Greenwoods GRM LLP (“Greenwoods GRM”) is committed to protecting your personal data. Please read the following privacy statement to understand how we use and protect the information that you provide to us.
In this section:
- 1. Who does this Notice apply to?
- 2. People who use or enquire about using our services
- 3. Visitors to our website
- 4. Job applicants or potential job applicants
- 5. Complainants
- 6. People whose services we use
- 7. “Special category” personal information
- 8. How we obtain your personal information
- 9. How and why we use your personal information
- 10. How we use personal information relating to other individuals collected from you
- 11. Marketing and promotional communications
- 12. Do we share your personal information?
- 13. Where do we hold your personal information?
- 14. How long will we keep your personal information?
- 15. Your rights explained
- 16. Keeping your personal information secure
- 17. Changes to the terms of this Notice
- 18. The COVID-19 pandemic
- 19. How to contact us
Greenwoods GRM LLP (referred to as “Greenwoods GRM”) respects your privacy and is committed to protecting your personal information. Client confidentiality and protection of information is a fundamental feature of our relationship with our clients. As a professional services firm (regulated by the Solicitors Regulation Authority), Greenwoods GRM has specific statutory, common law and regulatory obligations regarding the maintenance of client confidentiality and the protection of personal information.
This Privacy Notice (“Notice”) explains how and why we use your personal information, and your related rights and options.
Please read this Notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information.
The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, we would be unable to take you on as a new client.
- Who does this Notice apply to?
- People who use or enquire about using our services
- Visitors to our website
- Job applicants or potential job applicants
- People whose services we use
- “Special category” personal information
- How we obtain your personal information
- How and why we use your personal information
- How we use personal information relating to other individuals collected from you
- Marketing and promotional communications
- Do we share your personal information?
- Where do we hold your personal information?
- How long will we keep your personal information?
- Your rights explained
- Keeping your personal information secure
- Changes to the terms of this Notice
- The Covid-19 pandemic
- How to contact us
1. Who does this Notice apply to?
As a legal services firm, this Notice applies to the personal information we obtain which identifies and relates to:
- people who use or enquire about using our services;
- visitors to our website;
- job applicants and potential job applicants;
- people whose services we use; and
- third parties whose personal information we need to process in the course of providing our services.
2. People who use or enquire about using our services
We ask for your personal information as it enables us to provide our services to you. To use a basic example, it would not be possible for us to communicate with you in relation to our services without knowing your contact details, which contain your personal information.
Personal information we will collect:
The types of personal information we collect in the course of advising and/or acting for you may include:
- your name and contact details (postal address, email address and telephone/mobile number);
- information to enable us to check and verify your identity, e.g. your date of birth or passport details;
- information relating to the matter on which you are seeking our advice or representation;
- your financial details so far as they are relevant to the nature of our services which you request, e.g. the relevant source of funds if you are asking for us to help with a purchase transaction;
- your use of our IT, communication and other systems; and
- other monitoring information, e.g. if using our secure online client portal or if receiving our email updates.
Personal information we may collect depending on why you have instructed us:
- your national insurance number and tax details;
- your bank and/or building society details;
- details of your professional online presence, such as your company website profile or LinkedIn profile;
- your employment status and details including salary and benefits;
- your nationality, immigration status and information from related documents, such as copies of your passport, BRP cards, driving licence or other identification documents;
- details of your marital status/civil partnership, spouse/partner and dependents or other family members including children;
- details of your pension arrangements; and
- your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances.
3. Visitors to our website
In particular, we use Google Analytics to collect details of visitor behaviour patterns. We do this to find out information which might be useful, such as the number of visitors to the various parts of the site. We also track how effective our email marketing is by using tracking pixels.
We do not use this information to identify anyone. The information is collected anonymously and in aggregate and we make no attempt to find out the identities of those visiting our website. Please see our Cookie Notice for more information.
In general, the personal information we collect from website visitors (as well as those who subscribe to our email updates, attend our seminars/webinars or view our other publications) includes:
- your name, email address and internet service provider address;
- name of your organisation, your job title and details of your job;
- information relating to the matter which you contact us about;
- technical data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- payment details; and
- dietary or access requirements.
4. Job applicants or potential job applicants
The Careers section of our website contains our Job Applicant Privacy Notice which explains how Greenwoods GRM LLP (‘we’, the ‘firm’) handles information it collects about job applicants. This notice is non-contractual and can be amended at any time. You can access it here.
We are committed to providing a high-quality service to all of our clients. However, when you do want to raise a concern with us (which we encourage you to do if you consider it appropriate), we may need to collect personal information in order to administer and respond to that complaint, such as:
- your name, home address, email address and mobile phone number;
- information relating to the matter about which you sought our assistance or which are/were subject of our services/relationship; and
- details of your complaint.
6. People whose services we use
Where we engage individuals or organisations to provide services for us (for example, outsourcing functions such as benefits administration), we may be required to collect and use personal information related to the staff of the service provider in order to facilitate the provision of the service (for example, for the purposes of administrative communication). We may also collect and retain personal information to enable us to evaluate that service.
Any such use of personal information will be governed by contractual terms between us the service provider as well as the relevant provisions of this Notice
7. “Special category” personal information
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection and careful handling, e.g. information about your health, race, ethnicity, sexual orientation, sex life, genetic data, biometric data, religious or philosophical beliefs and political opinions.
In certain situations, we may need to collect and/or use these “special categories” of personal information (for example if we were providing you with employment law advice in relation to a discrimination claim; for our own equality of opportunity monitoring purposes or so that we can administer our employment relationship in an effective manner).
We will only collect and use these special categories of personal information if there is a valid reason for doing so, and where applicable law allows us to do so.
8. How we obtain your personal information
We collect the majority of the personal information to which this Notice applies directly from you. However, we may also collect personal information from other sources, such as:
Directly from a third party (consent will be sought where required):
- from clients requesting our services (i.e. when your personal information is relevant to the matter about which they seek our assistance);
- your bank or building society, or other financial institution (for example, to pay our invoices);
- consultants and other professionals we may engage in relation to your matter (for example, an expert witness in litigation);
- your employer and/or trade union, professional body or pension administrators;
- your doctors, medical and occupational health professionals (for example, so that we can put in place appropriate workplace adjustments to ensure equality of access and opportunity); and
- recruitment agencies.
Via our own or our landlord’s information technology systems:
- case management, document management and financial management systems;
- door entry systems and reception logs; and
- automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.
Publicly accessible sources:
- Companies House;
- HM Land Registry;
- Charity Commission; and
- through social media platforms. Depending on your privacy settings for social media services, we may access information from relevant accounts or profiles – for example when you interact with us on Facebook, Twitter or LinkedIn.
9. How and why we use your personal information
We can only use your personal information where we have a legally recognised justification for doing so, such as:
- in order to comply with our legal and regulatory obligations;
- for or in the performance of our contract to provide you with our services, or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party (explained in more detail below); or
- where you have provided your consent.
We do not share your personal information with any organisations for marketing, market research or commercial purposes other than providing our services.
A “legitimate interest” is when we have a valid operational or commercial reason to use your personal information, so long as this does not pose an excessive impact on your rights to privacy.
We summarise how and why we use your personal information (and the applicable legal justifications) below:
|How/why we use your personal information||Legally recognised justification|
|To provide professional services to you, or in relation to you.||For the performance of our services contract with you or to take steps at your request.|
|Conducting checks to verify a person’s identity.||
To comply with our legal and/or regulatory obligations.
|Screening for financial and other sanctions or embargoes.|
|Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, for example under health and safety regulation of rules issued by regulatory bodies who govern our work.|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies which govern our work and services.||To comply with our legal and/or regulatory obligations.
For our legitimate interests or those of a third party, for example following our own internal procedures and policies to monitor, scrutinise and improve our services.
|Ensuring the confidentiality of commercially sensitive information.||For our legitimate interests or those of a third party, e.g. to protect our intellectual property and other commercially valuable information.
To comply with our legal and regulatory obligations, for example anti-money laundering, anti-terrorist financing and anti-insider trading regulations.
|Statistical analysis to help us manage our practice, for example our financial performance, client base, work type and equality of opportunity monitoring.||For our legitimate interests or those of a third party, for example to consider how we can improve our financial performance moving forward by learning from analysis of relevant statistics.|
|Preventing unauthorised access / modifications to IT / physical security systems.||For our legitimate interests or those of a third party, for example to prevent and detect criminal activity that could cause damage (i.e. financial loss) to both us and you (such as identity fraud).
To comply with our legal and regulatory obligations.
|Updating client records.||For the performance of our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, for example making sure that we market our services to clients and targets (in compliance with applicable law).
|Statutory returns and regulatory returns.||To comply with our legal and regulatory obligations.|
|Administering our working relationship.||For the performance of our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
|Ensuring safe working practices.||To comply with our legal and regulatory obligations.|
|Promoting our services to existing and former clients, third parties who have expressed an interest in our services and other targets (only ever where allowed under applicable data privacy law).||For our legitimate interests or those of a third party, i.e. to promote our business as a way of increasing its profitability.|
10. How we use personal information relating to other individuals collected from you
For other individuals:
Due to the nature of our business, we frequently need to collect and use personal information of third parties as part of the service we provide to our clients.
We will not usually inform you that we are processing your personal information in this way and for these purposes, because our use of your personal information will be subject to the “legal professional privilege” exemption from the transparency obligations of applicable law. For the sake of clarity, and in accordance with the same applicable provisions, we are not required to provide disclosure further to a data subject access request (in part or in full) where the relevant personal information which has been requested is held subject to legal professional privilege or where we have an overriding duty of confidentiality to a third party.
In the course of providing our services to you, you may provide us with personal information which relates to and identifies individuals who are not aware of our involvement or of our use of their personal information at all. Examples include:
- Personal information relating to employees in the course of a corporate acquisition.
- Personal information relating to key individuals of parties to a dispute.
- Personal information contained in allegations made about former colleagues by a claimant ex-employee.
In such situations (which, by the nature of our business, are relatively common), it will not usually be appropriate for us to have any direct contact with individuals whose personal information we are using (for example, because we communicate instead with their solicitors). Alternately, it may not be appropriate for us to provide such individuals with this Notice (for example, because it may prejudice the purpose of the services we are providing or to maintain confidentiality).
Before you pass any such personal information to us, please ensure that the relevant individual has received any requisite privacy notices in connection with the performance of our services.
Additionally, please direct any individuals who interact with us on your behalf to this Notice, a link to which is also contained in the footer of all our emails.
11. Marketing and promotional communications
We may collect and use your personal information to send you email updates about industry or legal developments that might be of interest to you, and/or other information about our services, including offers, promotions or new services/products.
As set out in section 9 above, we have a legitimate interest in using your personal information for these purposes. This means we do not always need to obtain your consent to send you marketing and promotional communications. However, we acknowledge that there are situations where consent is needed: in such situations we will ask for consent separately and clearly, and put you under no pressure to provide your consent. If you do provide your consent, you can change your mind and withdraw your consent at any time either by contacting firstname.lastname@example.org or clicking the unsubscribe link in our emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in applicable law, regulation or the structure / operation of our business.
13. Where do we hold your personal information?
All electronic information is held on services within Greenwoods GRM’s offices. Back up servers are held offsite within the UK.
To provide our services our administer our relationship, we may also need to transfer your personal information to recipients outside the UK, such as when we work on multijurisdictional matters, when you are located outside UK or our service providers use facilities located outside the UK.
Countries in the European Economic Area (“EEA”) provide the same level of protection to your data as is provided across UK. The applicable law of many non-EEA countries does not offer the same protection to you in respect of your personal information in comparison to the UK. We will, however, take reasonable steps from time to time to ensure that any such recipients have in place appropriate and legally binding measures to protect your personal information.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
14. How long will we keep your personal information?
We will keep your personal information after our relationship comes to an end. We will do this for one of the following reasons:
- to respond to questions, complaints or claims;
- to show that we treated you fairly and in accordance with applicable law;
- to keep records required by regulatory bodies who govern our work and services (or otherwise as required by applicable law or regulation); or
- for business management purposes.
We are required to maintain records as per the SRA’s record retention schedule. We do not keep personal information longer than necessary for the relevant purpose(s) set out in this Notice. We apply different detention periods to different types of personal information, depending on the purpose for which it was collected (usually the nature of the matter about which you seek our assistance). Further details are available on request.
15. Your rights explained
Applicable law gives you certain rights to control how we use your personal information. There are as follows:
|Right to withdraw consent||When we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes (including to stop receiving email updates from us).|
|Right of access||You can ask us for confirmation of what personal information we hold which identifies and relates to you, and ask to request copies of documents containing that information. Provided we are satisfied that you are entitled (under applicable law) to see the personal information requested, we will provide you with access to your personal information, subject to any exemptions that apply under applicable law to oblige, or entitle, us to withhold it.|
|Right of erasure||At your request we will delete (and, where appropriate, ask parties with which we have shared your personal information to delete) your personal information from our records as far as we are required to do so.|
|Right of correction||If you believe that our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate or up to date.|
|Right to restrict use||You have the right to ask us to restrict our use of your personal information if there is a disagreement about its accuracy or legitimate usage (until that disagreement is resolved).|
|Right to object||In the following situations, you have the right to object to our use of your personal information:
· where we use your personal information in reliance on the legitimate interests lawful basis (please see section 9 above);
· where we use your personal information for marketing or promotional purposes; or
· where we use your personal information for statistical purposes.
We are then required to stop using your personal information in the manner to which you have objected, unless we can demonstrate a very important reason to continue – except for any objection you make about our use of your personal information for marketing or promotional purposes, in which case we must stop regardless of any important grounds to continue.
|Right to portability||In certain limited situations, where we process your personal information by automated means, you may ask us to provide that personal information to you or another service provider in a commonly used, machine-readable format.|
|Automated decision-making||You have the right not to be subject to a decision based solely on automated decision-making which involves using your personal information and produces legal or similarly significant effects on you, unless such a decision is:
· necessary to enter into/perform a contract between you and us/another organisation;
· is authorised by EU or UK law to which we are subject (as long as that law offers you sufficient protection); or
· is based on your explicit consent.
|Right to complain||You are entitled to make a complaint about us or the way we have used your personal information to the data privacy supervisory authority in your home country. In the UK, the supervisory authority is the Information Commissioner’s Office (“ICO”) – www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.|
We may ask you for additional information to confirm your identity for security purposes before actioning any attempt to exercise these rights. Please note that some of these rights only apply in limited circumstances. For further information on these rights and how to exercise them, please contact us using the details in section 19 below.
16. Keeping your personal information secure
We have implemented appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it (i.e. as part of their job). Those who access and handle your personal information will do so only when authorised by us to do so and are subject to binding duties of confidentiality.
We have also implemented procedures to deal with any data security incident (or suspected data security incident). We will notify you, the ICO of any data security incidents where we are legally required to do so. For further information, please contact us using the details in section 19 below.
17. Changes to the terms of this Notice
This Notice was published on 05/07/2021.
We may change this Notice from time to time (for example because there is an update in applicable law). Where we make any significant changes, we will inform you via a notice on our website and within our email footers. Where it is practical and not intrusive, we will notify you directly of any material changes to this Notice.
Nonetheless, we recommend that you review this Notice periodically to remain informed about how we may use your personal information.
We will only notify individuals who are directly engaging with us about these changes. In particular, we will not notify any third parties whose personal information you give us.
18. The COVID-19 pandemic
During the Covid-19 pandemic and in response to UK Government / other authorised body guidance / regulation / law, we may need to collect, use and store more personal information than we normally would (for example, before you attend our premises, we may ask you information about recent travel history, clinical vulnerability, your recent Covid-19 test reports, whether you or someone in your family is isolating or has any other symptoms).
This is because we are under legal obligations to keep our workplace as healthy and safe as possible for all individuals on our premises, and take reasonable and proportionate steps to prevent the spread and transmission of Covid-19.
19. How to contact us
If you have any questions or concerns, please contact Gillian Bassett via the following channels:
FTAO: Gillian Bassett
Phone: +44 (0)1733 887820
Greenwoods GRM is a limited liability partnership registered in England and Wales with registration number OC306912. Our registered office is 1 Bedford Row, London WC1R 4BZ. A list of the members’ names is available for inspection at our offices in Peterborough, Cambridge and London.
Get in touch with us