Privacy Statement

Last updated 9th November 2022

Introduction

Marcus Andreen Limited (“Marcus Andreen”, “we”, “our”) is a UK commercial law firm.   We are committed to safeguarding the privacy of the personal data that is provided to us or collected by us during the course of our business, as well as the personal data we receive from visitors to our website at www.marcusandreeen.com.  Marcus Andreen is the data controller of any personal data provided to us.

This Privacy Statement explains how we may use any personal data that we obtain about you, and your rights in relation to that data.  It also sets out how to contact us if you have any questions about this Privacy Statement or want to make a complaint to us about how we handle your personal data.

The UK General Data Protection Regulation (GDPR) as well as the UK Data Protection Act 2018 (together the “Data Protection Laws”) give you various rights regarding the way in which we store and use your personal data.  These are set out below in the section “What are your legal rights in relation to your personal data?” below.  You can also get further information about data protection and privacy law by visiting the Information Commissioner’s web site at: https://ico.org.uk/.

If you have any questions about this Privacy Statement please email marcus@marcusandreen.com or write to Data Protection Officer, Marcus Andreen Limited, 32 Kensington Gardens, Bath BA1 6LH.

1.          What personal data about you do we collect?

1.1         We may collect any of the following types of personal data about you:

  • Identity and Contact Data. This includes title, name, job title/function, the organisation you work for or are engaged by, email address, social media accounts, telephone numbers, addresses, passport number.
  • Business Information. This includes information about you or your business provided in the course of the client relationship between you or your organisation and us, or otherwise provided by you or your organisation.
  • Marketing and Communications Data. This includes your preferences in receiving email notifications of blog posts and legal updates published on our website, as well as other marketing material.

1.2         If you are an individual client, or you are an individual whom we engage to provide goods or services, we will also collect payment information, including details of payments of our invoices as well as bank account details to pay your invoices and your VAT number.

1.3         If you are enquiring about, or applying for, a job we may collect recruitment data, including similar Identity and Contact Data (see above), interview notes, references, and other information that is included in your CV.

2.          How do we collect your personal data?

2.1         We may collect your personal data directly, including when you communicate with us or you visit our website.

2.2         We may also collect your personal data indirectly. This could happen, for example, where your personal data has been provided:

  • by someone else from your organisation
  • by someone else from another organisation with whom you or your organisation is dealing
  • by someone who has referred or recommended us to you
  • by someone involved in recruitment

3.          How do we use your personal data?

3.1         We may collect, store, use and otherwise process your personal data for some or all of the following purposes:

  • Setting you or your organisation up as our client
  • Identification and anti-money laundering checks
  • Providing legal services to you or the organisation that you work for, and administering the engagement
  • Client relationship management, including dealing with complaints
  • Business development and marketing
  • Communicating with you. For example, if you have subscribed to receive email notifications of blog posts and legal updates, we may provide you with notifications by email.  You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing-related message sent to you, or by contacting us at any time.
  • Dealing with job applications and recruitment generally
  • Dealing with our insurers
  • Enforcing any legal claims against you or your organisation, or defending ourselves against any claims from you or your organisation
  • Where we have engaged you to provide services to us, receiving the proper benefit of any of those services and administering that engagement
  • Other purposes required by law
  • Other purposes described at the point of personal data collection

3.2         We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. In these circumstances please contact us if you would like us to explain how the processing for the new purpose is compatible with the original purpose.

4.          In what circumstances do we disclose your personal data?

4.1         We may share your personal data with the following categories of recipients:

  • Our professional advisers
  • Government or regulatory authorities
  • Our insurers
  • Organisations or individuals to whom we outsource certain services, including data hosting, website management, IT systems or software providers, IT support service providers, email marketing service providers and document and information storage providers
  • Organisations or individuals engaged by us with your agreement, such as barristers or other specialist lawyers
  • Organisations or individuals with whom you or your organisation is dealing, and their professional advisors
  • Prospective buyers if we propose to sell any business or assets
  • Referees where dealing with job applications

4.2         We will share your personal data with the recipients referred to in Section 4.1 only as necessary for the purposes set out in Section 3 above, and then only to the extent reasonably necessary for the purpose for which we are engaging, communicating or dealing with them.

4.3         Where organisations in any of the categories of recipients referred to in Section 4.1 are providing us with services that involve them processing personal data on our behalf, they are our data processors. These currently include:

  • Microsoft Corporation (Office 365 applications)
  • Xero (UK) Ltd (accounting software)
  • DocuSign Inc. (electronic signature services)
  • The Rocket Science Group LLC t/a Mailchimp (email marketing services)

Please note this list is non-exhaustive and there may be circumstances where we reasonably need to share your personal data with other organisations in order to provide our services as effectively as we can, as described in this Privacy Statement or as required under applicable law or otherwise with your consent.

5.          Where we do we process your personal data?

5.1         Some of our service providers may store or otherwise process personal data outside the UK.  Where this is the case, we will ensure that your personal data will only be transferred either to countries that have been identified as providing adequate protection, or to a third party where there is a legal transfer mechanism in place to protect your personal data, for example where the service provider has entered into Standard Contractual Clauses.

6.          What security measures are in place to protect your personal data?

6.1         We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  Please see the Security Statement for further information.

6.2         We also have in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.

7.          For how long do we keep your personal data?

7.1         We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements.

7.2         Details of specific retention periods for different aspects of your personal data are available from us on request.

7.3         Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable law.

8.          What are your legal rights in relation to your personal data?

8.1         Under certain circumstances, you have rights under data protection laws in relation to your personal data.  These include:

  • The right at any time to withdraw your consent to our processing of your personal data.
  • The right to be told what personal data we hold about you on our database and how we process that data.
  • The right to request that we provide you with a copy (in a commonly used electronic format) of all the personal data that we hold about you. Unless you make repeated requests, we will not charge a fee for providing you with a copy of this data.
  • The right to request that we correct any inaccurate or incomplete personal data that we hold about you.
  • The right to request that we irretrievably delete all personal data that we hold about you (the so-called “right to be forgotten”). Note that there are limited circumstances in which we are legally entitled to refuse to comply with this request.
  • The right to request that we transmit all the personal data that we hold about you (in a structured, commonly used and machine-readable form) to another organisation’s IT environment. Note that we are only legally obliged to comply with this request if it is technically feasible for us to do so.

8.2         If you wish to exercise any of the rights set out above, please contact us at marcus@marcusandreen.com, or by writing to Data Protection Officer, Marcus Andreen Limited, 32 Kensington Gardens, Bath BA1 6LH.

8.3         If you think that our processing of your personal information is in breach of data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In the UK the relevant supervisory authority is the Information Commissioner’s Office.  We would, however, be grateful if you would contact us first and give us a chance to deal with your concerns before you approach the ICO.

Get in touch

  • Your email address will only be used to respond to your message