The French Law Practice Ltd (“we”, “us”, or “our”) is committed to ensuring the protection of the privacy and security of any personal data which we process.
We are the data controller and will collect and use your personal data in accordance with the Data Protection Act 1998 as amended or replaced by the General Data Protection Regulation 2016 and any national laws which relate to the processing of personal data (“Data Protection Legislation”).We are responsible for deciding how we hold and use personal data about you.
Please read the following carefully to understand our views and practices regarding your data and how we will treat it.
How we get your data
We obtain personal data about you, for example, when we are engaged for and providing our services, when you contact us by email, telephone, post, social media including this website or from third parties.
Personal data is any information relating to an identified or identifiable natural person.
How we use your data
We may use your personal data for our legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data, including, but not limited to for the purposes necessary for the (legal and administrative) performance of our contracts with our clients or any other parties or any legal or regulatory enquiries and marketing and business development purposes.
In particular, we may process your personal data for information about us, newsletters or events in which we participate and you have the right to withdraw your consent and unsubscribe from these (see more below).
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose. Consent might be sought in cases where your data was originally aimed to be shared for a very different purpose.
Transfer to third parties
We will share your personal data with third parties where we are required by law or regulation, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
“Third parties” includes third-party service providers such as IT and cloud services, professional advisory services, administration services, marketing services and any other services necessary to carry out our activities.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.
Cross border data transfers
Our business is by nature across borders. However, we are mostly dealing in the EEA which is regulated by the Data Protection Legislation.
We may transfer the personal data we collect about you to countries outside of the EEA in order to perform our contract with you. This may include countries where there is not an adequacy decision by the European Commission and hence will not be deemed to provide an adequate level of protection for your personal information for the purpose of the Data Protection Legislation. Sharing your data to a party outside the EEA will be done with your prior knowledge and consent.
Access to, updating, deleting and restricting use of your data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes. If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
Data protection legislation gives you certain rights in relation to your personal data. You have the right to object to the processing of your personal data in certain circumstances and to withdraw your consent to the processing of your personal data where this has been provided.
You can also ask us to undertake the following:
• update or amend your personal data if you feel this is inaccurate;
• remove your personal data from our database entirely;
• send you copies of your personal data in a commonly used format and transfer your information to another entity where you have supplied this to us, and we process this electronically with your consent or where necessary for the performance of a contract;
• restrict the use of your personal data; and
• provide you with access to information held about you and for this to be provided in an intelligible form.
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
• the requirements of our business and the services provided;
• any statutory or legal obligations;
• the purposes for which we originally collected the personal data;
• the lawful grounds on which we based our processing;
• the types of personal data we have collected;
• the amount and categories of your personal data; and
• whether the purpose of the processing could reasonably be fulfilled by other means.
Please note that where we hold soft copy documents relating to your matter we will hold these for as long as we deem necessary from an IT management perspective. We will not be able to delete such copies on a matter by matter or client by client basis.
For legal and regulatory reasons we shall keep one copy of our files (whether hard or soft copy) relating to your matter for at least 7 years from completion of our services, after which we shall have the right to destroy them as we see fit.
We will notify you if there are any changes to this policy that materially affect how we collect, store or process your personal data. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we may provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent where required by applicable law or regulation.
This is in addition to your right to contact the Information Commissioners Office if you are unsatisfied with our response to any issues you may raise.
The ICO’s contact details are as follows:
Information Commissioner's Office
Telephone - 0303 123 1113 (local rate) or 01625 545 745
Website - https://ico.org.uk/global/contact-us/