition to your rights under the GDPR, set out above, when you submit personal data via our Website, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).
You may also wish to sign up to one or more of the preference services operating in the UK. These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
You may access certain areas of our Website without providing any data at all. However, to use all features and functions available on our Website you may be required to submit or allow for the collection of certain personal data.
14. CONTACTING US
The person responsible for data protection and privacy at HA is Rebecca Gardner and she can be contacted by email at Rebecca.Gardner@hasolicitors.co.uk, by telephone on 020 3735 6700, or by post at Howat Avraam LLP, 160 Fleet Street, London, EC4A 2DQ.
Last updated: May 2018
Registered in England and Wales (Reg No. OC393947). All Rights Reserved. Authorised and regulated by The Solicitors Regulation Authority (Reg No. 613022). Registered Office: 154-160 Fleet Street, London, EC4A 2DQ