Summary

This notice is applicable to contact from anyone who is neither a client nor prospective client, nor just visiting this website. This includes press or journalistic enquiries, as well as suppliers to us.

📄 What data we hold

We may hold the following information about you:

  • Your name, identity and contact information

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access. All our client-facing platforms are accessible via Tor, and you can access this site on Tor. If you do not want us to see your actual IP address, feel free to visit us via Tor.

🏭 Using your information

References to the basis of processing (e.g. "(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Dealing with your enquiry

If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.

(Basis: Art. 6(b): we need to use your details to follow up with you. Art. 6(f): keeping track of what we have said is a legitimate thing for us to do, as it helps us understand what areas of work are generating interest, as well as helping us correct errors in reporting.)

Managing our relationship with you

We will use your data to manage our relationship with you, and to enquire about (and perhaps even buy) products and services from you.

(Basis: Art. 6(b): we need to use your details to enter into and perform contracts with you. Art. 6(f): keeping track of what we have agreed.)

Recommending you (or not) to others

We have some great suppliers, and we love to recommend them to others where we think it might be helpful. Equally, if we have a bad experience, we may let others know, to avoid making the same mistake.

(Basis: Art. 6(f): recommending you, or not recommending you, is a legitimate thing to do.)

Technical data

We may use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, because you have chosen to use an email or other communications service which routes data outside the EEA).

Occasionally, we may work on your enquiry or engage with you when we are outside the EEA (for example, when on business or even if we are on holiday) — if this might be a problem for you, please let us know, and we can discuss.

👉 Your rights

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

  • get access to your personal data and information about our processing of it
  • in some circumstances, restrict our processing of your data for strategy planning purposes and other "legitimate interests" purposes, and compel us to erase the bits we do not use for those purposes
  • object to our processing for strategy planning purposes and other "legitimate interests" purposes

If you want to exercise any of these rights, please just contact us.

You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK's Information Commissioner's Office.

👪 Third parties

We have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it). We also use an external accountancy service but, unless you are a sole trader or a partnership, they are unlikely to see any personal data relating to you.

Obviously, if you are on the "other side" of a transaction or deal we are working on, we will share any personal data we receive from you or learn about you with our client, where it is necessary for us to do so to act in their best interests. Since we do not take on litigation or dispute resolution work, chances are we are not giving them anything which you haven't given them already.

💪 Technical security

All our computers are full-disk encrypted, as are our phones and tablets.

Our preference is to use PGP/GPG-encrypted email, but we appreciate that it may not be convenient for you to do so.

We have a secure document transfer portal, which lets you send documents to us, and us to send documents to you. It is less convenient than email, but is more secure than unencrypted email. If you want to use it to send specific documents to us, just let us know. If you want to protect all documents you send to us, we encourage you to set up PGP/GPG.

"Normal" phone calls are not encrypted.

All our client-facing platforms are accessible via Tor, and you can access this site on Tor.

🎤 Call recording

We record our calls, as we find it helpful to keep track of what we have said or agreed, and what has been promised to us).

Calls are recorded and stored on our premises, and not on any third party cloud platform. The server on which our telephony platform runs has full disk encryption. If we need to listen again to a call, we download the file to a computer and listen to it there. These devices, too, have full disk encryption.

We delete the recordings as soon as we have decided that we will no longer need to listen to them again. In most cases, this is immediately after the call takes place. Recordings are removed from the server automatically each day.

Occasionally — for example, a call with an insurance provider, or with a journalist — we may retain a recording for a longer period, as evidence that a particular conversation took place, or of what was said. For a contract, this will be the duration of the contract plus six years; for other matters, it will depend entirely on the nature of the issue.

Where we have a phone call relating to a client's matter where the client is not present, we may share the call recording with that client by their preferred communications mechanism (which may include unencrypted email).

Here's our legitimate interests assessment for our call recording.

.
⏰ Retention periods

Enquiry data: duration of enquiry, then one year

Supplier contact details: for as long as we have a relationship with you or think we might want to buy products or services from you, or for the duration of a dispute with you

Server logs: up to one year

ICO registration

decoded.legal is registered with the Information Commissioner's Office (ZA152364).

Get in touch