Tyr Law respects your privacy and is committed to protecting your personal data.
- Important information and who we are
This policy also tells you about your privacy rights and how the law protects you.
Tyr Law is registered as a controller with the Information Commissioner with number ZA518268.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, former names, username or similar identifier, marital status, title, date of birth, gender and details of your spouse or dependents.
- Employment Data includes data about employment status including details of salary and benefits. It may also include information about current or former employment. Employment Data is most relevant when you apply for a role with us, though it may also be relevant to the provision of legal services and so may form part of Client Matter Data.
- Contact Data includes address information, email address and telephone numbers.
- Financial Data includes bank account and payment card details in so far as they relate to an individual. It may also include information which we process in connection with our clients and owner ID checks such as bank account statements, utility statements or similar.
- Transaction Data includes details about payments to and from you.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or which you might otherwise use in accessing any other systems we may make available as part of the provision of legal services. This may include user access information which we hold in connection with any secure portal or similar document exchange system which we may make available in the provision of services.
- Profile Data includes your preferences and feedback responses.
- Usage Data includes information about how you use our website or services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Client Matter Data includes personal data relevant to the provision of our services which is not otherwise within the above categories and which will vary according to the nature of the legal services which we provide. In particular, this will depend on whether our client is an individual or a corporate entity. For example, Client Matter data may include information about business relationships, partners, advisors and associates and roles and activity undertaken by particular persons. It may also include ownership information such as where you own a company, property or have other assets.
We do not routinely collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). However, we may collect such information if it is relevant to your potential employment with us for example, if required to facilitate an interview with you. Otherwise, we will only hold Special Category Personal Data if it forms part of Client Matter Data for the provision of legal services.
We do not usually collect any information about criminal convictions or offences other than on rare occasions in connection with our client ID checks.
Our website is not intended for children and we do not knowingly collect data relating to children either through the website or otherwise.
If you fail to provide personal data
Where we need to collect personal data by law, under the terms of a contract we have with you or with an organisation which you represent, or for any other reason which requires the collection of personal data and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you or your organisation (for example, to provide legal services) or it may otherwise restrict or delay us performing services.
In particular, note that we are a regulated firm of solicitors and have obligations in connection with obtaining information to properly identify our clients and the individuals who own them. A failure to provide identification information when requested, in particular, may mean a delay in or non-performance of, our services.
Your duty to inform us of changes
It is important that the personal data we hold is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You can do this by providing the updated information to the fee earner dealing with your matter.
- How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions. This is the main way in which we collect personal data and will usually involve you providing us with your Identity and Contact Data as a minimum so that we deal with your initial enquiry. If you contact us about a position, you will usually also need to supply your Employment Data for example, if you apply for a role via our website. Other information such as Client Matter Data will usually come through direct interactions when you contract for legal services for yourself or on behalf of your organisation. Direct interactions may also include you requesting marketing to be sent to you or providing us with feedback such as following a seminar or other event.
Third parties and publicly available sources. We will receive personal data about you from various third parties and public sources. This includes information from our third-party service provider (and its providers) who provides ID and verification services to us to assist with our regulatory requirements in connection with money laundering avoidance. We may also collect information such as Identity and Contact Data from publicly available sources including Companies House, the Electoral Register and credit reference providers.
We may also where appropriate, work alongside other professional advisors such as other lawyers, accountants, tax advisors, patent and trade-mark attorneys, referrers and other intermediaries as well as banks and other funding providers, agents such as land and property agents, surveyors and consultants. The type of third party will vary according to the particular relationship we have with you, but it is possible that personal data is provided to us by such third party organisations.
Where you apply for a role with us, we may also collect information from referees or previous employers but we will only do so with your consent.
- How we use your personal data.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform a contract we are about to enter into or have entered into with you or with the organisation you represent.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
- Where you have given your consent.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will usually get your consent before processing any Special Category personal data.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of the ways in which we use personal data, and which of the legal bases we rely on to do so for each of those purposes. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data where more than one has been set out in the table below.
|Purpose for which we use personal data||Type of data (as detailed above) relevant to the purpose||Lawful basis for using the data|
|To provide legal services to you or to the organisation which you represent, in each case, our named client.||· Identity Data
· Contact Data
· Financial Data
· Transaction Data
· Client Matter Data
· Employment Data may also be relevant depending on the matter
|In some instances, processing this data is necessary for the performance of a contract with you. This applies where you, the person on whom we hold the personal data is our client. This may be where we act for an individual, sole trader or in some cases, partners in a partnership or shareholders in a company.
This will not apply where our client is a corporate entity. In those cases, we rely on the fact that processing is necessary as it is in our legitimate interests to use personal data as required to provide our services to our client.
In some instances, we will also process data where necessary to comply with a legal obligation in the performance of our services, for example in order to fulfil duties to the court or to liaise with bodies such as Companies House or the Land Registry.
Where the data we process for this purpose includes special category data, we will usually process that data with your consent (which will be implied when you provide information to us in connection with the purposes for which you disclose it). In some cases, we will process special category data on the basis that the processing is necessary for establishing, exercising or defending legal claims.
|Conduct checks to identify our clients, screen for financial and other sanctions or embargoes, other processing to comply with professional, legal and regulatory obligations.||· Identity Data
· Contact Data
· Financial Data
· Transaction Data
|In some instances, processing this data is necessary for the performance of a contract with you. For example, where you, the person on whom we hold the personal data is our client.
This will also be processing which is necessary to comply with legal and regulatory obligations which we are subject to. This is because we are regulated by the Solicitors Regulation Authority and are required to comply with money laundering avoidance legislation.
|To deal with ancillary processes in the deliver y of our legal services including managing payments, and disbursements, fees and charges and collecting and recovering money owed to us.||· Identity Data
· Contact Data
· Financial Data
· Transaction Data
|This is necessary for our legitimate interests to recover debts due to us, make payments and to ensure appropriate record keeping in relation to financial arrangements.|
|To manage our relationship with you for reasons other than those above, which will include contacting you from time to time to deal with administrative or other matters such as providing information about updates to our terms.||· Identity
|In some instances, this will be necessary for performance of our contract with you. This includes where we act for an individual, sole trader or in some cases, partnerships and shareholders. Otherwise, we will use data for this purpose where it is necessary to comply with a legal obligation or where it is necessary for our legitimate interests for example, to keep our records updated.|
|To operate our website including the use of data analytics to improve our website.||· Identity
|We use this data as it is necessary for our legitimate interests of making our website available and ensuring appropriate network security. It is also in our legitimate interests to provide an enquiry facility on our website, through which you might provide us with personal data, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.|
|Managing relationships with suppliers, contractors, intermediaries and other non-client entities.||· Identity Data
· Contract Data
· May include Financial Data, Transaction Data and Client Matter Data but this will all vary according to the nature of our services in any given case.
|It is necessary for our legitimate interest to use data for the purpose of dealing with these entities, whether for the running of our business (such as our suppliers) and otherwise in connection with performance of service and the operation of our business. This may include dealing with external counsel, banks and other finance providers, insurers, estate agents, patent agents, surveyors, land agents and other professional advisors including those of counterparties. This is all necessary for the operation of our business as a professional services firm. Further information about the types of third party which we deal with is set out below.|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies and to provide statutory or regulatory returns/reports.||· Identity
|To comply with our legal and regulatory obligations. This may include the provision of relevant data to our regulatory bodies.|
|Marketing and business development activity. This includes marketing our services to existing and former clients and people who have expressed an interest in our services.||· Identity Data
· Contact Data
· Technical Data
· Profile Data
· Usage Data
|We use this data as it is necessary for our legitimate interests to promote our business to existing and new clients and contacts and undertake business development and networking activity.|
|Recruitment and Work Placements.||· Identity Data
· Contact Data
· Employment Data
|We will use this information as it is in our legitimate interest to do so to review job and placement applications for recruitment purposes. Some of this information may also include special categories of data including information about health, for example if we need to make arrangements for an interview. We will use this data where we have your consent to do so which we will rely on by virtue of this disclosure of information to us.|
Promotional communications from us
We may use your Identity, Contact, Technical, Profile and Usage Data to send you updates about legal developments that might be of interest to you and/or information about our services and/or business development events.
You may receive marketing communications from us if you have requested information from us or if you have made enquiries about or purchased services from us, and you have not opted out of receiving that marketing. We do not provide contact details to third parties for the purpose of sending to you any marketing information.
You can ask us to stop sending you marketing messages at any time by contacting us using the details above in the contact details section.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require an explanation about how processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will usually notify you and will explain the legal basis which allows us to use the data for that other purpose.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- Disclosures of your personal data
This section 5 provides more detailed information about third parties with whom we may share your personal data for the purposes in the table above.
- Third parties involved in any matter including courts, tribunals, counterparties, barristers, accountants, tax advisers, experts, private investigators, land and property agents, intermediaries, corporate finance advisors, patent and trade mark attorneys and other third parties involved in a matter where it is necessary to carry out your instructions and provide legal services.
- Suppliers and service providers used by us in providing services including document storage facilities, case management software, accounting software and online disclosure and document exchange platforms, as well as client identification service providers.
- Financial organisations including banks, debt collection, credit reference and tracing agencies.
- Our auditors, accountants and other professional advisers, insurers and brokers, government agencies, regulators and other authorities including the Solicitors Regulation Authority, the Law Society and the Information Commissioner.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. The exception to this is where, as a matter of data protection law, organisations act as data controllers of personal data. For example, where we pass personal data to barristers and other solicitors, those organisations will also usually act as a data controller of that personal data.
- International transfers
We do not transfer your personal data outside the European Economic Area (EEA) except where this is in accordance with your instructions in the context of a particular matter.
- Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Data retention
How long will you use my personal data for?
We will usually keep personal data for up to 6 years after we have finished acting for you or after our relationship with you has otherwise ended. We will do so in order to:
- Respond to any questions, complaints or claims made by you or on your behalf.
- To show that we treated you fairly.
- To keep sufficient records in order to comply with our legal and regulatory obligations.
We will not keep your data for longer than is necessary for the purposes set out in this policy and where it is no longer necessary to retain your personal data, we will delete or anonymise it.
We take account of requirements and guidance which may be issued from time to time and which we are subject to, including as published by the Solicitors Regulation Authority in determining our data retention periods.
- Your legal rights
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. There may also be other legal and regulatory considerations we need to take into account however in connection with this kind of request, for example, where we have a right to exercise a lien in accordance with our terms of business.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact Luisa D’Alessandro on the details above.
For further information on each of these rights, please see the Guidance from the UK Information Commissioner’s Office on individuals’ rights under the General Data Protection Regulation.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.