Trowers & Hamlins

Sign up

Home » Our website » Privacy notices » Privacy notice – for clients

Privacy notice – for clients

Trowers & Hamlins is committed to protecting your privacy

The reason for this notice

Data protection law in the European Union is changing in 2018.  The EU General Data Protection Regulation, the UK's Data Protection Act 2018, comes into force in May 2018, and later in the year a new EU Regulation relating to privacy in electronic communications is expected to come into force.  For convenience we refer to this body of law as 'DP legislation'.

We expect to amend this notice as new legislation is passed, and as guidance is given so that the notice is as up to date as possible.

This privacy notice (sometimes called a processing notice or privacy policy) aims to inform our clients how we will process their personal information.  This notice should be read together with our terms of business and, where appropriate, our engagement letter.  Where we have agreed specific terms in relation to data privacy issues with you, that specific agreement takes precedence over the general nature of this privacy notice.

We have a separate privacy notice for third parties (also available on our website) and staff since the basis on which we process their personal data may be different.  By 'third parties' we mean:

  • individuals who have no contract with us but whose data we are handling; and, where different;
  • visitors to our website; or
  • individuals who receive marketing information from us.

Who we are

Trowers & Hamlins LLP ('we',' our', 'the firm') is a data controller for the purposes of the DP legislation and the Malaysian Personal Data Protection Act 2010.  We are registered with the UK Information Commissioner's Office with registration number Z1436854 and with the Office of the Malaysian Personal Data Protection Commissioner.  In some circumstances the data controller is Trowers & Hamlins (Services) Limited (registration number Z6861461).

Your data privacy rights

Personal data is information which identifies a living person, whether directly or indirectly.  A reference to 'you' and 'your' in this notice is to individuals whose personal data we are processing.

You have the right to access personal data that we hold for you and can find out more about your rights under the DP legislation at http://www.ico.org.uk

Your rights depend on the basis upon which we are processing your data and are difficult to summarise in a general document.

If you have any requests concerning your personal information or any queries with regard to our processing, please contact us at enquiries@trowers.com and your enquiry will be forwarded to the correct person.  Alternatively you can write to our Data Privacy Partner, 3 Bunhill Row, London EC1Y 8YZ.  We will respond to your enquiry within 30 days unless the query is complex.  We will advise you if this is the case.

You will not have to pay a fee to access your personal information (or to exercise any other right as a data subject).  However, we may charge a reasonable fee, if your request is clearly unfounded or excessive.

You have the right to lodge a complaint with the Information Commissioner in respect of our processing of your personal data.  Further details are available at http://www.ico.org.uk

How we collect personal data

We collect personal data in the course of our business from or about a number of different categories of people both directly and indirectly.  This includes:

  • where our clients are individuals, those clients; and
  • people who work for our clients such as customers of our clients.

What we collect

We collect personal information which can include one or more of the following:

  • basic information such as your name, title or position, and related information such as the company you work for;
  • contact options e.g. phone, email or post;
  • identification information collected as part of our client inception process;
  • financial information such as payment related information;
  • information to help us help you, inviting you to events of interest to you and, when you attend those events, information such as access or dietary requirements; and/or
  • any other information relating to you from public sources and/or provided to us by you.

From time to time this information may include special category data (which the DP legislation requires us to treat with extra care).  Special category data can include information about your health, racial or ethnic origin, religious or political beliefs, trade union membership, sex life or sexual orientation.

Where personal information has been supplied to us indirectly, we respect any specific requirements they may make about our use of that data but will process the data as data controllers in our own right. 

What we do with your information

We process personal information for the purpose of providing legal services to you and also for our own business purposes including:

  • to provide information requested by you;
  • to tell you about our services including details of events, seminars and publications (as permitted by you or by law);
  • disclosures to our regulators, auditors, our own legal or professional advisors, our insurers and insurance brokers; and/or
  • fraud prevention (including money laundering and bribery) and for the prevention or detection of crime (including use of CCTV on our premises).

What is the basis for processing your data?

We will only process your personal data where we have a lawful basis for doing so.  This is set out in the DP legislation.  The lawful basis will be one or more of the following, that the process is necessary for:

  • to perform a contract to which you are a party directly (or to which our client is a party) or taking steps prior to entering into such a contract;
  • compliance with our legal and regulatory obligations;
  • to pursue our legitimate business interests; and/or
  • establishing, exercising or defending legal claims.

This notice can only be a general summary.  You may at any time request to see and, if appropriate, amend, your personal data.  Details are given under 'Your data privacy rights'.

Transfer of personal data

We are an international law firm and our offices work collaboratively with each other.  We may need to process your information outside the location where it was given to us.  This may involve the transfer of your information outside the European Economic Area (the EEA), or vice versa.  The level of data privacy protection in countries outside the EEA may be less than offered within the EEA.  We have robust data transfer agreements between our offices and where third parties process data for us outside the EEA we take all reasonable steps to ensure that personal data is protected and secure.

Other websites

Our website may contain links to other websites outside our control and which are not covered by this Privacy Notice.  If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy notice, which may differ from ours.

Security

We use up-to-date data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss.  the firm is accredited with Cyber Essentials Plus and is Lexcel accredited.  Our employees and any third parties we engage to process personal information are required to respect its confidentiality.

Storage and disposal of personal data

We hold personal data and other information for different periods reflecting both good data protection practice and our regulatory, statutory and contractual requirements.  These periods are set out in our data retention policy, which is revised from time to time.  Please contact us if you would like to know the retention period for your own data.

Personal data supplied for the purpose of due diligence checks is used only for that purpose and destroyed five years after the termination of the business relationship between us.

Malaysia Personal Data Protection Act 2010 Notice

In accordance with the Malaysian Personal Data Protection Act 2010 this notice explains our data processing practices, how we comply with the Personal Data Protection Act 2010 and your options regarding the way in which your personal data is used. Under the Personal Data Protection Act 2010, we are required to ensure the accuracy of and provide you access to your personal information to make any changes to it.  You may at any time request to see and amend this data; if you would like to do so, please contact enquiries@trowers.com.

Changes to this notice

We reserve the right to update this privacy notice at any time.
Operative from 25 May 2018
Version: 1.0.0

To download a pdf copy of our privacy policy for clients click here.