Language Options  

3HR Corporate Solicitors Limited (the ‘Company’) Privacy Notice

This notice explains how information about individuals is used.

 

The Company will be the data controller and can be contacted as follows:

 

By post: Data Protection Manager, 3HR Corporate Solicitors Limited, New Broad Street House, 35 New Broad Street, London, EC2M 1NH

 

By e-mail: richard.hull@3hrcs.com

 

By phone: 020 7194 8140

 

The information we gather

 

The Company gathers certain information about individuals. Information about individuals is also used by our affiliated entities and group companies, including 3HR PLC (our ‘group companies’). When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible for that personal information for the purposes of those laws.

In this notice, references to ‘we’ or ‘us’ means the Company and our group companies.

Information that we gather about individuals will normally be name and contact details but given the nature of the legal services we are providing may also include without limitation marital status, nationality and other information contained in a passport and/or driving licence, visa status, date of birth, personal mobile phone number, job title and employment details, financial or billing information, biographical and personal details given to us in the course of a matter, information required for visa applications or property transactions. The provision of information by a particular individual is entirely voluntary, but in some circumstances it may not be possible for us to provide services without the necessary information.

We may also obtain information about individuals from third parties, such as an employer or prospective employer, our group companies, service providers and agents, as well as witnesses or the other party involved a case.

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to personal information to those who have a genuine business need to know it. Those processing information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify affected individuals and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

The legal basis for processing

 

The processing will sometimes take place based on our legitimate interests. Our legitimate interests may be that we are carrying on or may carry on business with an individual’s employer or prospective employer. There is a limited privacy impact on individuals, and we think that affected individuals will expect that we will process their data in this way.

If the individual is our client personally, the processing will usually take place as it is necessary for the performance of the contract between us, or when we are taking steps to enter into a contract. Where we are required to process any special categories of data (such as sensitive medical data or criminal records information) this will be done after we have asked for the individual’s consent. Where an individual has given consent to any data processing, they have the right to withdraw that consent at any time.

 

Information about third parties

 

Information we process as described in this notice may also include information about third parties such as those persons whose details an individual might (with their consent, and by supplying such information that individual is responsible for complying with all relevant data protection requirements) choose to supply to us.

 

Systems used to process data

 

We gather information directly from individuals and also via our websites and other technical systems. These may include, for example, our:

computer networks and connections

communications systems

email and instant messaging systems

intranet and Internet facilities

telephones, voicemail, mobile phone records

 

Cookies

 

When using our website we may gather information about an individual through Internet access logs, cookies and other technical means. ‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information. These are used to track website usage and monitor website activity and for other data processing reasons set out below.

Some of the cookies we use are essential for parts of the site to operate and have already been set. An individual may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, please click here.

 

Reasons for processing

 

We process information about individuals for the following reasons:

  • to provide our legal services, for which we use a cloud-based file management and document production system

  • compliance with legal, regulatory and corporate governance obligations and good practice, including carrying out anti-money laundering checks

  • gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests

  • ensuring business policies are adhered to

  • operational reasons, such as recording transactions, training and quality control

  • ensuring the confidentiality of commercially sensitive information

  • security vetting, investigating claims, complaints and allegations of criminal offences

  • statistical analysis

  • preventing unauthorised access and modifications to systems

  • marketing our business and those of our group

  • running our seminars/networking events

  • analysing purchasing preferences and improving services

  • providing customer services

 

Seminars and networking events

 

When we present a seminar and networking event, we will prepare name badges and a list of attendees that will be distributed in the seminar packs. This will be brought to your attention when you sign up for an event, and we will give you the opportunity not to be included on such lists. If you are signing up a colleague or any third party for the event, please confirm with that person that they are happy to be included on the attendee list.

We may also take photographs of the event. If we do, we will place signs around the venue bringing this to your attention. If you do not wish to be photographed, please bring this to the attention of a member of our staff.

 

Disclosures and exchange of information and transfers outside the EEA

 

We may disclose and exchange information with our group companies, credit reference agencies, service providers, representatives and agents, other organisations or individuals in order to provide our services, as well as with law enforcement agencies and regulatory bodies for the above reasons.

Information may be held at our offices and those of our group companies, and third-party credit reference agencies, service providers, representatives and agents as described above.

We will not generally transfer personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

The exception to this is when we are instructed to send an individual’s data outside the EEA in connection with providing our services, for example to make a visa application in a foreign jurisdiction or to provide advice/information to an organisation or individual who is outside of the EEA. In such cases, the transfer would take place based either on the individual’s consent or on the basis that it is required for the performance of the contract we have, either with the individual or another party, pursuant to GDPR Article 49.

We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our information security and data protection policies, which are available on request.

For further information please contact our Data Protection Manager (see above).

 

Retention periods

 

Individuals’ data will be held in accordance with the Company’s retention policy, which is available on request. In general, because of our professional requirements the data will be stored for the duration of the relevant relationship with us (which, depending on the circumstances, may be our relationship with a third party), plus 6 years.

 

Direct marketing

 

Information relating to individuals may be used to notify individuals by post, email or other electronic means of our services and those of our group companies in which we believe individuals may be interested. This will only take place where the individual has consented to receive the same, or when we will rely on our legitimate interests, as set out above. Individuals can withdraw consent to use of personal data for marketing at any time by contacting us at richard.hull@3hrcs.com.

 

Rights

 

Individuals have a number of important rights, which can be exercised free of charge. Those are the right to request:

  • access to the individual’s personal information and to certain other supplementary information that this Notice is already designed to address

  • require us to correct any mistakes in the individual’s information which we hold

  • require the erasure of personal information concerning the individual in certain situations

  • receive the personal information concerning that individual which they have provided to us, in a structured, commonly used and machine-readable      format and have the right to transmit those data to a third party in certain situations

  • object at any time to processing of personal information concerning the individual for direct marketing

  • object to decisions being taken by automated means which produce legal effects concerning the individual or similarly significantly affect them

  • object in certain other situations to our continued processing of the individual’s personal information

  • otherwise restrict our processing of the individual’s personal information in certain circumstances.

  • Where consent has been given to any data processing, the individual has the right to withdraw that consent at any time. We will not do anything with an individual’s data not outlined in this notice.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

In order to exercise any of these rights, the individual should contact our Data Protection Manager in writing (see above), providing enough information to identify themselves and let us know the information to which the request relates.

If dissatisfied with any complaint with us, an individual also has the right to make a complaint to the Information Commissioners Office, which is the supervising authority in the UK in relation to data processing. The Information Commissioner can be contacted at ico.org.uk/concerns/ or by telephone: 0303 123 1113 for further information about the rights and how to make a formal complaint.

 

Further enquiries

 

Please contact the Data Protection Manager to correct or request (in accordance with applicable law) information that we hold or in the event of any questions in relation to the above

We may change this notice from time to time, when we do we will inform individuals via e-mail.

3HR Plc (the ‘Company’) Privacy Notice

 

This notice explains how information about you is used.

 

The Company will be the data controller and can be contacted as follows:

 

By post: Data Protection Manager, 3HR Plc, New Broad Street House, 35 New Broad Street, London, EC2M 1NH

 

By e-mail: info@3hrplc.co.uk

 

By phone: 020 7194 8140

 

The information we gather

 

The Company gathers certain information about you. Information about you is also used by our affiliated entities and group companies, including 3HR Corporate Solicitors Limited (our ‘group companies’). When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible for that personal information for the purposes of those laws.

In this notice, references to ‘we’ or ‘us’ means the Company and our group companies.

Information that we gather about you will normally be your name and contact details but given the nature of the services we are providing may also include without limitation your marital status, date of birth, personal mobile phone number, job title and employment details, details of pensions and benefits, hobbies, your dependents, your medical history and information, National Insurance number, and financial or banking information. The provision of information by you is entirely voluntary.

We may also obtain information about you from third parties, such as your employer, our group companies, service providers and agents.

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

The legal basis for processing

 

The processing will sometimes take place based on our legitimate interests. Our legitimate interests may be we are carrying on or may carry on business with your employer. There is a limited privacy impact on you, and we think that you will expect that we will process your data in this way.

If you are our client personally, the processing will usually take place as it is necessary for the performance of the contract between us, or when we are taking steps to enter into a contract. Where we are required to process any special categories of data (such as sensitive medical data) this will be done after we have asked for your consent. Where you have given consent to any data processing, you have the right to withdraw that consent at any time.

 

Systems used to process data

 

We gather information directly from you and also via our websites and other technical systems. These may include, for example, our:

  • computer networks and connections

  • communications systems

  • email and instant messaging systems

  • intranet and Internet facilities

  • telephones, voicemail, mobile phone records

 

Cookies

 

When you use our website we may gather information about you through Internet access logs, cookies and other technical means. ‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information. These are used to track website usage and monitor website activity and for other data processing reasons set out below.

Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about the cookies we use and how to delete them, please click here.

 

Reasons for processing 

 

We process information about you for the following reasons:

  • to provide our services

  • compliance with legal, regulatory and corporate governance obligations and good practice

  • gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests

  • ensuring business policies are adhered to

  • operational reasons, such as recording transactions, training and quality control

  • ensuring the confidentiality of commercially sensitive information

  • security vetting, investigating claims, complaints and allegations of criminal offences

  • statistical analysis

  • preventing unauthorised access and modifications to systems

  • marketing our business and those of our group

  • running our seminars/networking events

  • analysing purchasing preferences and improving services

  • providing customer services

 

Seminars and networking events

 

When we present a seminar and networking event, we will prepare name badges and a list of attendees that will be distributed in the seminar packs. This will be brought to your attention when you sign up for an event, and we will give you the opportunity not to be included on such lists. If you are signing up a colleague or any third party for the event, please confirm with that person that they are happy to be included on the attendee list.

We may also take photographs of the event. If we do, we will place signs around the venue bringing this to your attention. If you do not wish to be photographed, please bring this to the attention of a member of our staff.

 

Disclosures and exchange of information and transfers outside the EEA

 

We may disclose and exchange information with our group companies, credit reference agencies, service providers, representatives and agents, as well as with law enforcement agencies and regulatory bodies for the above reasons.

Information may be held at our offices and those of our group companies, and third party credit reference agencies, service providers, representatives and agents as described above.

We will not transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our information security and data protection policies, which are available on request.

If you would like further information please contact our Data Protection Manager (see above).

 

Retention periods

 

Your data will be held in accordance with the Company’s retention policy, which is available on request. In general, your data will be stored for the duration of your relationship with us, plus 6 years.

 

Direct marketing

 

Information relating to you will be used to notify you by post, email or other electronic means of our services and those of our group companies in which we believe you may be interested. This will only take place where you have consented to receive the same, or when we will rely on our legitimate interests, as set out above. You can withdraw your consent to use of personal data for marketing at any time by contacting us at info@3hrplc.co.uk.

 

Your rights

 

You have a number of important rights, which can be exercised free of charge. You have the right to request:

  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address

  • require us to correct any mistakes in your information which we hold

  • require the erasure of personal information concerning you in certain situations

  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations

  • object at any time to processing of personal information concerning you for direct marketing

  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you

  • object in certain other situations to our continued processing of your personal information

  • otherwise restrict our processing of your personal information in certain circumstances.

Where you have given consent to any data processing, you have the right to withdraw that consent at any time. We will not do anything with your data not outlined in this notice.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of these rights, please contact our Data Protection Manager in writing (see above), providing enough information to identify you and let us know which information to which your request relates.

If you are not satisfied with any complaint you have with us, you also have the right to make a complaint to the Information Commissioners Office, which is the supervising authority in the UK in relation to data processing.

 

Further enquiries

 

Please contact the Data Protection Manager if you would like to correct or request (in accordance with applicable law) information that we hold relating to you or if you have any questions in relation to the above.

We may change this privacy notice from time to time, when we do we will inform you via e-mail.

Cookie Policy     Complaints Information

 

© 2013-2019  3HR Corporate Solicitors Ltd 

Registered in England & Wales | Registered office is New Broad Street House, 35 New Broad Street, London EC2M 1NH
3HR Corporate Solicitors Ltd is registered under the number 08198795
3HR Corporate Solicitors Ltd is a Solicitors Practice, authorised and regulated by the Solicitors Regulation Authority with number 597935

All photography courtesy of Nobuyuki Taguchi | www.nobuyukitaguchi.com