- what personal information we collect about you
- how we obtain your personal information
- how we use your personal information
- on what basis we use your personal information
- how long we keep your personal information
- who we share your personal information with
- how we protect your personal information
- which countries we transfer your personal information to
- your rights regarding your personal information
‘Gunnercooke’ refers to Gunnercooke LLP, its subsidiaries and other partnerships, corporations, undertakings and entities which are authorised to practice using the name ‘Gunnercooke’. See ‘Data controllers’ below for more information on the entities that control and process personal data in Gunnercooke.
There are a number of entities through which Gunnercooke provides legal services. Most of the firm’s main IT systems are located in the UK and controlled by Gunnercooke LLP. Depending on the location where legal or other services are provided, another undertaking or entity in the Gunnercooke group may be the data controller in relation to your personal data. Please visit our country specific Legal Notices pages [here] for details of the Gunnercooke entity through which we practise law in each jurisdiction and, where necessary having regard to local applicable data protection or privacy laws, a country-specific privacy notice.
1. What information do we collect?
The following tables set out what personal information we may process, why we process that personal information and the legal basis for such processing:
1.1 Information you give us.
|What personal data might be supplied to us?||Why we process that personal data:||The legal basis for processing that personal data.|
|Client Data: Information about you which relates to your account with us or the instructing client’s account with us. This information may include your name, your postal address, your email address and your telephone and/or mobile number, and such other information as we determine is needed to verify the identity of our clients.||We will process this data to verify your identity, maintain your account with us, to provide our services, to communicate with you and to back up our database. The reason we process this data is to ensure the proper administration of the instructing client’s account and our business and, where you have entered into a contract with us, for the purposes of fulfilling our contract with you.||The legal basis we rely on for processing this data is as follows:- Our legitimate interests; or- Fulfilment of our contract with you or the instructing client; or- Complying with our legal obligations.|
|Registration Data: Information you provide when you register to use our website, enter a competition, promotion or survey, or when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number.||We will process this data so we can deal with your registration, or other communications or applications, or to address your query or concern. The reason we process this data is to ensure the proper administration of your registration and our business.||The legal basis we rely on for processing this data is as follows:- Our legitimate interests; or- Consent.|
|Communication Data: If you communicate with us (through our website contact form, via email, phone, post or any other means of communication by which you choose to contact us), we will process the information contained in your communication. This information may include your name and contact information, the content of your communication and any metadata our website generates where you communicate with us using the contact form available on our website.||We will process that information so we can correspond with you and keep records of such correspondence.||The legal basis we rely on for processing this data is as follows:- Our legitimate interests; or- Consent.|
|Recruitment Data: Where you register your interest in a current or potential job or role with us, or otherwise provide us with information in relation to a job or role (either directly, indirectly or through an agent who you have instructed for this purpose) we will process your data so that we can access your suitability for the job or role with us. The data we will retain will include your name, your contact details and your curriculum vitae (CV).||We will process this information so that we can access your suitability for any current or potential job or roles with us and so that we can contact you about any such opportunities. The reason we are processing this data is to ensure the proper administration of our business. You have also consented to us using your data for these purposes where you have applied for a vacancy or role with us.||The legal basis we rely on for processing this data is as follows:- Consent; and/or- Our legitimate interests.|
|Notification Data: Where you have purchased services from us, or where you subscribe to receive our email notifications and/or newsletters, we will process your data so that we can send such email notifications and/or newsletters to you.||We will only process such personal information where you have purchased services from us or you have consented to us doing so.||The legal basis we rely on for processing this data is as follows:- Our legitimate interests- Consent.|
|Regulatory Data: We may process your data if we need to do so in order to comply with our legal and/or regulatory obligations, and/or so that we can protect the vital interests of you or another natural person.||The reason we will process such data is to protect the vital interests of you or another natural person, or in order to comply with our legal and/or regulatory obligations.||The legal basis we rely on for processing this data is as follows:- Vital interests; or- Our legitimate interests; or- Compliance with our legal and regulatory obligations.|
1.2 Information we collect from other sources.
|What personal data might we collect from other sources?||Why we process such personal data:||The legal basis for processing this personal data.|
|Transaction Data: When a client instructs us to provide goods / services, the client will need to provide certain information to us so that we can supply those goods / services. The personal information which may be communicated to us in the course of supplying services to our clients may include a data subject’s name, contact details, payment card details and other personal information relevant to a transaction.||We will process that data in order to perform our contract with you and/or our client and to fulfil the transaction. We also need to comply with our regulatory obligations when administering our business. .||The legal basis we rely on for processing this data is as follows:- Performance of our contract with you or our instructing client; or- Our legitimate interests.|
|Technical Data: Technical information relating to your use of our websites, including (1) the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may obtain this data through our analytics tracking system; and (2) information about your visit to our website(s), including the full Uniform Resource Locators (URL), clickstream to, through and from our website(s) (including date and time), products and services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.||We process this data so we can monitor and analyse how our websites are used so we can improve our websites and our services. Theis helps us to administer our business and improve the services we offer.||The legal basis we rely on for processing this data is as follows:- Our legitimate interests.|
|Third Party Data: This is information we receive about you if you use any of the websites we operate or the services we provide. We are working closely with third parties (including, for example, consultants, business partners, other solicitors and professionals, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We may receive personal data about you from these organisations. Those organisations will have their own privacy policies detailing how they process personal data. In particular, we may receive information from other companies within the gunnercooke group. Please see paragraph 3 below for more information.||We process this data so that we can properly administer our business.||The legal basis we rely on for processing this data is as follows:- Our legitimate interests.|
3. When will we disclose your personal data to others?
3.1 We may need to share your personal information with members of our group, which means our subsidiary and our associated companies including gunnercooke Consulting Limited (CRN: 09060177) and our subsidiary GC Trustees Limited (CRN: 11162269). The term subsidiary is defined in section 1159 of the UK Companies Act 2006.
3.2 We may need to share your personal information with certain selected third parties including:
(a) consultants who are engaged by gunnercooke to deliver services directly to its clients. Those consultants are described as partners and solicitors. We may also engage legal secretaries, paralegals and trainee solicitors to provide services to clients on our behalf. We engage these people, and they need to process personal data on our behalf, in order to perform any contract we have with you and also to ensure the proper administration of our business.
(b) our business partners, suppliers and sub-contractors for the purpose of performing any contract we have with you or them. In particular, we use third party companies to process your personal data in order: (1) to provide our case management system for us, (2) to carry out our identity and credit verification checks, to provide: (3) legal support services (including the processing of information by the courts service and barristers), (4) confidential information destruction and deletion services; (5) data storage services; (6) communication facilities; (7) document production services; (8) event support and management services; (9) public relations services; (10) banking services; (11) to manage legal filings and registrations; (12) legal search services; (13) conferencing facilities and call answering facilities; and (14) any other services which we deem are necessary to properly manage our business and comply with our legal and regulatory obligations.
(c) analytics and search engine providers that assist us in the improvement and optimisation of our website.
3.3 We will also disclose your personal information to third parties in the following circumstances:
(a) If we sell or buy any business or assets, in which case we may need to disclose certain personal data to the prospective seller or buyer of such business or assets.
(b) If all or most of our assets are acquired by a third party, in which case personal data held by us about our clients will be one of the transferred assets.
(c) If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce any legal agreement we have with you; or to protect our rights or property, or the safety of us, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
4. Where do we store your personal data?
We will always try to ensure that your personal data is processed within the European Economic Area. In some circumstances this will not be possible. In circumstances where it is necessary for us to transfer your personal outside the European Economic Area, we will only transfer such personal data to third parties where we have carried out due diligence on such third parties to ensure they will protect your personal data using similar standards and safeguards as we have. We will also have contractual provisions in place with such third parties to ensure your personal data is protected. Such contractual provisions will be based on the standard contractual clauses approved by the European Commission for the transfer of data outside the EEA or such other appropriate standards as are required from time to time by the European Commission or the UK Government. You consent to the transfer of your personal data outside of the EEA, as long as we comply with these requirements.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not always secure. Although we will do our best to protect your personal data, and we will maintain appropriate technical and organisation measures to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
5. Storage and deletion of personal data
(a) Any personal data that we process will be deleted from our systems once we have completed the purpose for which we were processing the personal data. In some cases, the purpose for which we are processing your personal data will last for a considerable period (for example, if you are a long term client of ours, we will need to store your data until our relationship with you comes to an end).
(b) We will determine the period for which we need to retain your data, acting reasonably, and taking into consideration a number of factors such as your relationship with us, your engagement with us, and the fulfilment of contracts we have with you.
(c) We may need to retain your personal data where this is necessary to comply with our legal or regulatory obligations, or to protect the vital interest or the vital interests of another natural person.
6. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Your rights
7.1 Under data protection laws you have the following fundamental rights:
(a) The right to access the personal data we hold about you;
(b) The right to have your personal data corrected if there are errors or inaccuracies in it, or your personal data is incomplete;
(c) The right to restrict the processing we carry out in relation to your personal data;
(d) The right to object to the processing we carry out in relation to your personal data;
(e) The right to have the personal data we hold about you provided to you in a useable format;
(f) The right to complain to a supervisory authority (in the UK this is the Information Commissioner’s Office) about how and/or why we are processing your personal data;
(g) The right to tell us you no longer consent to us processing your personal data. In practice you will usually agree in advance to us using your personal data for marketing purposes and if you no longer wish us to use your personal data for marketing purposes, you can opt out of receiving such marketing messages at any time. You can do this either by unsubscribing from the marketing messages we send you, notifying us in writing at email@example.com.
7.2 You can ask us to provide you with details of any personal data we hold about you. You do not have to pay us a fee to access your personal data unless we believe your access request is unfounded, repetitive or excessive. In this case we may charge you a reasonable fee to access your personal data or we may decide not to comply with your request. We will notify you if this is the case. We will require you to provide appropriate evidence of your identity before we respond to your request. Typically this identification evidence will be a photocopy of your passport or photo driving licence, which a solicitor or bank has certified as being a true copy of the original and a copy of a recent utility bill detailing your current address.
7.3 Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
7.4 If you think that any of the data we hold about you is incorrect or inaccurate, you can contact us to correct such data. Please contact us at firstname.lastname@example.org, or if you are located in the EU, please contact our EU representative RF PRIVACY MINDERS LTD at email@example.com.
9. Information about us
Our data protection officer can be contacted at firstname.lastname@example.org or using the postal address below.
10. Any questions?
Data Protection Officer
53 King Street
If you are located in the EU and have any questions about the use of your personal data, including any requests to exercise your legal rights, please address your queries to our EU Representative
33 Konstantinou Paleologou,
The Square, 2nd Floor,
P.O. Box 42364,