Privacy Notice to all Marketing Contacts
The European Union General Data Protection Regulation requires us (the data controller) to provide you (the data subject) with the information in bold at the beginning of each section below. The information is set out in the sections.
This Privacy Notice applies only to marketing contacts in that capacity. There are different Privacy Notices (on our website www.hart brown.co.uk) for clients, for experts and specialists, for third parties involved in client matters, and for individuals within organisations with which we deal, some of which might also apply to you.
1. The identity and contact details of the controller and of our representative.
Controller – Hart Brown
Resolution House, Riverview, Walnut Tree Close, Guildford, Surrey GU1 4UX.
Controller’s representative – David Wallace, Resolution House, Riverview, Walnut Tree Close, Guildford, Surrey GU1 4UX.
2. Contact details of the data protection officer, where applicable.
3. The purposes of the processing for which the personal data are intended and the legal basis for the processing.
3.1 To enable us to send you marketing material, including invitations to seminars or other events, or to call you for those purposes.
The legal basis for that processing is that you have consented to it.
3.2 We will share personal information with law enforcement or other authorities if legally required.
The legal basis for the processing is that it is necessary for compliance with a legal obligation to which we are subject.
3.3 You can withdraw your consent at any time, in the way described when we sought your consent. If you withdraw your consent we will not market our services or events to you or email to you electronic publications we issue.
4. Where the processing is necessary for the purposes of the legitimate interests pursued by us what are those legitimate interests?
This is not relevant
5. The categories of personal data
Your name and contact details, and such further personal data as you might give us or might be received by us which would be relevant for marketing purposes.
6. The possible recipients or category of recipients of the personal data.
6.1 Except as mentioned below, where we hold your personal data only for marketing purposes we will not share any of your personal data with anyone or any organisation other than where we are required to do so for legal reasons or for compliance or accreditation purposes. Once we have released any personal data we will not be in control of or able to ensure its security. However, except in the context of the prevention, investigation, detection or prosecution of criminal offences, any organisation to which we release the personal data will itself be bound to keep your data secure and generally to comply with the requirements of the General Data Protection Regulation. Any personal data we do release to a third party will be limited to what must be released for the relevant purpose to be achieved.
6.2 In respect of all personal data:
6.2.1 The hosts running our software on their systems.
6.2.2 Our software suppliers.
6.2.3 The providers of our copying machines, which also act as scanners, to the extent that when a document is copied or scanned the machine automatically makes an electronic copy.
6.2.4 Our external accreditation auditors, to the extent that they ask to see individual files or relevant accounts records.
6.2.5 Our external accountancy auditors.
6.2.6 The Solicitors Regulation Authority, to the extent that we are obliged to report an issue to them.
6.2.7 The Legal Ombudsman, to the extent that a complaint is made to her office about us.
6.2.8 The Information Commissioner’s Office when required to do so.
6.2.9. Our I.T. support contractors, to the extent necessary for them to provide that support.
6.2.10 Our professional indemnity insurers and their (and, if different, our) professional advisers, to the extent appropriate if and when circumstances arise where there might be a claim against us and by us on that insurance policy, to enable us to achieve a fair outcome for you.
6.2.11 The relevant authorities whenever we are required by law to do so including if we suspect there might have been or there might be an offence or attempted offence whether against the Money Laundering Regulations or otherwise.
7. Can we transfer your personal data to a third country or international organisation?
Hart Brown does not usually transfer any information internationally. We can make an international transfer of personal data if it is necessary for the performance of a contract between you and us or for pre-contractual steps to be taken at your request. Otherwise, unless the country in question ensures an adequate level of protection or there are appropriate safeguards and effective legal rights and remedies are available for you, we will be obliged to explain all the risks to you before seeking your consent to make the data transfer. This will have to be addressed if the issue arises, and could delay or prevent progress.
8. What is the period for which your personal data will be stored?
Indefinitely, until you ask us to delete it. If you do ask us to delete it, we will still keep your name and address, to record our compliance with that request, but that data will not be processed in any other way.
9. Is the provision of personal data a statutory or contractual requirement or a requirement necessary to enter into a contract, and are you obliged to provide personal data, and what are the possible consequences of failure to provide such data?
There is no statutory duty on you to provide personal data to us. There is seldom, if ever, any requirement or obligation on you to provide personal data to Hart Brown. However, if before a contract with us is made you do not provide the personal data essential for that purpose we will not be able to enter into a contract with you or therefore do the work for you at all; and if after the contract has been made you do not (on your initiative or at our request) provide us with personal data relevant or potentially relevant to your matter it is likely to undermine the prospects of a successful outcome and could prevent us from progressing or completing the work.
10. The existence of automated decision making, including profiling
Hart Brown does not use automated decision making including profiling.
11. What is the source of your personal data not obtained from you and, if applicable, will this come from publicly accessible sources?
We obtain names and contact details from the following publicly available sources: Social media sites (Facebook, Twitter, LinkedIn, Instagram), review websites (e.g. Review Solicitors and Google Business), company websites, Legal 500 and Chambers directories, magazines, exhibitions, and awards ceremonies (e.g. Surrey Business Awards).
We also obtain names and contact details from networking events, emails that have been forwarded on (email trails), details passed to us by other individuals who we have a relationship with, industry contact lists, and claims management companies.
12. Your data protection rights
12.1 You have the right to request from us access to and rectification or (in certain circumstances) erasure of personal data or (in certain circumstances) restriction of processing concerning you.
12.3 Where the processing is based on consent or under or leading to a contract and the processing is carried out by automated means, you have the right to receive from us the personal data concerning you which you have provided to us and the right to transmit those data to another controller.
12.4 Where the processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
12.5 You have the right to lodge a complaint with the Information Commissioner’s Office, who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 but we invite you to tell us first if you have any complaint, so that we can attend to it as soon as possible.
If you would like to exercise any of those rights, please:
- email, call or write to David Wallace,
- let us have enough information to identify you,
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request applies.