IBB Law LLP (IBB) is an English law firm regulated by the Solicitors Regulation Authority. We are committed to safeguarding the privacy of information that is provided to us during the course of our business and information we receive from visitors to our website.
- what personal information we collect about you
- when and why we collect personal information about you
- how we use your personal information
- how we may share your personal information with others
- how we keep your personal information secure
- how long we keep your personal information
- your rights regarding your personal information
Data is collected, processed and stored by IBB and we are what is known as the “Data Controller”. That means that we are responsible for what happens to the information that you provide. If you have any questions about the use to which we put your data please email us at firstname.lastname@example.org or write to us: Jo Cunningham – Head of Marketing, IBB Law, Capital Court, 30 Windsor Street, Uxbridge, Middlesex UB8 1AB.
- when you visit our website;
- when you complete enquiry, contact or newsletter sign-up forms on our website;
- when we conduct searches of public sources on you in connection with our marketing or business acceptance processes;
- when we agree to provide legal services to you or the organisation you work for;
- when you request information from us or provide information to us;
- when you apply for a role or work experience opportunity with us;
- when you attend our seminars or other hosted events; and
- when we add you to our mailing lists to receive news about IBB and other marketing emails.
Our website and legal services are not aimed specifically at children because children are generally represented by their parent or guardians. If you are a child and need further advice or explanation about how we would use your data, please email email@example.com.
3. What information do we collect about you?
3.1 Marketing, business development and business acceptance
We collect personal information about prospective clients and their beneficial owners or controllers as part of marketing and business development initiatives and our business acceptance process. The type of personal information we may collect includes name, address and nationality. We may obtain this information from publicly available open sources either directly or through a third party.
3.2 Legal services
The type of personal information that we may collect includes current and historical information including your name and contact details (such as your address, email address and telephone numbers) and information such as your current employer, employment history and positions held. We will also collect personal information you choose to provide to us and information about your other dealings with us and our clients, including contact we have with you in person, by telephone, letter, email or online. This information may include special categories of data such as access or dietary requirements which may reveal information about your health or religious beliefs.
We obtain personal information from your computer’s IP address and the operating system and web browser that you use to access our website. It enables us to identify which organisations have visited our website and we use this information to compile statistical data on the use of the site to help us to improve the user experience.
We collect personal information directly from you, from our clients or other parties to a matter and their authorised representatives. We may also collect personal information from third parties such as your employer, other organisations that you have dealings with, regulators, government agencies, credit reporting agencies, publicly available records (including electronic data sources to carry out checks to enable us to comply with applicable law), information or service providers (some of whom may process your personal information on our behalf), recruitment agencies and other law firms or professional advisers. Your personal information may be stored in the firm’s contact database when you register to receive legal updates or we otherwise receive your contact details.
We may use a third party service provider to deliver emails to inform you about our services, legal developments and updates and invite you to events (including those we may jointly host with other organisations).
You can control the information you receive through our direct marketing function by using the “Managing your preferences” option at the bottom of the emails. If you no longer wish to receive marketing emails relating to our services by email or post, you can unsubscribe at any time by using the “Unsubscribe” option on the email.
If you apply for a role or work experience opportunity at IBB you will need to provide personal information including special categories of personal information. Your application directly to us, or via a recruitment agency, will constitute your express consent to our use of this information. We will use this information to consider your application for a position with IBB. We may also use the information to carry out checks to verify the information provided by you (including reference, identity and criminal record checks).
We may disclose such information to recruitment agencies, screening check providers, health service providers, professional associations, government and law enforcement agencies, referees and your current and previous employers.
4. How we use your information
We recognise that your information is valuable and we will only use your personal information if and to the extent that applicable law allows. We will therefore only process your personal information if:
- it is necessary for the performance of a contract with you or the organisation you work for;
- it is necessary in connection with a legal obligation;
- you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your information with us; or
- if we (or a third party) have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include the provision of legal services, running the firm’s business and marketing relevant services directly to you.
We may use your personal information to:
comply with our legal obligations to identify and verify the identity of our clients and their beneficial owners;
- deliver legal services to you and/or the organisation you work for, if you are a client;
- run the firm’s business (e.g. carry out administrative or operational processes, including recruitment);
- improve our services and products to you, if you or the organisation you work for are a client or prospective client;
- consider whether we can pursue certain business development initiatives;
- send you marketing materials and invite you to events; or
- process and respond to requests, enquiries or complaints received from you.
5. How long we keep your information for
We will only retain your personal information for as long as is necessary for the purpose for which it was collected, including for the purposes of complying with any legal, regulatory, accounting or reporting requirements.
Personal information processed in connection with our business acceptance processes and/or providing legal services will be retained in accordance with the firm’s retention and destruction policy unless we agree otherwise with you, in writing. If you wish to know more about the firm’s retention and destruction policy or any of the firm’s different retention periods, please contact firstname.lastname@example.org.
6. How and why we share personal information
We use third parties who provide certain services on our behalf and may share your information with them, for example a supplier may have access to your personal information when providing IT support, or a mailing company may process the personal information of our contacts for us.
We may also have to share your personal information with regulators, government agencies, courts and other third parties. In addition, some of your personal information may be stored in a single private cloud located within the European Economic Area (the EEA) and managed by a third party service provider.
We may share your personal information with third parties where:
- you have consented to us doing so (where necessary) or the organisation that you work for has obtained your consent for us to do so (where necessary);
- we have appropriate contractual arrangements in place with them (including our professional advisers and auditors and suppliers to whom we outsource certain support services such as word processing);
- we are under a legal, regulatory or professional obligation to do so (for example, to comply with anti-money laundering requirements);
- it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights; or
- it is appropriate to disclose the information to parties with whom we have promotional arrangements (such as jointly hosted events or seminars).
We will never send marketing communications via SMS or call you without your specific consent; nor do we ever pass on or sell your details to a third party.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new IBB entities through which the business of IBB will be carried out.
7. Transferring your personal information internationally
The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses.
8. Keeping your information secure
We recognise that your personal information is valuable and we use a variety of technical and organisational measures to hold your personal information securely in electronic and physical form. We also take appropriate steps to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss consistent with applicable law. Our premises are access controlled and our electronic databases require logins and password authentication.
All our partners, staff and third party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
However, the transmission of information via the internet is not completely secure. Although we take appropriate and proportionate steps to protect your confidential information, we cannot guarantee the security of your information transmitted electronically and accept no responsibility for any damage or loss caused.
9. Your rights
Subject to certain safeguards and limits or exemptions you have the following rights in relation to the information that we hold:
- the right to request rectification of information that is inaccurate or incomplete;
- the right to erasure of your information (often referred to as the “right to be forgotten”);
- the right to object to or restrict the way in which we are dealing with and using your information; and
- the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”).
You also have the right to request details of the information that we hold about you, and the uses to which it is put, which is known as a Subject Access Request. Such requests have to be made in writing. To make a request, please contact us at email@example.com or write to us at the address given above.
If you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once the firm has received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
10. Links to other sites
Our website may contain links to other websites controlled by third parties. You should review these other sites’ privacy policies. We do not accept any responsibility for their use of your personal information.
11. Further information
If you are not happy with the way in which we have processed or dealt with your information or responded to your question, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found at https://ico.org.uk/concerns or telephone 0303 123 1113.
We may update this policy from time to time. Please check the website occasionally to make sure you are happy with any changes.