Privacy notice: advisors
Summary
If we're lucky enough to be working with you — whether we are working for the same client or not — this privacy notice sets out the way in which we'll process your data.
- We keep to a minimum the information we hold about you
- We use your data to advise our client, and meet our legal obligations
- We delete your data when it is no longer needed for these things
- Generally, we do not give your information to third parties, but there are some exceptions
- You have lots of privacy rights
- We take security seriously
- We record calls
- We are happy to answer your questions about any of this
This page was last updated on 22nd Feburary 2021, to change references to the EEA to the UK
📄 What data we hold
If we interact with you, we will hold the following information about you:
- Your name and contact information (probably just your professional details)
- Whatever personal data you include on your professional profile (e.g. your firm's website) or which you tell us
We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access. All our client-facing platforms are accessible via Tor, and you can access this site within Tor. If you do not want us to see your actual IP address, feel free to visit us via Tor.
Using your information
References to the basis of processing (e.g. "(Basis: Art. 6(1)(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.
Working with you
We will use your data to manage our relationship with you, and advance our client's interests.
(Basis: Art. 6(1)(f): working with you, and advancing our clients' interests, is a legitimate interest. Art. 6(1)(c): We are also bound by the Solicitors Regulatory Authority's handbook, which includes protecting their interests.)
Recommending you (or not) to others
I get to work with some amazing people, and I'm always pleased to be in a position to make a recommendation if someone asks. Equally, if we have a bad experience, we may let others know, to avoid making the same mistake.
(Basis: Art. 6(1)(f): recommending you, or not recommending you, is a legitimate thing to do.)
Technical data
We may use the logs from our servers to assist in our firm's security.
(Basis: Art. 6(1)(c): we have legal and regulatory obligations to protect our clients and their information.
Your data and the UK
We do not transfer or process data outside the UK unless we have your specific consent or where the nature of the processing requires it (for example, where we are corresponding with someone (such as a client) who is based outside the UK, or because they (or you) have chosen to use an email or other communications service which routes data outside the UK).
Occasionally, to provide a high quality of service, we work when we are outside the UK (for example, when on business or even if we are on holiday) — if this might be a problem for you, please let us know, and we can discuss.
Your rights
You have lots of rights in respect of our processing of your personal data. The relevant rights are:
- get access to your personal data and information about our processing of it
- in some circumstances, restrict our processing of your data for recommendations
- object to our processing for recommendations and other "legitimate interests" purposes
If you want to exercise any of these rights, please just contact us.
You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK's Information Commissioner's Office.
Third parties
We have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address if your own email server does not support opportunistic TLS (but not the content of what you send us, if you encrypt it). We also use an external accountancy service but, unless you are a sole trader or a partnership, they are unlikely to see any personal data relating to you.
Obviously, if you are on the "other side" of a transaction or deal we are working on, we will share any personal data we receive from you or learn about you with our client, where it is necessary for us to do so to act in their best interests.
Technical security
All our computers are full-disk encrypted, as are our phones and tablets.
Our preference is to use PGP/GPG-encrypted email, but we appreciate that it may not be convenient for you to do so.
We have a secure document transfer portal, which lets you send documents to us, and us to send documents to you. It is less convenient than email, but is more secure than unencrypted email. If you want to use it to send specific documents to us, just let us know. If you want to protect all documents you send to us, we encourage you to set up PGP/GPG.
"Normal" phone calls are not encrypted. We offer encrypted audio/video conferencing, if you'd prefer to use that — it works with most browsers without needing any additional software.
All our client-facing platforms are accessible via Tor, and you can access this site within Tor.
🎤 Call recording
We record our calls, as we find that it can be useful to listen again to conversations, particularly the more technical ones, to help understand what we have been told. By being able to do this automatically, we save you having to repeat yourself. That way, we can hopefully ask more relevant and useful questions.
Calls are recorded and stored on our own systems.
We delete each recording as soon as we have decided that we will no longer need to listen to it again. In most cases, this is immediately after the call takes place.
If we have a phone call relating to a client's matter where the client is not present, we may share the call recording with that client by their preferred communications mechanism (which may include unencrypted email).
Here's our legitimate interests assessment for our call recording.
Retention periods
Data about specific matters (e.g. copies of email): duration of the matter, then seven years
Server logs: up to one year