Last updated 9th November 2022
Introduction
Marcus Andreen Limited (“Marcus Andreen”, “we”, “our”) is a UK commercial law firm. We are committed to safeguarding the privacy of the personal data that is provided to us or collected by us during the course of our business, as well as the personal data we receive from visitors to our website at www.marcusandreeen.com. Marcus Andreen is the data controller of any personal data provided to us.
This Privacy Statement explains how we may use any personal data that we obtain about you, and your rights in relation to that data. It also sets out how to contact us if you have any questions about this Privacy Statement or want to make a complaint to us about how we handle your personal data.
The UK General Data Protection Regulation (GDPR) as well as the UK Data Protection Act 2018 (together the “Data Protection Laws”) give you various rights regarding the way in which we store and use your personal data. These are set out below in the section “What are your legal rights in relation to your personal data?” below. You can also get further information about data protection and privacy law by visiting the Information Commissioner’s web site at: https://ico.org.uk/.
If you have any questions about this Privacy Statement please email marcus@marcusandreen.com or write to Data Protection Officer, Marcus Andreen Limited, 32 Kensington Gardens, Bath BA1 6LH.
1. What personal data about you do we collect?
1.1 We may collect any of the following types of personal data about you:
1.2 If you are an individual client, or you are an individual whom we engage to provide goods or services, we will also collect payment information, including details of payments of our invoices as well as bank account details to pay your invoices and your VAT number.
1.3 If you are enquiring about, or applying for, a job we may collect recruitment data, including similar Identity and Contact Data (see above), interview notes, references, and other information that is included in your CV.
2. How do we collect your personal data?
2.1 We may collect your personal data directly, including when you communicate with us or you visit our website.
2.2 We may also collect your personal data indirectly. This could happen, for example, where your personal data has been provided:
3. How do we use your personal data?
3.1 We may collect, store, use and otherwise process your personal data for some or all of the following purposes:
3.2 We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. In these circumstances please contact us if you would like us to explain how the processing for the new purpose is compatible with the original purpose.
4. In what circumstances do we disclose your personal data?
4.1 We may share your personal data with the following categories of recipients:
4.2 We will share your personal data with the recipients referred to in Section 4.1 only as necessary for the purposes set out in Section 3 above, and then only to the extent reasonably necessary for the purpose for which we are engaging, communicating or dealing with them.
4.3 Where organisations in any of the categories of recipients referred to in Section 4.1 are providing us with services that involve them processing personal data on our behalf, they are our data processors. These currently include:
Please note this list is non-exhaustive and there may be circumstances where we reasonably need to share your personal data with other organisations in order to provide our services as effectively as we can, as described in this Privacy Statement or as required under applicable law or otherwise with your consent.
5. Where we do we process your personal data?
5.1 Some of our service providers may store or otherwise process personal data outside the UK. Where this is the case, we will ensure that your personal data will only be transferred either to countries that have been identified as providing adequate protection, or to a third party where there is a legal transfer mechanism in place to protect your personal data, for example where the service provider has entered into Standard Contractual Clauses.
6. What security measures are in place to protect your personal data?
6.1 We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Please see the Security Statement for further information.
6.2 We also have in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. For how long do we keep your personal data?
7.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements.
7.2 Details of specific retention periods for different aspects of your personal data are available from us on request.
7.3 Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable law.
8. What are your legal rights in relation to your personal data?
8.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:
8.2 If you wish to exercise any of the rights set out above, please contact us at marcus@marcusandreen.com, or by writing to Data Protection Officer, Marcus Andreen Limited, 32 Kensington Gardens, Bath BA1 6LH.
8.3 If you think that our processing of your personal information is in breach of data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In the UK the relevant supervisory authority is the Information Commissioner’s Office. We would, however, be grateful if you would contact us first and give us a chance to deal with your concerns before you approach the ICO.