Privacy Notice to all individuals within organisations
The European Union General Data Protection Regulation requires us (the data controller) to provide you (the data subject) with the information in bold at the beginning of each section below. The information is set out in the sections.
This Privacy Notice applies only individuals within organisations with which we deal. There are different Privacy Notices (on our website www.hart brown.co.uk) for clients, for marketing contacts, for specialists and experts in that capacity, and for third parties involved in client matters, some of which might also apply to you.
1. The identity and contact details of the controller and of our representative.
Controller – Hart Brown
Resolution House, Riverview, Walnut Tree Close, Guildford, Surrey GU1 4UX
Controller’s representative – David Wallace, Resolution House, Riverview, Walnut Tree Close, Guildford, Surrey GU1 4UX
2. Contact details of the data protection officer, where applicable.
3. The purposes of the processing for which the personal data are intended and the legal basis for the processing.
To enable us to conduct business with the relevant organisation.
The legal basis for the processing is that it is necessary for the purposes of a legitimate interest pursued by us.
4. Where the processing is necessary for the purposes of the legitimate interests pursued by us what are those legitimate interests?
To enable us to conduct business with the relevant organisation.
5. The categories of personal data involved.
The personal data we receive in respect of individuals within organisations with which we deal will usually only be their names, the organisation for which they work, their role in it, and their work contact details.
6. The possible recipients or category of recipients of the personal data.
6.1 Except as mentioned below, it is unlikely that we will share the relevant personal data at all. Once we have released any personal data we will not be in control of or able to ensure its security. However, except in the context of the prevention, investigation, detection or prosecution of criminal offences, any organisation to which we release the personal data will itself be bound to keep your data secure and generally to comply with the requirements of the General Data Protection Regulation. Where we release any of your personal data to a natural person in the course of a purely personal or household activity, that assurance of security will not apply. Any personal data we do release to a third party will be limited to what must be released for the relevant purpose to be achieved.
6.2. We will share that data with:
6.2.1 The hosts running our software on their systems.
6.2.2 Our software suppliers.
6.2.3 The providers of our copying machines, which also act as scanners, to the extent that when a document is copied or scanned the machine automatically makes an electronic copy.
6.2.4 Our external accreditation auditors, to the extent that they ask to see individual files or relevant accounts records.
6.2.5 Our external accountancy auditors.
6.2.6 The Solicitors Regulation Authority, to the extent that we are obliged to report an issue to them.
6.2.7 The Legal Ombudsman, to the extent that a complaint is made to her office about us.
6.2.8 The Information Commissioner’s Office when required to do so.
6.2.9 Our I.T. support contractors, to the extent necessary for them to provide that support.
6.2.10 Our professional indemnity insurers and their (and, if different, our) professional advisers, to the extent appropriate if and when circumstances arise where there might be a claim against us and by us on that insurance policy, to enable us to achieve a fair outcome.
6.2.11 The relevant authorities whenever we are required by law to do so including if we suspect there might have been or there might be an offence or attempted offence whether against the Money Laundering Regulations or otherwise.
6.2.12 The court, the tribunal, the arbitrator or the mediator if relevant.
6.2.13 Generally as may be necessary to enable us to do the work our clients have instructed us to do.
7. Can we transfer your personal data to a third country or international organisation?
Hart Brown does not usually transfer any information internationally. We can only do that in respect of your personal data if you want to make or have made a contract with us and sending the personal data internationally is necessary for the purpose of that contract, or if you consent to the data transfer. This will have to be addressed if the issue arises.
8. What is the period for which your personal data will be stored?
For as long as we wish to do business with the relevant organisation or until you leave it.
9. Is the provision of personal data a statutory or contractual requirement or a requirement necessary to enter into a contract, and are you obliged to provide personal data, and what are the possible consequences of failure to provide such data?
Your personal data might be required in order to enable a transaction or arrangement to which your organisation is or wishes to be a party to proceed, and failure to provide the data might prejudice the transaction or arrangement.
10. The existence of automated decision making, including profiling
Hart Brown does not use automated decision making including profiling.
11. What is the source of your personal data not obtained from you and, if applicable, will this come from publicly accessible sources?
The organisation for which you work. The personal data will not usually be obtained from publicly accessible sources
12. Your data protection rights.
12.1 You have the right to request from us access to and rectification or (in certain circumstances) erasure of personal data or (in certain circumstances) restriction of processing concerning you.
12.2 Where the processing is carried out by us on the basis that it is necessary for the purposes of the legitimate interests pursued by us, you have the right to object to it continuing and we must stop the processing unless we demonstrate legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of civil claims.
12.3 Where the processing is based on consent or under or leading to a contract and the processing is carried out by automated means, you have the right to receive from us the personal data concerning you which you have provided to us and the right to transmit those data to another controller.
12.4 Where the processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
12.5 You have the right to lodge a complaint with the Information Commissioner’s Office, who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 but we invite you to tell us first if you have any complaint, so that we can attend to it as soon as possible.
If you would like to exercise any of those rights, please:
- email, call or write to David Wallace,
- let us have enough information to identify you,
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request applies.