Cummings Pepperdine LLP – Privacy Policy

 1.Introduction

Cummings Pepperdine LLP is committed to safeguarding the privacy and security of the personal information in our care.  This policy explains how we collect your personal information, what we do with it and your rights in respect of it.

When we say ‘we’, ‘our’, ‘us’ or ‘Cummings Pepperdine’ in this policy, we are referring to Cummings Pepperdine LLP.  Cummings Pepperdine LLP is a limited liability partnership established under English law with company number OC432001 whose registered office is at 1 The Bramley Business Centre, Bramley, Guildford, England, GU5 0AZ.

2. Who we are and where we are

We are the data controller of the personal information that we process, i.e. the organisation which determines, alone or jointly with another party, how your personal information is processed and for what purposes.  This means that we are legally responsible for ensuring our systems, processes, suppliers and people comply with data protection laws in relation to the personal information that we handle.  Most our main IT systems are located in the UK or EU and us.

Where we transfer your personal data to third parties, in certain circumstances those third parties may also be data controllers.  More information about this is provided in the ‘Disclosure’ part of this policy.

We also use a number of suppliers and service providers in connection with the operation of our business who may have access to the personal information that we process, e.g. an IT supplier may see your personal information when providing us with software support, or a company which we use for a marketing campaign may process your contact information on our behalf.  In all cases, your personal information is handled and protected in accordance with data protection law.

3.Whose personal information do we process

 We collect and process the personal information of:

  • not just clients but also non-client contacts, such as those who use our website and online services, attend our webinars, seminars and events,and subscribe to our newsletters, email services and other promotional services;
  • obtained or created in relation to the legal services we provide, including the personal information of:
    • our clients, our client contacts, their people and third parties engaged by our clients;
    • client counterparties and other third parties connected to the matters on which we are working for our clients; and
    • professional advisers, experts and consultants involved in the work that we carry out for our clients or engaged by us to supportour client work;
  • those who apply for a job or work placement with us;
  • our people;
  • contractors, suppliers and other third parties connected to the operation of our

4.  How we process your personal information

We will only process your personal information where we are permitted to do so by law, meaning when we have one or more legal basis to do so.

In certain circumstances, we rely on the legal ground known as ‘legitimate interests’ to process your personal information.  This is where the processing of your personal information is necessary to pursue our legitimate interests in a way which is reasonably expected as part of running our business, but which is not detrimental to you and would have minimal impact on your privacy.

4.1 Service Users, Non-client Contacts and Visitors

If you use our website or other online services, attend our webinars, seminars or events, or subscribe to our newsletters, email services or otherpromotional services.

Legal basis for processing 

  • You have provided us with your consent to use your personal information, e.g. in the course of subscribing to our newsletters, completing a survey of ours, signing-up to an event or creating an online account via our website.
  • It is necessary to pursue our legitimate interests for the purposes set out in ‘Use’ below.
Types of personal data
  • Identification information, e.g. title, name, the company you work for, and your job title or position.
  • Contact information, e.g. your address, email address, phone number, and marketing preferences.
  • Financial information, e.g. bank and payment card details.
  • Technical information, e.g. IP address, details of visits made to our online services such as the volume of traffic, online registration details and login credentials.
  • Diversity, health, religious beliefs or other special category personal information.
  • Images, e.g. CCTV footage taken at our premises and photos taken at our seminars or events.
  • Any other information relating to you which you may provide to us.
Collection
  • Directly from you, e.g. when you register for our events, seminars, or webinars, or to receive communications from us, or when you subscribe to our online services or provide information through electronic platforms made available to you in connection with services that we provide to you.
  • Via our website, e.g. connection data sent to our webserver by your browser when you connect to our website.
  • Via web based services, e.g. some analytical information may be collected through electronic platforms made available to you in connection with services that we provide to you.
Use
  • To complete any request you may make in relation to your marketing preferences, or other preferences relating to our communications with you.
  • To provide and improve our services and products, e.g. by monitoring and recording information relating to web based services such as how and when systems are accessed and how data is uploaded, to analyse performance.
  • To promote our services and to contact you with communications about legal updates, breaking news, newsletters and events.
  • For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.
  • To improve your experience of our website, newsletters and other services, e.g. by monitoring and recording information relating to your browsing behaviour to make personalised content available to you more efficient and relevant.
  • To facilitate our internal business operations, e.g. internal record keeping and accounting.
  • To monitor and analyse our interactions with you to improve our relationship with you and help us to grow and develop our business.
  • For the prevention and detection of criminal activity, e.g. to ensure the security of our website and premises.
Disclosure

Your personal information may be transferred worldwide:

  • to service providers who support the operation of our business;
  • to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where we are compelled to do so by law, regulation or professional obligations; and
  • to other third parties in limited circumstances, e.g. where we run a joint seminar with a third party that you wish to attend.

Some of these recipients may be acting as data controllers. In all cases, the personal information of yours that we share will be limited to the minimum required for the relevant purpose and subject to the appropriate terms regarding disclosure, confidentiality and data protection.

4.2 Clients and Client Contacts

If you instruct us or engage us.

Legal basis for processing
  • It is necessary to pursue our legitimate interests for the purposes set out in the ‘Use’ section of this table.
  • It is necessary for the performance of a contract with our client, e.g. in connection with the provision of legal or other professional services to our client.
  • To meet our legal and regulatory obligations.
  • You have provided us with your consent to use your personal information, e.g. in the course of completing a survey or signing-up to an event.
  • To establish, exercise or defend legal claims.
Types of personal data
  • Identification information, e.g. title, name, date of birth, the company you work for, your job title or position, and your passport or other official forms of ID.
  • Contact information, e.g. your address, email address, phone number, and marketing preferences.
  • Financial information, e.g. bank details and identifiers.
  • Technical information, e.g. IP address, records of your visits to our online services, your online registration details and login credentials.
  • Special category personal data, e.g. diversity, health and religious/philosophical beliefs.
  • Images, e.g. CCTV footage taken at our premises and photos taken at our meetings or events.
  • Other personal information provided to us by you, by our client, or by third parties on our client’s behalf to inform our work for our client, or generated or sourced by us in the course or providing legal or other professional services to our client, which may include special categories of personal data and personal data relating to criminal convictions and offences or related to security measures.
  • Any other information relating to you which you or our client may provide to us.
Collection
  • Directly from you or our client, e.g. to inform our work for our client and for connected purposes such as relationship management and file opening procedures.
  • From third parties, e.g. further information to verify your identity or inform our work for our client may be collected from publicly available databases.
  • Directly from you, e.g. when you register for our events, seminars, or webinars, or to receive communications from us, or when you subscribe to our online services or provide information through electronic platforms made available to you in connection with services that we provide to you.
  • Via our website, e.g. connection data sent to our webserver by your browser when you connect to our website.
  • Via web based services, e.g. analytical information collected through electronic platforms made available to you in connection with services that we provide to you or our client.
Use
  • To deliver our services to you or our client.
  • To manage and administer our relationship with you or our client e.g. communicating with you, and instruction, file opening and billing procedures.
  • To facilitate our internal business operations, e.g. internal record keeping and accounting practices.
  • To establish, exercise or defend legal claims.
  • As required by law and to comply with our statutory and regulatory obligations, e.g. anti-money laundering, disclosure obligations and court orders.
  • To complete any request you may make in relation to your marketing preferences, or other preferences relating to our communications with you.
  • To improve our services and products, e.g. by monitoring and recording information relating to web based services such as how and when systems are accessed and how data is uploaded.
  • To promote our services and to contact you with communications about legal updates, breaking news, newsletters and events.
  • For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.
  • To improve your experience of our website, newsletters and other services, e.g. by monitoring and recording information relating to your browsing behaviour to make personalised content available to you more efficient and relevant.
  • To monitor and analyse our interactions with you to improve our relationship with you and help us to grow and develop our business.
Disclosure

Your personal information may be transferred worldwide:

  • to service providers who support the operation of our business;
  • to other third parties connected to, involved in or engaged by us to support our work for our client, e.g. professional advisers, legal counsel, experts, and witnesses;
  • to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where we are compelled to do so by law, regulation or professional obligations; and
  • to other third parties in limited circumstances;
  • will be stored in:
  • our information systems; and
  • third party software applications and services which have been procured to support the management of the information in our care.

Some of these recipients may be acting as data controller. In all cases, personal information of yours that is shared or stored outside our systems will be limited to the minimum required for the relevant purpose and subject to the appropriate terms regarding disclosure, confidentiality and data protection.

4.3 Applicants

If you apply for a job, work placement or vacation scheme with us.

Legal basis for processing
  • It is necessary to pursue our legitimate interests for the purposes set out in the ‘Use’ section of this table.
  • It is necessary in order for us to takes steps, at your request, to enter into a contract with you.
  • To meet our legal and regulatory obligations.
  • You have provided us with your consent to use your personal information.
Types of personal data
  • Personal information, including name, date of birth, address, contact details, qualifications, and education and employment history.
  • Next-of-kin and dependants’ information.
  • Special category personal data, e.g. ethnicity, health and religious/philosophical beliefs.
  • Pre-employment vetting information including the results of financial and criminal records checks, verification of address and qualifications, references, official forms of ID and right to work status.
  • Financial information including bank details and identifiers (e.g. National Insurance numbers).
  • Any other information relating to you that you may provide to us.
Collection
  • Directly from you, e.g. via your application, submission of your CV, completing our diversity questionnaires, in interviews, and at recruitment events and networking occasions.
  • From third parties, including recruitment agencies, providers of background checking services, former employers or other referees, academic institutions, professional bodies, and publicly available resources, including professional social media such as LinkedIn.
Use
  • For our recruitment processes, including to assess suitability, eligibility and fitness to work.
  • For human resources administration, including remuneration and all aspects of managing our relationship with you.
  • For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.
  • For the prevention and detection of criminal activity and to ensure our information systems and offices are secure.
  • For reporting purposes when required to do so by law or regulation.
Disclosure

Personal information may be transferred worldwide:

  • to service providers who support the operation of our business;
  • to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where we are compelled to do so by law, regulation or professional obligations; and
  • to other third parties in limited circumstances;
  • will be stored in:
  • our information systems; and
  • third party software applications and services which have been procured to support the operation of our human resources functions.

Some of these recipients may be acting as data controller. In all cases, personal information of yours that is shared or stored outside our systems will be limited to the minimum required for the relevant purpose and subject to the appropriate terms regarding disclosure, confidentiality and data protection.

4.4 Service Providers and Other ‘Non-client’ Individuals / Third Parties

If you are a supplier or other service provider, an individual named in or connected with matters on which we are advising a client, or any other third party.

Legal basis for processing
  • It is necessary to pursue our legitimate interests for the purposes set out in the ‘Use’ section of this table.
  • It is necessary for the performance of a contract with you.
  • To meet our legal and regulatory obligations.
  • You have provided us with your consent to use your personal information.
Types of personal data
  • Personal identifiers e.g. title, name, date of birth, address, email address and phone number.
  • Professional contact information, e.g. the organisation you work for, your job title or position, address, email address and phone number.
  • Professional information, e.g., your expertise and experience, feedback on your services (including opinions) from our people and/ or our clients and other information relevant and connected to how you may have performed any service referred to you by us.
  • Financial information, e.g. bank details and identifiers, and fees information.
  • Where you are named in or connected with matters on which we are advising a client, any personal information about you provided to us by or on behalf of our clients or generated by us in the course or providing legal services to our clients, which may include special categories of data.
  • Diversity, health or religious beliefs information.
  • Images, e.g. CCTV footage taken at our premises and photos taken at our meetings or events.
  • Any other information relating to you which you may provide to us.
Collection
  • Directly from you.
  • From our clients.
  • From third parties, such as other professional advisers and third parties connected to a matter, and through publicly available sources including court and public records and social media.
Use
  • To deliver our services to our clients.
  • For referral purposes: we maintain a database of legal services providers and personal information relating to other third parties such as experts for similar purposes.
  • To manage and administer our relationship with you e.g. communicating with you, and instruction and billing procedures.
  • To facilitate our internal business operations, e.g. internal record keeping, procurement and accounting practices.
  • To establish, exercise or defend legal claims.
  • As required by law and to comply with our statutory and regulatory obligations, e.g. anti-money laundering, disclosure obligations and court orders.
  • For the prevention and detection of criminal activity.
  • For health and safety reasons, (e.g. to inform access, adjustment and dietary requirements for our meetings and events) and the application, audit and enforcement of our policies.
Disclosure

Personal information may be transferred worldwide:

  • to service providers who support the operation of our business;
  • to law enforcement, judicial, governmental and regulatory agencies, or professional bodies or similar where we are compelled to do so by law, regulation or professional obligations;
  • to other third parties in appropriate circumstances, e.g. to our clients during the course of our work with them; and
  • will be stored in:
  • our information systems; and
  • third party software applications and services which have been procured to support the management of the information in our care.

Some of these recipients may be acting as data controller. In all cases, personal information of yours that is shared or stored outside our systems will be limited to the minimum required for the relevant purpose and subject to the appropriate terms regarding disclosure, confidentiality and data protection.

5. How long we keep your information

Your personal information is retained by us in accordance with applicable law and regulation.   Our data retention periods vary depending on the location, nature and context of the personal information that we have in our care, and are calculated taking into account the following factors:

  • potential claims or litigation;
  • guidance from official bodies such as relevant data protection supervisory authorities and professional regulatory bodies;
  • how long we need to keep the data to fulfil the original purpose for which it was collected;
  • the nature and sensitivity of personal data; and
  • legal obligations to which we are subject.

6. Your rights

Depending on where you are in the world and other particular circumstances, you may have one or more of the following rights in respect of that personal information:

  • to be informed about the collection and use of your personal information;
  • to ask whether we process your personal information and request a copy of it if so;
  • to object to decisions that we may make based solely on the automated processing of your personal information;
  • in certain circumstances, to object to processing of your personal information where we do so for the purposes of our legitimate interests;
  • to request that any inaccurate or incomplete personal information of yours in our care is rectified or competed;
  • in certain circumstances, to restrict our processing of your personal information;
  • in certain circumstances, to receive your personal information or have your personal information transmitted to another organisation in a structured, commonly used and machine readable format;
  • in certain circumstances, to request that we delete your personal information; and
  • to object to our processing of your personal information for direct marketing purposes.

Not all of these rights are absolute, which means that they may only apply in certain situations and may be subject to legal exceptions and exemptions.  To exercise your rights, please email Claire Cummings (claire.cummings@cummingspepperdine.com).

You may change your marketing preferences or let us know that you no longer wish to receive any marketing communications from us by:

  • updating your preferences via the link at the foot of each email that you have received from us (please note it may that changes may not be instant); or
  • sending an email to claire.cummings@cummingspepperdine.com; or
  • writing to us at our registered address which is given above.

7. How to make a complaint

Our Privacy Team oversees our compliance with data protection laws and this policy and provides guidance and advice to the firm and our people.  Our Compliance Officer for Legal Practice (‘COLP’) oversees compliance with our professional responsibilities and the reporting of any failures to comply with legislative requirements, including data protection.

Please direct any complaint relating to how the firm has processed your personal information to sending an email to claire.cummings@cummingspepperdine.com or by writing to us at our registered address which is given above.  We hope that we can resolve any query or concern you raise about our processing of your personal information.

The General Data Protection Regulation and certain other applicable data protection laws give you the right to lodge a complaint with a data protection supervisory authority (‘DPA’), usually in the country or state where you work, normally live or where any alleged infringement of data protection laws has occurred. Details of European DPAs can be found online.

8. Links to other websites

We sometimes provide you with links to other websites, but these websites are not under our control. We are not liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by those websites.

We recommend that you check the privacy policy and terms and conditions on each website to see how each third party will process your information.

9. Terminology

“client”any person or organisation to whom the firm provides a service and who is identified as a client on our system, regardless of whether a fee is charged;
“contact”an individual who is a contact of us, including any client, any potential or former client, any supplier, any consultant, or any another professional advisor and any other contact of the firm;
“data”recorded information whether stored electronically, on a computer, or in certain paper-based filing systems;
“data controller”a person who or organisation which determines how personal information is processed and for what purposes;
“individual” or “you”the person whose personal information is being collected, held or processed;
“partner(s)”refers to a member or an employee or consultant of us with equivalent standing;
“our people”means partners, members, consultants, employees, temporary workers, agency and casual workers, contractors, collaborators, volunteers and those on work placements providing services to/working for us;
“personal information” or “personal data”information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which the firm has or is likely to have in its possession. These individuals are sometimes referred to as data subjects;
“policy”the global privacy policy as amended from time to time;
“process” or “processing”any activity that involves personal information. It includes obtaining, recording or holding the personal information, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal information to third parties as a result of those third parties having access to it;
“special category personal data” or “special category personal information”means information revealing someone’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or genetic information, biometric information, information concerning health or concerning sex life or sexual orientation;