CLIENT PRIVACY POLICY | ack-media-law

ACK MEDIA LAW LLP

Client and Third-party Privacy Policy

About this privacy policy
About us
What personal data do we collect about you?
Where do we collect your personal data from?
How and why we process your personal data and the lawful basis for the processing
Sharing personal data
Transferring your personal data outside the UK
How do we keep your data secure?
What should you do if your personal data changes?
How long do we keep your personal data?
Withdrawing your consent
Your rights
Data Protection Officer
Changes to this privacy policy

1. About this privacy policy

As a firm of solicitors who advise clients on data protection law as one of the legal services we provide, we know how important it is to safeguard personal data and private information. With this in mind we treat your personal data with the utmost care and take all appropriate steps to protect it. If you are a client of the firm, reading this privacy policy will inform you how we collect and use personal data about you prior to you being a client of the firm, during the client relationship and once our relationship with you has ended.

References to “you” and “your” in this privacy policy are references to those individuals whose personal data we process in connection with providing our legal services and running a business including individual clients and the employees, consultants, owners and associates of corporate clients and other organisations. We also collect and use personal data about other parties to transactions and litigation, barristers, foreign lawyers, witnesses, experts, advisors, and suppliers.

The information in this privacy policy is being provided to you in accordance with applicable data protection legislation, including the UK Data Protection Act 2018. This privacy policy does not form part of our terms and conditions.

ACK Media Law LLP has a separate website privacy policy and a separate cookie policy.

2. About us

ACK Media Law LLP is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z1440202. As a data controller we are responsible for deciding how we hold and use the personal data we collect about you.

ACK Media Law LLP is a limited liability partnership registered in England and Wales under number OC337320. Our registered office is at 53 Welbeck Street, London, W1G 9XR. We are regulated by the Solicitors Regulation Authority.

We have a dedicated data protection officer (“DPO”).You can contact the DPO by emailing Sue Charles at s.charles@ackmedialaw.com.

3. What personal data do we collect about you?

We collect, store and use the following categories of personal data:

Your name and title
Your date of birth
Your personal and work contact details, including your address, telephone numbers, and email addresses
Copies of your identification documents, including your passport and driving licence
Copies of one or more of your utility bills, or bank statements, to verify your address
Billing details
Personal data you disclose to us which is relevant to a client matter on which we have been instructed
Personal data we collect from third-party sources and databases which is relevant to a client matter on which we have been instructed
Your photograph
Social media account information
Technical data when you access our guest Wi-Fi

Some of this personal data may comprise of what is known as special category personal data in the Data Protection Act 2018. Special category personal data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Some of the personal data about you may also fall within personal data relating to criminal convictions and offences.

4. Where do we collect your personal data from?

Most of the personal data about you which we collect, process and store will be provided as follows:

Before we are formally instructed, we will require information to conduct client due diligence checks in compliance with UK anti-money laundering regulations to confirm the identity of individual clients, and the identities of directors and/or shareholders and/or trustees in relation to corporate clients or other organisations.
We may use your contact and bank account details to process any payments.
You may disclose your personal data to us including by email, telephone, letter, or at a virtual or in person meeting with us.
We may collect personal data about you from third-party sources, including your legal counsel and other advisors, your employer or colleagues, transaction counterparties and their legal advisors, other parties to proceedings including their legal advisors, regulatory bodies, insurers, and government departments.
Where you are a witness or other party to litigation or other third party who is not a client of the firm, we may collect personal data about you from our client and their other representatives and advisors, and other third-party sources, if the personal data is relevant to a client matter upon which we have been instructed.
We may collect information about you which is available from public sources such as public registers, social media and the media.
Otherwise through providing our legal services and operating our business.

5. How and why we process your personal data and the lawful basis for the processing

We are a boutique media law practice which draws on a network of successful working relationships, skills and knowledge of the media sector in order to offer clients a specialised and flexible service. We will use the personal data set out above for one or more of the following purposes:

1. Where we need to perform the contract we have entered into with a client or are about to enter with a prospective client

Where you are a client we will use your billing and payment details to invoice you.
To fulfil our obligations under the client retainer we may use your contact details and other personal data to provide legal services.

2. Running a law firm and providing legal advice to clients

We may process your personal data when it is necessary for our legitimate interests as a legal services provider (or those of a third party) and your interests and fundamental rights do not override those interests. These legitimate interests include our interests in providing our clients with legal advice, managing our relationship with our clients, prospective clients, former clients and their staff, hosting clients and others at our offices, hosting virtual and in-person events, keeping clients, prospective clients, former clients and their staff up to date about the firm and any relevant legal updates, updating legal directories about the firm’s activities, and ensuring appropriate standards and compliance with policies, practices or procedures.
We may process your personal data when it is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

3. To comply with applicable law or professional regulations or in connection with legal proceedings or advice

The processing of the personal data we collect for client due diligence is necessary to fulfil our legal obligations under UK anti-money laundering regulations.
If you are a client or prospective client, we may use your personal data in order to carry out a conflict check.
We may use your personal data to investigate and respond to any complaints or legal claims we may receive from you or another person or organisation.
We may be required to disclose your personal data by law, or by court order, to a third party such as a public authority, or the court, or an insurance company.
We may be required to disclose your personal data if it is necessary: (1) for the purposes of or in connection with legal proceedings, including prospective proceedings; (2) obtaining legal advice; and (3) establishing, exercising or defending legal rights.

6. Sharing personal data

We may share your personal data with third parties where this is necessary to provide our legal services, for legal or regulatory purposes, or to manage our business. For example, we may disclose your personal data to:

Other solicitors, barristers, other legal advisors, expert witnesses, enquiry agents, accountants, foreign lawyers, and other professional advisors in the course of acting on a legal matter.
Third parties and their professional advisors in the course of conducting negotiations, service providers under contract with us to support our business operations, such as fraud prevention, debt collection, technology services and accounting/audit.
Courts and tribunals.
Government bodies, for example HMRC.
Credit reference agents.
Our insurers and insurance brokers.
Legal directories
Regulatory bodies to comply with our legal and regulatory obligations.
Any person or law enforcement agency if we need to share that information to comply with the law or to enforce any agreement we may have with you or to protect the health and safety of any person.
Any person who is authorised by you to be your agent or representative.

We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also require them to comply with our instructions in connection with the services they provide for us and not for their own business purposes.

We may, from time to time, expand, reduce or sell our business and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, subject to data protection law.

7. Transferring your personal data outside the UK

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data, unless you instruct us otherwise, or if it is necessary to transfer the personal data as part of the legal services we are providing, and other safeguards have been put in place in accordance with data protection laws.

8. How do we keep your data secure?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and, for this reason, we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us.

9. What should you do if your personal data changes?

It is important that the personal data we hold about you is accurate and current. Keep us informed if your personal data changes during your relationship with us. The contact details for this purpose are in this privacy policy.

10. How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of the client retainer and satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Once you are no longer a client of the firm, we will usually retain your client file for at least seven years for legal and insurance purposes.

11. Withdrawing your consent

In the limited circumstances where you may have provided your consent to the collection and processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. To withdraw your consent, please contact the DPO.

12. Your rights

Under certain circumstances, by law you have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal data to another party.

We may not be required to comply with one or more of the above requests where the request is in relation to personal data to which a claim of legal professional privilege could be maintained in legal proceedings. If you fail to provide certain information when requested, we may not be able to provide you with legal services.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

13. Data Protection Officer

We have appointed a DPO to oversee compliance with this privacy policy. If you have any questions about this privacy policy or how we handle your personal data, please contact Sue Charles by email to: s.charles@ackmedialaw.com.

14. Changes to this privacy policy

We reserve the right to update this privacy policy at any time. We may also notify you in other ways from time to time about the processing of your personal data.

If you have any questions about this privacy policy, please contact the DPO at: s.charles@ackmedialaw.com

ACK MEDIA LAW

+44 (0)207 487 5354
team@ackmedialaw.com

ACK Media Law LLP is regulated by the Solicitors' Regulation Authority and is a limited liability partnership registered in England and Wales with the registered number OC337320. Registered office 53 Welbeck Street, London W1G 9XR.