Privacy

Kemp Little LLP (“we“, “us“, “our“) is committed to protecting and respecting your privacy. This privacy policy (“Privacy Policy”) sets out how we process personal data about you if you are an individual client (“Individual Client”) or a representative of a client (including a prospective client) (“Client Representative”) to whom we provide legal services (“Services”). It also applies if you are a user of our website www.kemplittle.com (“Site“), referred to in this Privacy Policy as a “Site User”. In this Privacy Policy, references to “you” or “your” may mean an Individual Client, Client Representative or Site User (and depends on the context).

Please read this Privacy Policy carefully to understand our practices regarding the personal data that we collect about you, how and why we use it and your rights in relation to it.

For the purposes of data protection law in the UK, Kemp Little LLP is the controller of your personal data.

Personal data we collect

Individual Clients and Client Representatives

In order to provide Services to our clients, we collect and process the following personal data of Individual Clients and Client Representatives:

• Client Contact Information, such as name, the client you work for, or represent, title or position (if you are a representative of the client), postal address, email address and telephone number(s).
• Client Financial Information, such as bank account details and details of any fees and payments.
• Client Event or Meeting Information you provide to us for the purposes of attending meetings and events, including name and contact details of attendees, dietary preferences and access requirements.
• Client Onboarding Information which includes identification and background information, information relating to anti-money laundering, conflict, reputation, politically exposed persons/sanctions and financial/credit checks, and other information required as part of our regulated client onboarding procedures. We also obtain information from publicly available sources such as public registers of companies, charities, public registers of sanctioned persons and entities (such as, HM Treasury in the UK or the Office of Foreign Assets Control of the United States department of the Treasury) and other public sources including any services accessible on the Internet which you are using for professional networking purposes for example LinkedIn.
• Client Matter Related Information either provided by you, the client, generated by us based on our interactions with you or by others (e.g., other advisors, witnesses or parties to any legal matters or proceedings) during the course of a matter. This may include special categories of personal data, such as information relating to health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data details about an individual’s sex life or sexual orientation (depending on the nature of our instructions).
• Client Marketing Preferences Information which includes marketing and communications preferences.

Site Users

We collect and process the following personal data:

• Site User Contact Information, such as name, telephone number, position, postal address and email address, if you:
  • register for an event;
  • request to receive our newsletters or publications;
  • subscribe to our FlightDeck service available here.
  • contact us in relation to an enquiry or job opportunity; or
  • take part in other features and services we may offer on our Site from time to time.
• Site User Marketing Preferences Information, which includes marketing and communications preferences where you have requested to receive event invitations, newsletter or publications from us.​
• Technical Information which includes details of your visits to our Site and the resources that you access. For example, we may compile reports and statistical analyses about how many users visited our Site, what pages have been browsed, and from what geographic regions users visited our Site. This may include information about your device, including where available your IP address, operating system and browser type, for system administration and to report aggregate information on Site usage.
• Cookies, which we use to enable you to use our Site and the materials on our Site. Cookies are also used to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve our Site. For detailed information on the cookies we use and the purposes for which we use them see our Cookies Policy.

Use of your personal data

We use personal data about you for various purposes connected with our Site and our Services as described below. In order to use your personal data we must have a legal basis for doing so. The legal bases that we rely upon are explained further in the “find out more” section below. We will only use your personal data where it is necessary:

• to fulfil our contract for Services with you (or the client whom you represent);
• to comply with a legal obligation to which we are subject; or
• for our legitimate business interests that are not overridden by your interests, rights and freedoms.

Where none of the above applies, we will request your consent (which we will ask for before we process your personal data).

find out more…

We set out further information about the purposes for which we use personal data about you and legal basis that we rely upon for its use. In some instances, we may intend to use your personal data in ways that are not described below. However, we will inform you before doing so and if necessary seek your consent.

Individual Clients and Client Representatives

Purpose	Legal basis for processing
To provide our client with Services to provide you or the client whom you represent with our Services. to manage or administer our relationship with you or the client whom you represent. to respond to any correspondence, enquiries or feedback that you send to us. to update you with any changes to our terms of business or other policies.	We use your Client Contact Information, Client Financial Information, Client Onboarding Information, Client Event or Meeting Information and Client Matter Related Information (as described above) for this purpose. If you are an Individual Client we process your personal data as it is necessary for the performance of the contract between you and us in relation to our Services. If you are a Client Representative of our client, it is in our legitimate business interest to process your personal data in order to provide our Services to the client you represent.
To satisfy our legal and regulatory obligations to comply with our legal and regulatory obligations, such as Know Your Client, Anti-Money Laundering, Anti-Bribery, and conflict and reputational checks and politically exposed persons/sanctions screening. We also conduct credit checks which may leave a “soft footprint” on your credit history. to submit documentation or responses as required by law.	We use your Client Contact Information, Client Financial Information and Client Onboarding Information (as described above) for this purpose. We process your personal data to satisfy legal and regulatory obligations to which we are subject.
For our business management and administrative purposes to administer and manage our Services and business in an efficient and proper way, including accounting, billing, client management. to manage how we work with third parties which provide services to us. to ensure our business policies and procedures are satisfied and enforce them if they are not. to protect our business and establish, defend or exercise our legal rights. to improve our Services and business by conducting analyses of our clients, matters and financial performance.	We use your Client Contact Information, Client Onboarding Information, Client Events or Meeting Information, Client Financial Information and Client Matter Related Information (as described above) for these purposes. We process your personal data on the basis of our legitimate business interests to manage, administer, protect and improve our Services and our business.
To share information with trusted third parties  see the section Sharing of your personal data for more information	We use your Client Contact Information, Client Financial Information, Client Events or Meeting Information, Client Matter Related Information, Client Marketing Preferences Information and Client Onboarding Information (as described above) for this purpose. It is in our legitimate business interest to share your personal data with trusted third parties where you have instructed us to do so (in the provision of our Services) and with our service providers which act on our behalf and support and enable us to provide our Services to you or the client whom you represent.
To send you relevant communications about events, newsletters or publications to send you information which we think may be of interest to you, including newsletters, publications or events invitations.	We use your Client Contact Information and Client Marketing Preferences Information (as described above) for this purpose. In some instances, you have specifically requested communications from us and we rely on consent as the legal basis for processing your personal data. In other circumstances, we rely on our legitimate interests to send you relevant communications which we think will be of interest to you. You can ask us to stop sending such communications at any time by clicking on the unsubscribe link at the bottom of the communication or by contacting us at privacy@kemplittle.com. Please allow up to 48 hours for any opt out request to be processed.

Site Users

Purpose	Legal basis for processing
To manage and facilitate your use of our Site To provide you access to certain services and features you may choose to use, such as FlightDeck.	We use your Site User Contact Information, Technical Information and Cookies (as described above) for this purpose. We process your personal data for our legitimate business interests in order to provide and manage our Site.
To communicate with you to respond to any enquiries or feedback that you send to us. to consider your application or enquiry in relation to job opportunities. to assist you with any technical problems you have with our Site. to update you about any changes to our terms and conditions or other policies related to your use of our Site	We use your Site User Contact Information (as described above) for this purpose. If you contact us in relation to a job opportunity you may also send us your CV or other information. It is in our legitimate business interest to process your personal data to consider and respond to communications that you send to us and inform you of relevant information in relation to the Site. If you have submitted an enquiry in relation to a job opportunity, you will have done so voluntarily and we rely on your consent in order to consider your suitability for a job.
To share information with our third parties see the section Sharing of your personal data for more information.	We use your Contact Information, Site User Marketing Preferences Information, Technical Information and Cookies (as described above) for this purpose. It is our legitimate business interest to share your personal data with third parties who provide us with services relevant to the provision of our Site.
To send you relevant communications about events, newsletters or publications to send you information which you register for, including newsletters, publications or events invitations.	We use your Site User Contact Information and Site User Marketing Preferences Information (as described above) for this purpose. Where you have requested information from us, such as newsletters, publications or event invitations, we use your personal data to send you such communications. The legal basis on which we rely for this is consent. You can ask us to stop sending such communications at any time by clicking on the unsubscribe link at the bottom of the communication or by contacting us at privacy@kemplittle.com. Please allow up to 48 hours for any opt out request to be processed.
To improve and develop our Site We conduct statistical analyses on your usage of the Site, including to measure how many users were on our Site and the effectiveness of our content. This enables us to improve our Site, offer new features and materials and ensure our Site is useful and effective.	We use Technical Information and Cookies (as described above) for this purpose. It is our legitimate business interest to identify ways to improve our Site

Sharing of your personal data

Individual Clients and Client Representatives

We may disclose your personal data to third parties as described below:

• as part the Services we provide to our clients, we may disclose your personal data to other law firms which are advising the other party to a matter we are assisting you with, the courts, or to other professionals (such as local counsel, accountants, tax advisers, translation providers, technology providers or barristers) as necessary;
• where we are under a legal, regulatory or professional obligation to disclose your personal data to the Solicitors Regulation Authority or other regulatory authorities, courts, tribunals, government agencies or law enforcement agencies;
• as necessary in order to uphold the terms of our engagement with our client or to exercise, defend or protect our legal rights;
• our banks, professional advisers, debt collectors, insurers and brokers, credit reference agencies and auditors to manage and administer our business;
• third party service providers which provide us with services, including IT providers, analytics providers, anti-money laundering and client verification providers, debt collection agencies, credit checking companies event hosting companies and marketing providers;
• if Kemp Little LLP, or substantially all of Kemp Little LLP’s assets are merged or acquired by a third party, in which case your personal data may form part of the transferred or merged assets.

Site Users

We may disclose your personal data to third parties as described below:

• Third party service providers which provide us with services e.g. hosting services, website analytics, event organisers, marketing providers, etc
• Where we are under a legal, regulatory or professional obligation to disclose your personal data to regulatory authorities, courts, tribunals, government agencies or law enforcement agencies;
• As necessary in order to defend or protect our legal rights and those of individuals at Kemp Little; and
• If Kemp Little, or substantially all of Kemp Little’s assets are merged or acquired by a third party, in which case your personal data may form part of the transferred or merged assets.

If you would like to receive a full list of our service providers and other third parties with whom we share your personal data, please get in touch with us using the details provided below.

Transfers of your personal data

Your personal data may be transferred to and stored at a destination outside the European Union (“EU“) depending on the nature of the Services we provide to you. It may also be processed outside the EU by one of our service providers. Where this occurs, we will ensure that your personal data is protected by implementing appropriate safeguards, such as a European Commission adequacy decision, the EU-US Privacy Shield Certification or the EU Commission approved Standard Contractual Clauses. If you would like more information about any of the transfer safeguards we implement please contact us using the details as set out below in this Privacy Policy.

How we protect your personal data

We implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that assist in securing personal data. We also contractually require our service providers to comply with strict data privacy requirements.

How long we keep your personal data for

The period for which we may retain your personal data will depend on the type of personal data collected, the purposes for which it was collected, applicable limitation periods for the exercise of legal rights and whether any legal or regulatory obligations require the retention of the personal data.

Your rights

You may have some or all of the following rights in respect of the personal data about you that we process. We explain your rights in more detail in the “find out more” section below. You may:

• request us to give you access to it;
• request us to rectify or update it;
• request us to restrict our using it, in certain circumstances;
• request us to erase it, in certain circumstances;
• object to our using it, in certain circumstances;
• withdraw your consent to our using it;
• data portability, in certain circumstances;
• opt out from our using it for direct marketing; and
• lodge a complaint with the relevant supervisory authority.

You are able to exercise these rights by contacting us at privacy@kemplittle.com.

find out more…

You may have some or all of the rights set out in the table below:

Right in respect of the personal data about you that we hold	Further detail (certain legal limits to all these rights apply)
to request us to give you access to it	This is confirmation of: whether or not we process personal data about you; our name and contact details; the purpose of the processing; the categories of data concerned; the categories of persons with whom we share your personal data and, where any person is outside the EU, the appropriate safeguards for protecting your personal data; (if we have it) the source of your personal data, if we did not collect it from you; (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and the criteria for determining the period for which we will store your personal data. On request, we will provide you with a copy of your personal data we hold about you.
to request us to rectify or update it	This applies if your personal data we hold is inaccurate or incomplete.
to request us to restrict our using it	This right applies, temporarily while we look into your request, if you: contest the accuracy of your personal data we use; or have objected to our using your personal data on the basis of legitimate interest, and if you make use of your right in these cases, we will tell you before we use your personal data again. This right applies also if: our use is unlawful and you oppose the erasure of your personal data; or we no longer need your personal data, but you require it to establish a legal case.
to request us to erase it	This applies if: your personal data we hold is no longer necessary in relation to the purposes for which we use it; we use your personal data on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all personal data about you in which case we will respect your wishes); we use your personal data on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it; your personal data was unlawfully obtained or used; or to comply with a legal obligation.
to object to our using it	You have two rights here: if we use personal data about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and if we use personal data about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
to withdraw your consent to our using it	This right applies to any personal data which we have collected and process based on your consent. You have the right at any time to withdraw the consent you have provided to us.
to data portability	This right applies: to personal data that you have provided to us; and if we use your personal data on the basis either of your consent, or on the basis of discharging our contractual obligations to you. If both apply, you have the right to receive your personal data from us in a commonly used format, and the right to require us to transmit your personal data to someone else if it is technically feasible.
to lodge a complaint with the relevant supervisory authority and seek a remedy from a national court	Each European Union country has a supervisory authority responsible for upholding data protection rights. In the UK, this is the Information Commissioner’s Office. You can find contact details of other supervisory authorities here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm You also have the right to take your complaint to a national court and obtain a remedy from a national court.

Contact us

If you have any questions, would like to exercise any of your rights in relation to your personal data or need further information about our privacy practices, please contact us at privacy@kemplittle.com or write to us at Kemp Little LLP, Cheapside House, 138 Cheapside, London, EC2V 6BJ.

Changes to this policy

We may update this Privacy Policy (and any supplemental privacy policy), from time to time. We will notify you of the changes where we are required to do so by applicable law.

This Privacy Policy was last modified on 24 May 2018. If you would like a copy of a previous version of this Privacy Policy, please contact us.

Third party websites, plug-ins and applications

Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins and applications and are not responsible for their privacy policies, notices and statements. When you leave our Site, we encourage you to read the privacy policies, notices and statements of every website you visit.