Privacy Notice

OVERVIEW

The privacy of your personal data is important to PCB. This Notice describes our privacy policy in the
light of new data protection laws and applies to all users of our Website and to those who wish to
contact us by other means.

PCB is registered as a data controller with the Information Commissioner’s Office (ICO) which is the
UK’s independent regulator set up to uphold information rights. As a data controller we are
responsible for ensuring that when we process personally identifiable information we comply with EU
and UK data protection law and use it in accordance with our clients’ instructions and our professional
duty of confidentiality.

If you have any questions about this notice please get in touch with your usual PCB contact.

INFORMATION WE COLLECT

PCB may ask for and collect from you personally identifiable and other information at certain
points throughout our Website and in response to your enquiries. Depending on the
information and/or services you request, you may be asked to provide your name, email and
residential address and other information. In addition to the information you knowingly
provide PCB collects the domain names and IP addresses of its visitors, along with usage
statistics (e.g. types of web browsers and operating systems used) and browsing history. This
data is used to operate PCB’s business more efficiently, promote our services and administer
the Website. PCB may combine this information with the personally identifiable and other
information it collects.

PCB also collects any information you may choose to provide in your communications with
us. Please do not send any confidential information until we have confirmed in writing that
we represent or act for you. Unsolicited communications from non-clients do not establish a
lawyer-client relationship, may not be privileged and may be disclosed to others.

PCB does not collect personally identifiable information about your online activities over
time and across third party websites or online services. Our third party partners do not collect
personally identifiable information about your online activities over time and across third
party websites or online services through your use of the Website.

HOW AND WHY WE USE YOUR PERSONAL INFORMATION

  • Under data protection law we can only use your personal information if we have a proper
    reason for doing so, for example:
  • To comply with our legal and regulatory obligations;
    For our legitimate interests or those of a third party; such cases may be where we have
    a business or commercial reason to use your personal information so long as these are
    not overridden by your own rights and interests;
  • For the performance of our contract with you or to take steps at your request before
    entering into a contract;
  • You have freely given consent, knowing this can be withdrawn at any time.

In general terms we will collect personally identifiable information in order to:-

  • Provide legal and professional services to you, to manage our relationship and comply
    with our legal obligations arising from it;
  • Provide you with information about our business and the services we offer;

To provide legal services to you we conduct checks to identify and verify the identity of our
clients. We also use screening software for financial and other sanctions or embargoes to help
detect and prevent financial crime. Other processing is necessary to comply with professional,
legal and regulatory obligations that apply to our business, e.g. under health and safety
regulations, provision of Statutory returns, employment law obligations or rules issued by our
professional regulator, the Solicitors Regulation Authority. All these uses are in order to
comply with our legal and regulatory obligations and for our legitimate interests or those of a
third party. Any personally identifiable information we receive from you for the purpose of
preventing money laundering and/or terrorist financing will only be used for that purpose or
with your express consent, or as permitted by or under another enactment.

We also use your personal information for:-

  • Gathering and providing information required by or relating to audits, enquiries or
    investigations by regulatory or law enforcement bodies;
  • Ensuring our business policies (and client requirements) are adhered to, e.g. policies
    covering security and internet use.
  • Operational reasons to improve our services by undertaking research and analysis,
    training and quality control;
  • Ensuring the confidentiality of commercially sensitive information;
  • To respond to any complaint or allegation made against us;
  • Managing our business and to provide information required by our clients;
  • Preventing unauthorized access and modifications to systems;
  • Updating and maintaining client records.

All the above-mentioned uses are firstly because we or a third party have legitimate interests
in these matters. Further, these uses are to comply with our legal and regulatory obligations.

CHANGE OF PURPOSE

We will only use your personal information for the purposes for which we collected it, unless
we reasonably consider that we need to use it for another reason which is compatible with the
original purpose. Should we need to use your personal information for an unrelated purpose,
we will notify you and explain the lawful basis which allows us to do so.
We may process your personal information without your knowledge or consent, in
compliance with the above rules where this is required or permitted by law.

WHO WE SHARE YOUR PERSONAL INFORMATION WITH

We share personal information with:-

  • Professional advisers who we instruct on your behalf or refer you to, e.g. litigation
    professionals, accountants, tax advisors or other experts;
  • Other third parties in order to carry out your instructions, e.g. HM Land Registry for a
    property transaction, Companies House or your mortgage provider;
  • Our insurers and brokers;
  • The auditors of our accounts;
  • Our banks;
  • External service suppliers, representatives and agents which we use to make our
    business more efficient, e.g. typing services (see below), compliance advisers,
    document collation or analysis suppliers;
  • Our IT support and service providers, as a consequence of them providing support to
    us.
  • Law enforcement agencies and regulatory bodies to comply with our statutory and
    regulatory obligations.

Please note that we only allow our service providers to handle your personal information if we
are satisfied they take appropriate measures to protect your personal information. We impose
contractual obligations on service providers to ensure they can only use your personal
information to provide services to us and to you.

WHERE YOUR PERSONAL INFORMATION IS HELD

Information may be held at our offices or off-site storage facilities or in secure data centres in
the UK, or in the offices of our third party agencies, service providers, representatives and
agents as described above. A third party service provider is based outside the European
Economic Area (EEA), please see below.

PERSONAL DATA TRANSFERS OUTSIDE THE EEA

In processing transactions PCB sometimes uses secretarial services provided by an
outsourcing service company which is managed for us by a reputable management
consultancy provider, currently Magellan Consultancy Services. This will entail a brief
transfer of certain personal data such as names and addresses to India. This jurisdiction is not
considered security-compliant by the European Commission but we reassure you that we take
all reasonable measures to keep your data secure in these processes.

HOW LONG YOUR PERSONAL DATA WILL BE KEPT

We will only retain your personal information for as long as necessary to fulfil the purposes
for which we collected it, including the purposes of satisfying any legal, accounting or
reporting requirements.

When it is no longer reasonable or necessary to retain your personal information we will
destroy, delete or anonymise it. To determine the appropriate retention period we consider the
amount, nature and sensitivity of the personal information, the potential risk of harm from
unauthorised use or disclosure of it, the purposes for which we process your personal
information and whether or not we can achieve those purposes through other means, plus any
applicable legal requirements. In some circumstances you can ask us to delete your data –
please see below.

Clients’ personal information will be retained for as long as is necessary to:-

  • Carry out our services for your matter;
  • Respond to any questions, complaints or claims made by you or on your behalf;
  • Show that we treated you fairly;
  • Keep records required by law to comply with our legal obligations and our duties to
    our regulator. Anti-money laundering legislation requires us to retain records,
    documents and information relating to a matter, including a copy of your identity
    documentation / electronic verification thereof plus any screening outputs for five
    years from the conclusion of your matter or when our business relationship with you
    ends.

COMPLAINTS OR REQUESTS

If you are not a client of ours but you complain to us about how we have processed your
personal information or you seek to exercise a data protection right such as a Subject Access

Request, we will retain details of your complaint or request. Your information supplied will
only be used to process the complaint or request, to audit the level of service we have
provided and to provide information to our insurers or regulator.

We will keep information in connection with the complaint or request in line with our
retention policy which in most cases is six years.

HOW WE PROTECT YOUR PERSONAL INFORMATION

Keeping information secure is a key part of data protection compliance. We have put in place
appropriate security measures to prevent your personal information from being accidentally
lost, used or accessed in an unauthorised way, altered or disclosed. Further, we limit access to
your personal information to those Partners, fee-earners, employees, agents, contractors and
other third parties who have a business need to know and they are subject to a duty of
confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will
notify you and our regulator of a breach, dealing with as expeditiously as possible. Our Data
Security Policy includes regular staff training in order to ensure and verify that all adhere to
our policies and procedures.

YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

You are entitled at any time to ask us for a copy of the personal information we hold about
you. This is known as a Subject Access Request and this is free of charge by contacting the
Data Control Officer at PCB. We aim to respond to your request within one month once we
have assessed how feasible your request is. Should your request appear to be manifestly
excessive or unreasonable we may need to levy an appropriate fee or negotiate with you how
best to proceed, if at all.

In certain circumstances you can ask us to restrict our processing of your personal
information, e.g. if you contest its accuracy. We will always review your request and will
inform you if we decide we are not required to action it. If you require us to restrict or stop
processing your personal data in any way this may impact on our ability to provide our legal
or professional services to you. Depending on the nature of your requests we may have to stop
acting for you but you will still have to pay any unpaid fees and disbursements which we have
incurred on your behalf to date.

You are entitled to ask that we send a copy of the personal information we hold about you to
another organisation for your own purposes, e.g. if you intend to instruct another service
provider instead of us. If you want us to move, copy or transfer your personal data please
contact our Data Control Officer. We aim to respond to your request within one month once
we have assessed the feasibility of your request, taking into account the technical capability of
the other organisation involved.

Please note that we do not use your personal information for automated decision making.

HOW TO COMPLAIN

Our Complaints Procedure is accessible on our website, pcblawyers.com or on request
via hard copy. We hope that any query or concern can be resolved using this procedure. We
will investigate your complaint but if you are not satisfied with our response or believe we are
processing your personal information unlawfully you can complain to the UK Information
Commissioner’s Office (ICO). Further information can be obtained from the ICO website at
ico.org.uk or telephone 0303 123 1113.

Please note that the EU General Data Protection Regulation also gives you the right to lodge a
complaint with a supervisory authority, in particular in the EU (or EEA) State in which you
work, live or where any alleged infringement of data protection laws occurred. The UK
supervisory authority is the Information Commissioner.

FURTHER HELP

If you need any further help with any aspect of this Privacy Notice please contact us at:
The Data Control Officer,
PCB Lawyers LLP,
70, Baker Street,
LONDON, W1U 7DL
Or by phone at +44(0) 20 7299 9251

ISSUED MAY, 2018