This policy applies to information we collect about:
- visitors to our website;
- people who contact us through our website; and
- people whose personal data is sent to us in any other way.
We do not knowingly collect or process data from anyone under the age of sixteen (16) years old.
What do we collect?
- When you contact us through our website we collect the following personal information from you:
- email address and
- telephone number
You can also send other personal information by email or by adding text to the form on our website.
- Occasionally we may receive information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide our services.
- We may also collect and process information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide our services. We’re likely to do this in particular when we’re going through a client on-boarding. Client on-boarding may also involve us in researching beneficial owners of an organisation too.
- In addition, we may process the following:
- Location information (including GPS signals sent by a mobile device, location information gathered from social media networks or sensor or IP address data from your device);
- We send some emails using software provided to us by Vuture, and that software integrates with software provided to us by LexisNexis Enterprise Solutions. You can find out more details of Vuture and LexisNexis Enterprise Solutions, their privacy policies and how their software works at www.vutu.re and at www.lexisnexis-es.co.uk;
- Information from cookies, web beacons or from the internet, including your IP address, browser type, operating system, domain name, access times, which pages you visit within our website and referring website addresses. You can find out more about how we do that in our Cookies Policy at https://www.corderycompliance.com/cookie-policy/;
- If you ask us to connect with other sites (for example if you ask us to connect with your Facebook account) we may get information that way too;
- CCTV – if you visit our offices we may use CCTV on our premises. We may also have access to CCTV, visitor logging systems and other systems operated by our landlord, RELX Group, or its subsidiaries; and
- We may record any telephone calls for quality assurance, compliance and training purposes.
- In common with other solicitors firms we may also process data sent to us by our clients or by third parties (such as our client’s opponents in litigation). We ask our clients to only send us data which is appropriate and to make sure that they have a lawful means of sending that data to us which allows us to lawfully process that data.
How we will use the information about you?
We process your personal data either where we have your consent to do so, which you may withdraw at any time, or otherwise where this is necessary for:
- The performance of our contract with you for the provision of our services or to take preliminary steps at your request;
- Us to fulfil our legal obligations; or,
- The purposes of the legitimate interests pursued by us or a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Our legitimate interests are those indicated with a “*” below, and we consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on. You can however object to processing with regard to legitimate interests at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims – see also “Your rights” below.
We gather information from our website to allow us to answer any enquiries you raise with us through our website. The relevant information is then used by us to communicate with you. If you agree, we may also contact you about other products and services we think may be of interest to you.
- We may also use aggregate information and statistics for the purposes of monitoring website use in order to help us develop our website and our services. We may also provide this aggregate information to third parties *.
- Similarly, when we send emails to you we may use statistics on the emails we have sent, whether you had read them and other information which we find relevant *.
- We may need to share data for legal or compliance purposes. This may include sharing your information with the ICO or our professional regulator, the SRA. We may also process your data to protect our business or in the interests of security, public interest or law enforcement. We may also need to disclose your data in connection with actual or proposed litigation, or to protect our property, security or people or to enforce our legal rights and interests.
If you have given us permission, we may contact you by mail, telephone, SMS, text/picture/video message, social media or email to provide you with information about special features of our website or any other service we think may be of interest to you. If you would rather not receive this information, please simply email email@example.com. If you agree to us providing you with marketing information, you can always opt out at a later date.
Applying for a job online
- If you use the website to apply to work with us, we will use the information you supply to process your application and to monitor recruitment statistics. We may transfer your details outside of your home country and to other companies we work with. We ask others, including RELX (UK) Limited to help us recruit people. RELX joined the EU-US Privacy Shield Framework which was designed to allow personal data to be transferred from the EU to be processed by a company in the United States provided that they observe the terms of the Framework. Historically, the EU-US Safe Harbor scheme was used to transfer your data. The European Court ruled that Safe Harbor was not sufficient protection, on its own, for data transferred from Europe to the US. On 16 July 2020, the European Court then decided that that the EU-US Privacy Shield Framework, the scheme which the European Commission put in place to replace Safe Harbor, was also invalid. You can see our alerts on the issue here – https://bit.ly/pshielddead
- Personal information about unsuccessful candidates will be held for up to 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but individuals should not be identifiable from that data. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give more details about how we hold employee data and we will expect the employee to sign up to additional privacy terms as part of their employment.
Cookies and other information-gathering technologies
- For more information on which cookies we use and how we use them, see our Cookies Policy.
- We use a third party service, WordPress.com, to help with some of the content on our website. WordPress is run by Automattic Inc. WordPress may collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help improve it. WordPress may require you to enter a name and email address (for example to make a comment where a page has that functionality). For more information about how WordPress processes data, please see Automattic’s privacy notice at https://automattic.com/.
- We use Alchemy Interactive Ltd to support some parts of our website and to help us maintain it. You can find out more about them at https://www.alchemyinteractive.co.uk/. Our website platform is hosted by Catalyst2 Services Ltd. You can find out more about them at https://www.catalyst2.com/
- We use the RELX Group (relx.com) to provide us with due diligence data which helps with client on-boarding and some of the research that we do.
- Cordery has a presence on social media including on Twitter and LinkedIn. You can visit these sites for details of their privacy policies at https://twitter.com/privacy & https://www.linkedin.com/legal/privacy-policy. The news section of our website has buttons which allow you to share our content on social media. Again, do read their privacy policies to see what that sharing includes.
- We sometimes shorten the internet urls we use using a url shortening service like bit.ly. Url shortening services may give us access to information on people who click through the link including the data and time that they access the link and their location. You can find out more about bit.ly and the way in which these services work here https://en.wikipedia.org/wiki/Bitly.
- Our website also maintains a badge which is a mandatory requirement of the Solicitors Regulation Authority, our regulator. The SRA requires us to display this logo but we have not been able to establish how the SRA and its providers use data from our website. We understand that the SRA uses Yoshki to help them with the digital badge. For more information on the badge you may contact the Solicitors Regulation Authority at www.sra.org.uk or Yoshki at www.yoshki.com.
In common with many other businesses we use VOIP technology when you call us or when we call you. You can find out more about VOIP here https://en.wikipedia.org/wiki/Voice_over_IP. Since your call will be relayed via the internet, we can’t control where your data is processed. Our VOIP services are managed on our behalf by RELX Group at 2 sites based in the US which are located in Miamisburg, OH and Springfield, OH. If you would prefer not to use VOIP you can call any of our team on their mobile phones.
We may also agree to hold calls with you by some other medium, particularly in times of crisis. That could include WhatsApp (https://www.whatsapp.com/) or Microsoft Teams (https://products.office.com/en-gb/microsoft-teams/group-chat-software or Zoom (https://zoom.us/). We can’t guarantee the security of these products and you should visit their websites to see their privacy and security policies.
How we protect your information
We have put in place security procedures and technical and organisational measures designed to help safeguard your personal information. We will use what we consider to be reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet (and VOIP) is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you.
Despite the measures taken by us and any third parties we engage the internet is not secure and as a result others may nevertheless intercept or access private transmissions or data. If you ask us to share data with third party sites their servers may also not be secure.
How long we keep your information
Access to your information and updating and correcting your information
- You may have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please send an email to firstname.lastname@example.org or send a letter to Mark Dyke, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH, United Kingdom. We may make a small charge for this service where that is legally permitted.
- We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided to Cordery changes, for example if you change your email address or name, please let us know the correct details by sending an email to email@example.com or send a letter to Mark Dyke, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH, United Kingdom. You may ask us, or we may ask you, to correct information you or we think is inaccurate or not up to date, and you may also ask us to remove information which is inaccurate.
By submitting your personal information you consent to the use of that information as set out in this policy.
- To the extent permitted by law you have the right to access, update, correct, restrict, delete, be forgotten or object to the processing of, ore request the data portability of the personal data collected about you subject to some conditions and exceptions. You can find more about those rights in the EU by reading the General Data Protection Regulation available at https://eur-lex.europa.eu/eli/reg/2016/679/oj. Our glossary at http://www.corderycompliance.com/eu-data-protection-glossary/ also has information on some of these rights. If you wish to inquire about those rights or would like to submit a request then please send an email to firstname.lastname@example.org or send a letter to Mark Dyke, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH, United Kingdom.
- As mentioned earlier, you have the right to opt-out of receiving communications from us at any time even if you have chosen to opt-in on an earlier occasion.
- You also have the right to lodge a complaint with the ICO. You can contact the ICO at www.ico.org.uk.
- Cordery is committed to respecting all of the above rights in compliance with applicable laws and regulations. If you wish to inquire about any of those rights or have any concern, please contact us immediately using the contact details below. We will respond to any of your inquiries or concerns as soon as possible and in any case within 1 month of receipt of the request as per Art 12(3) GDPR.
How to contact Cordery
Links to other websites