PRIVACY POLICY (THE “POLICY”)

1. Personal Data we Collect In this Section we have set out the kinds of personal data that we may collect, use, store and transfer. We have grouped that data together into different categories based on its subject matter, and based on the kinds of individuals to whom they relate. 1.1 We may use data about your use of our Site (“usage data”), which we obtain through our analytics tracking systems. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. 1.2 We may use information contained in or relating to any enquiry or communication that you send to us or that we send to you (“correspondence data”), whether through the Site, by email, through social media or otherwise. This could for example include enquiries from actual or prospective clients, enquiries from journalists or any other correspondence. The correspondence data may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us such as your name, email address, phone number, job title, address or social media username. 1.3 Where we are instructed in relation to any particular legal matter, we may use information for the purposes of setting up that matter in our systems, such as your name and contact details. We may also use personal information contained within matter-related correspondence and documents, whether created by us or provided to us. We call all of this “matter data”. 1.4 We may use information relating to transactions, such as bank account details, contact details or transaction data in relation to payments made by us to you or by you to us (“transaction data”). This may include your contact details, any bank account or sort code information provided for the purposes of making payment, and the transaction details (such as POs or invoices). 1.5 If we have or intend to develop some other commercial or business relationship with you or with your employer (for example, a supply, purchase, sponsorship or referral relationship, or if we are dealing with you as a counterparty or advisor in a legal matter on which we are advising) then we may handle your contact details (name, job title, email address, postal address, telephone number), any related communications, and any related documents (such as contracts, POs and invoices, proposals and so on). We call all of this “business data”. Personal data we obtain from others 1.6 Your personal data may be provided to us by someone other than you. We might be introduced to you in correspondence by a mutual acquaintance – for example, in the context of a referral - or your employer might introduce us to you, or we may obtain your contact details in the course of market research if you have a public role and if those details are publicly available whether on public registers or otherwise (for example LinkedIn). Normally, this data will be correspondence data or business data as described above. 2. Our purposes and legal bases of processing 2.1 We have set out below, in table format, a description of all the ways we may use your personal data. We are also required by law to identify the legal basis on which we handle personal data. When we use personal data on the basis of our legitimate interests then we also need to identify those legitimate interests and have done so below. 2.2 Note that we may use your personal data on more than one legal basis depending on the specific purpose for which we are using your data. You may contact us for further information if you wish. Type of DataPurpose/ActivityLegal Basis for Processing Usage dataAnalyzing the use of, and improving, our Site and services, security monitoring and to ensure the Site is presented in the most effective manner.Our legitimate interests, namely delivering and improving our Site, informing marketing strategy, and ensuring the security of the Site. Correspondence dataTo communicate with you. In particular, we may use correspondence data to provide you with occasional news about our services and marketing communications (although you will be free to unsubscribe at any time).Our legitimate interests, namely properly administering our business and communications, developing our relationships with interested parties and addressing user concerns and queries. Where correspondence data relates to marketing, our legitimate interests in developing our business. Where correspondence data relates to a potential contract with you, then our legal basis may be for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you. Matter dataOperating our business, providing our services, and communicating with you. Performance of a contract with you (i.e. delivering our services). Our legitimate interests, namely properly administering our business, services and communications. Transaction dataMaking and receiving payments to and from our clients and suppliers. Debt recovery.Performance of a contract with you. Our legitimate interests, namely in making and receiving payments promptly, and recovering debts. Business dataAdministering our commercial relationship with those with whom we do business or intend to do business.Performance of a contract with you. Our legitimate interests, namely properly administering our business and communications, and developing commercial relationships. Any personal dataFor the purposes of running conflict or credit checks in relation to prospective clients, and/or “know your client”, identity or anti money-laundering checks.Our legitimate interests, namely fraud prevention, credit risk assessment and avoiding conflicts of interest. Compliance with our legal obligations where we are required to conduct these checks by law. Any personal dataFor the purposes of legal compliance (e.g. maintaining tax records.Compliance with our legal obligations. Any personal dataFor the purposes of bringing and defending legal claims.Our legitimate interests, namely being able to conduct and defend legal claims to preserve our rights and those of others. Any personal dataRecord-keeping and hosting, back-up and restoration of our systems.Our legitimate interests, namely ensuring the resilience of our IT systems and the integrity and recoverability of our data. 3.Providing your personal data to others 3.1Our correspondent offices. We may disclose your personal data to associated offices in other jurisdictions. 3.2Our advisors. We may disclose your personal data to our insurers and/or professional advisers and/or financial advisers and/or consultants to take professional advice. 3.3Disclosures designated by you. We may disclose your personal data to third parties designated by you, such as other counsel advising on a matter on which we are instructed. 3.4Our service providers. We may disclose personal data to our service providers or subcontractors in connection with the uses we have described above. For example, we may disclose: (a)any personal data in our possession to suppliers which host the secure servers on which our data is stored. In particular, an affiliate of Microsoft Corporation provides us with Microsoft 365, including OneDrive and may host emails, documents and contact information on its servers in the USA. We also use the services of cloud providers in the United Kingdom and the European Union; (b)to freelance staff whose duties involve handling the relevant personal data; (c)correspondence data to providers of email or email marketing services; (d)usage data to providers of analytics services; and (e)business data and other relevant personal data to third parties for the purposes of fraud protection, and identity checks, credit risk reduction, conflict checks and /or debt recovery. 3.5We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law. 3.6Compliance. We may also disclose your personal data where necessary to comply with law. 3.7Restructuring. If any part of our business is proposed to be sold or transferred, your personal data may be disclosed to the new owner, or potentially to a potential buyer in connection with the relevant negotiations. 4.International transfers of your personal data 4.1Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the United Kingdom or the EEA or may transfer your personal data to their own service providers located outside the United Kingdom or the EEA. If so, then we will ensure that transfers will only be made lawfully (e.g. to countries in respect of which the relevant UK authority or the European Commission has made an "adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the relevant UK authority or the European Commission). You may contact us if you would like further information about these safeguards.. 4.2We may also transfer personal data outside the United Kingdom or the EEA from time to time: (a)with your consent; (b)where required by your instructions (for example, if we are supporting you on a contractual negotiation where the counterparty is based outside the United Kingdom or the EEA); or (c)if we take our mobile devices with us when travelling overseas to ensure continuity of service. 5.Data security 5.1We have put in place appropriate security measures to protect your personal data. We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law. 5.2Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem. 6.Retaining and deleting personal data 6.1We comply with our legal obligations in relation to the retention and deletion of personal data, and in particular ensure that personal data that we process is not be kept for longer than is necessary for the relevant purposes. In particular: (a)Matter data, business data and transaction data will be retained for seven years after the end of the relevant contractual relationship; correspondence data which does not relate to a matter or transaction will be retained for the period of the enquiry or chain of correspondence and then deleted after twenty-four months; and (b)any data which is anonymized, and therefore not personal data, may be retained by us indefinitely. Typically this will be derived from usage data. 6.2We may retain your personal data longer than set out above where necessary to comply with law or in connection with any legal claim. 7.Your rights 7.1You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office at www.ico.gov.uk for a fuller explanation of your rights. You may exercise any of your rights by using the contact details set out in Section 9 of this Policy. We may be entitled to charge a reasonable fee, or refuse to comply with your request, if the request is unfounded or excessive. In summary, these rights are: (a)the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with certain additional information; (b)the right to rectification: you have the right to have any inaccurate or incomplete personal data about you rectified or completed; (c)the right to erasure: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes); (d)the right to restrict processing: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law; (e)the right to object to processing: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law; (f)the right to data portability: you have the right to receive your personal data from us if the legal basis for our processing is the performance of a contract with you, and such processing is carried out by automated means; and (g)the right to complain to a supervisory authority: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint with the ICO. We would however encourage you to contact us in the first instance, as we will aim to resolve any concerns or complaints you may have directly. 8.Amendments We may update this Policy from time to time by publishing a new version on the Site. You should check occasionally to ensure you are happy with any changes to this Policy, although we may notify you of significant changes to this Policy using the contact details you have given us. 9.Contact Us If you have any questions, comments or requests regarding this Policy or our use of any personal data you provide to us or regarding the exercise of your rights; or wish to update your personal data, please contact us at 4th Floor, 18 St Cross Street, London, United Kingdom, EC1N 8UN. Last updated: 14 October 2023