This Privacy Notice (“Notice”) – together with any other privacy information we may provide on specific occasions – applies to the processing of personal data by Keller Lenkner in the course of providing legal services and carrying out its business operations. The Notice sets out the types of personal data Keller Lenkner collects, explains how Keller Lenkner collects and processes that data, who it shares it with and certain rights and options that you have in this respect.
WHO WE ARE
When we refer to “Keller Lenkner” or “we” in this Notice we mean Keller Lenkner UK Limited, a company incorporated in England & Wales with registered number 11937792 and registered address at 81 Chancery Lane, London, England, WC2A 1DD. We are responsible for the personal data we collect and process about you and we will be controller of that data for the purposes of applicable data protection laws, in particular the General Data Protection Regulation (“GDPR”), and the UK Data Protection Act 2018.
WHO THIS NOTICE APPLIES TO
This Notice is relevant to you if we process your personal data in the course of providing or marketing our services, for example, if you are (or are employed by) our actual or prospective client, supplier, consultant, advisor, counterparty, litigant or are otherwise involved in proceedings involving any of our clients.
PERSONAL DATA WE COLLECT
Your personal data is information relating to you. Depending on your engagement with us and how you relate to us, we collect and process various types of personal data, as explained below:
· Identity Data, including your name, date of birth, civil status, passport (or other ID) number, photographic identification, your live image (when required to confirm your identity), gender, tax number and status;
· Contact Data, including your postal address, telephone number and email address;
· Financial and Payment Data, including your bank account details and other data necessary for payment processing and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
· Professional Information, including job title and function, employee number, business contact details, employment history, educational or professional background;
· Business and Legal Matter Information, including information provided in relation to a current, prospective or past contractual, client or other relationship between you or your organisation and Keller Lenkner, or otherwise provided by you, your organisation or other persons involved in a legal matter, such as counterparties in a civil dispute. This includes:
o information we process prior to engaging with you or your employer, for example, for assessing a client’s eligibility to pursue a legal claim, in relation to anti-money laundering, anti-bribery and “know-your-customer” (“KYC”) checks, conflict of interests checks;
o information required to ensure our ethical and competent conduct; and
o communications, documentation and information processed in the context of any legal services provided by us, including in relation to any dispute, grievance, investigation, arbitration, or other legal advice we have been asked to provide to our client;
· Profile Data, including usernames and passwords to Keller Lenkner websites or password-protected platforms or services, information from forms you fill in, your feedback, your communication preferences, marketing preferences or other preferences in relation to our services;
· Physical Access Data and CCTV, including records of your visits to our premises, use of security passes and CCTV footage;
· Sensitive personal data: In the course of our services, including the provision of legal advice and the representation of our clients in legal matters, we may be required to collect and use sensitive personal information relating to you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life and sexual orientation or details of criminal offences, genetic data or biometric data when used to uniquely identify you).
For example, in representations in claims relating to medical services and devices, or personal injuries, information about medical conditions will be relevant. In some employment representations, such as disputes involving alleged discrimination, information about medical conditions, race, religion and/or sexual orientation may be relevant to the representation. Similarly, representations in tax or social security matters may also require us to collect sensitive personal information, such as if we are advising on whether certain disabilities qualify for social security or tax benefits. Where we process sensitive personal information in the course of these and other similar client services, we do so to assist our clients to obtain legal advice, or to establish, exercise or defend legal claims; to assist our clients in fulfilling rights and obligations under applicable employment or social security laws; or for the purpose of complying with applicable legal and regulatory requirements (for more details, see “How will we use your personal data”, below.
INFORMATION ABOUT OTHER PEOPLE
In certain circumstances, in the course of our client services, you may provide us with information about other individuals, who may not be aware of our processing of their information and it may not be appropriate for us to provide them with our Notice (for example, for confidentiality purposes). In such situations, before providing us with any personal data, you must ensure that the relevant individuals have received any required information in connection with the performance of our services and that we are allowed to use this information in the context of our services.
HOW WE COLLECT YOUR PERSONAL DATA
We will in principle collect your personal data directly from you, in the following circumstances:
o When you use our website and our online platforms and fill in our online forms;
o When you or your organisation offer(s) to provide, or provide(s), services to us;
o When – in the course of our client services – you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in meetings and conversations with our lawyers, consultants and staff;
o When you visit our premises; and
o When you participate in our events.
On certain occasions, we will receive your personal data from third parties, in particular:
o When we carry out “know your customer” or other background checks (for example, anti-money laundering or anti-bribery checks);
o When you have authorised third parties to communicate with us in relation to our client services (for example, in relation to litigation you are involved in);
o When we make enquiries from your organisation, other organisations with whom you have dealings such as former employers and educational institutions, or from third party sources such as government agencies, credit reporting agencies, information service providers, public registers or other publicly available records;
o When our clients or other third parties provide information to us because you are the subject of, or otherwise included in, legal advice or representation we have been asked to provide to such clients.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law or in order to enter into a contract with you and perform that contract (for example, to process your instructions or represent you at court) and you fail to provide that data when requested, we may not be able to carry out your instructions, represent you or more generally perform our contract with you. In this case, we may have to cancel our engagement or our contract with you, but we will notify you if this is the case at the time.
HOW WILL WE USE YOUR PERSONAL DATA?
We use your personal data only as allowed by law, for the following purposes:
o To fulfil a contract with you or to take steps to enter into a contract with you at your request. This includes:
§ to register you as a client of Keller Lenkner;
§ to provide and administer legal services or other services or solutions, as instructed by you or your organisation
§ to communicate with you as required for the purposes of providing our legal services and responding to your enquiries, by post, phone, SMS or email, using the contact details you have provided to Keller Lenkner;
§ to process payments, billing and collection; and
§ to receive any services you provide to us.
o As required by Keller Lenkner to conduct our business and pursue our and our clients’ (or other parties’) legitimate interests, provided that your interests and fundamental rights and freedoms do not override these legitimate interests. In particular:
§ to contact you in connection with the services we provide to you and to administer and manage our relationship with you, including accounting, auditing, and taking other steps linked to the performance of our business relationship including identifying persons authorised to represent our clients, suppliers or service providers;
§ to carry out conflict of interest checks, risk and compliance checks and background checks, where permitted and where we consider it appropriate;
§ to manage access to our premises and for security purposes
§ to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
§ for insurance purposes;
§ to exercise or defend our legal rights or to comply with court orders or regulatory decisions;
§ to provide legal advice and legal services to our clients;
§ to carry out market research and analysis and seek your feedback in relation to our services;
§ to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions, events and initiatives which we think you might find interesting;
§ to improve the quality of our services and communications with you, including by using information about your previous engagement with us; and
§ to monitor compliance with our policies and standards.
Please note that unless we have your prior consent, we will only provide you, as an individual, with marketing related information by email or SMS when we have a previous contractual relationship or a business relationship with you and provided you do not object to receiving such communications. You have the opportunity to opt out at any time from our marketing communications – please see the section “Your rights” below for further information on how to opt out. This does not cover direct marketing addressed to companies, which you may receive as part of your employment with that company.
o In order to comply with our legal and regulatory requirements, including for the purposes of maintaining records, carrying out compliance checks or other screening checks (e.g. anti-money laundering, financial and credit checks, checks for fraud and crime prevention and detection). This can include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity; keeping records of our communications with you for compliance purposes.
We will not use your personal data for taking any automated decisions affecting you or creating profiles other than as described above.
SHARING YOUR PERSONAL DATA
We will share your personal data in the following circumstances:
o With our professional advisors, including our legal advisors, financial advisors, insurers, accountants, auditors or other consultants to the extent they require this information to provide their services to us;
o With barristers, consultants, mediators and other experts when this is necessary for them to perform their tasks in relation to the establishment, exercise or defense of legal claims or other legal or regulatory proceedings;
o With our clients, when your information has been collected in the context of providing legal services to those clients, where such disclosure is necessary for our provision of legal services and as permitted by law;
o With courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is legally required or it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, for the purposes of a confidential alternative dispute resolution process, or in the context of similar proceedings;
o With third parties providing IT support and maintenance services, marketing and client support services, data storage services, services for ID checks, money laundering checks, sanctions screening, and checks for credit risk reduction and other fraud and crime prevention purposes; and other financial institutions and credit reference agencies providing services to us;
o With third parties that you have authorised us to exchange information with in relation to the provision of legal services to you;
o If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
STORAGE AND RETENTION OF YOUR PERSONAL DATA
We store your information within the UK and the European Economic Area (“EEA”). If we need to transfer your personal data to another person in a country which does not provide an adequate level of data protection, we will only do so to the extent this is necessary to perform a contract we have concluded with you or in your interest; for important reasons of public interest (such as the detection or prevention of money laundering); or for the establishment, exercise or defence of legal claims, or subject to safeguards that assure the protection of your personal data.
We will continue to keep your personal data for as long as this is necessary to fulfil the purposes for which we collect and use it, as these are explained in this Notice, including for complying with our legal and regulatory obligations (for example auditing, reporting and accounting requirements), for the provision of legal services and for the establishment or defence of legal claims.
We have put in place appropriate security measures to protect your information and prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
UPDATING YOUR PERSONAL DATA
You should make sure that you provide us with accurate and up-to-date information. If any personal data that you have provided to us changes (for example if you change your email address) or if you become aware that we hold any inaccurate information about you, please let us know by contacting us at firstname.lastname@example.org . We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data provided to us.
Data protection laws give you the following rights in respect of the personal data we hold about you: You have the right to ask us for a copy of your personal data; to correct, delete or restrict its processing; and to obtain your personal information that you provide in a structured, machine-readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we do not have to process your data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent, this will not affect any processing which has already taken place.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete data which we are required by law or have compelling legitimate interests to keep.
Where we process your data for direct marketing purposes, you have the general right to ask us to stop, and a more specific right to opt-out of receiving e-mail or SMS direct marketing communications from us. These can be exercised at any time. If you wish to opt-out of direct marketing communications, please follow the unsubscribe links on any marketing message you receive from us. To object to our marketing uses of your data more generally, please contact email@example.com. Please note that we will still need to get in touch with you for other reasons, for example to reply to enquiries, and in connection with legal services we provide to you – objecting to marketing will not affect those communications
If you are not happy with the way we use your personal data, or the way in which we fulfil any of the above rights, please let us know using the contact details at the end of this Notice. You also have the right to make a complaint to the data protection authority, which in the UK is the Information Commissioner (https://ico.org.uk/make-a-complaint/).
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data, or changing legal requirements. Any changes we may make to our Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Notice.
OUR CONTACT DETAILS
For any questions, comments and requests regarding this Notice please contact us via email at firstname.lastname@example.org or send a letter to Client Service Team, Keller Lenkner UK Limited, 81 Chancery Lane, London, England, WC2A 1DD.
If you have any question, issues or concerns about how we process your data you can contact our external data protection officer by email at DPO@kellerlenkner.co.uk.