Tower Legal Limited (‘Tower Legal’) is committed to protecting and respecting your privacy rights and your personal information (‘personal data’) to ensure transparency and fairness in dealing with your personal data in accordance with the law, including the General Data Protection Regulation (‘GDPR’) and Data Protection Act 2018.
This Privacy Notice is directed towards our Clients, prospective Clients, employees, consultants and any other third parties. It explains what types of personal data we collect from you, for what purposes, how it is used (‘processed’) by us, the occasions when we are required to share it with others, the security of your data and your rights, including how you can manage the data we hold and how you can contact us.
We also invite you to read our Cookies and Web Analytics notice below.
Tower Legal – who we are
Tower Legal is a highly respected and recognised UK market leader in Legal Risk & Compliance Training and Consultancy for Law Firms. We specialise in: Anti-Money Laundering (AML), Cyber Security, Data Protection & the GDPR, and the Solicitors Regulation Authority’s requirements for Law Firms.
What do we process?
We process your ‘personal data’. This is any data which actually identifies you, or which makes you identifiable. This includes your name, job title, telephone number, email and postal address, information within correspondence between us and in documentation with which you provide us in relation to yourself and others in your Firm or company, and where relevant, your bank details.
We do not process special categories of data (such as race, ethnic origin or religious beliefs). Certain information may be necessary for employment. We do not process children’s data.
Why do we process personal data?
There are various lawful bases – set out below – for processing your data.
We only collect and process data limited to what is necessary, relevant and adequate for such purposes. These include Tower Legal fulfilling its contractual and other legal obligations to its Clients, employees and consultants – existing, past and prospective; and to its suppliers; as well its legal obligations to any other third parties (e.g. HMRC). We may use and process your personal data where it is necessary for us to carry out activities which are in our ‘legitimate interests’. We may therefore include processing your personal data which is necessary to:
- tailor our specialist Training and Consultancy Services and Products
- respond to your enquiries and fulfil the requests you make to us;
- understand you better, including analysing, evaluating and improving our Services to you;
- inform you of updates to our terms and conditions and policies and to provide training reminders, unless you object;
- ensure where possible the accuracy of the data we hold about you;
- comply with requests from you relating to you exercising your legal rights (e.g. including your right to access, update or delete your data, or should you ever ask us not to contact you for marketing purposes);
- contact you should we need to keep you fully informed (e.g. if we move premises)
If you do not provide us with relevant, accurate or adequate data we may not be able to fulfil our contractual obligations to you, our legitimate interests and/or our legal obligations. We rely upon you to ensure that your data remains accurate.
We may seek your consent to us processing your personal data, which will be done clearly and in an intelligible and easily accessible form, using clear and plain language. It will be as easy for you to withdraw as to give such consent.
Who provides us with this personal information?
You and others within your Firm will usually provide us with this personal data. We may obtain data from organisations for which we provide our specialist Training at public courses and conferences. We may also consult professional directories and other publicly available resources including your Firm’s website.
With whom do we share your information?
We have always had a policy that personal data is sacrosanct. We will never share, sell or rent your data with any third party organisations for commercial purposes (save in the event that we sell or merge our business, or any part of it, and the sharing of your data is necessary for those purposes).
Tower Legal may be obliged to share your data to ensure that we comply with our own legal, regulatory, professional and other obligations (e.g. to the Solicitors Regulation Authority and to HMRC).
We want to make sure that we are supporting your Firm and helping it to fulfil its complex and ongoing Legal Compliance needs.
We may contact you to keep you up-to-date with important legal matters and with details of our Services and related Legal Compliance products.
We will always give you the option not to receive marketing communications from us. We will never send you unsolicited ‘junk’ email or communications. We do not share or sell your data with anyone for marketing purposes.
How and where is your personal data processed?
Tower Legal processes your personal data by various methods. These include collecting, organising, consulting, using, adapting, retrieving and storing it. Your personal data is then erased and/or destroyed in accordance with our Data Retention policy (see below). All our data processing, including storage and backing up of your data, occurs within the UK. Consequently, your data will be processed in the UK and not overseas.
There is no automated decision-making or profiling involving your data.
What is our Data Retention policy?
Tower Legal may store your data in hard copy and electronic format (including on our computers, server and on electronic/mobile devices).
We shall keep your data only for as long as may be necessary. This usually means that your data is kept for 7 years after the end of our current accounting period, unless it is required for longer under:
- our contract with you
- our legal obligations (e.g. HMRC)
- our legitimate interests
- your consent
How we protect your personal data
We seek to ensure that there is security appropriate to the risk of processing your personal data. This includes appropriate technical and organisational measures (e.g. encryption and passwords) to help protect against unauthorised or unlawful processing, accidental loss, destruction or damage.
Your personal data rights
You have various rights in relation to your personal data including the right to:
- be informed
- access your personal data (at no cost)
- restrict data processing
- withdraw consent
- not be subject to automated decision-making including profiling
Your rights may be subject to any other supervening legal obligations including those to which Tower Legal may be subject. Should you request access to your data we will use all reasonable measures to verify your identity.
Responsibility for data protection and data privacy
Tower Legal’s Data Protection contact is Tania M Tribius. The Data Controller is Tower Legal.
Contacting the Regulator
You have the right to complain to the Information Commissioner’s Office if you are aware of a data processing breach: www.ico.org.uk.
- write to the ICO at Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
- telephone 0303 123 1113
- write to Tower Legal Limited at 214 Brooklands Road Weybridge Surrey KT13 0RJ
- telephone 01932 821162
- email: firstname.lastname@example.org
Cookies and Web Analytics notice
Some cookies are essential so you can move around the website and use its features. Without these cookies, some services you’ve asked for can’t be provided. These cookies don’t gather information about you that could be used for marketing or remembering where you’ve been on the internet.
What are cookies and how do they work?
Cookies are small bits of text that are downloaded to your computer or mobile device when you visit a website. Your browser sends these cookies back to the website every time you visit the site again, so it can recognise you and can then tailor what you see on the screen.
Cookies we use
Certain cookies are necessary in order for you to use our website. These are used ‘in-session’ each time you visit our site and then expire when you leave the site. They’re not stored on your computer and they do not contain any personal data. However, you can delete them via your browser if you wish to, but this will restrict the functions that you’re able to carry out on our site.
- Secure cookie
A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
We like to keep track of what pages and links are popular and which ones don’t get used so much to help us keep our web site content relevant and up to date. It’s also very useful to be able to identify trends of how people navigate (find their way through) our site and help us provide a more friendly solution.
- Third-party cookie
Managing your cookies
More information about cookies can be found at www.allaboutcookies.org, which provides details on how to delete cookies from your computer or device.
Monitoring and review
This policy is regularly monitored and reviewed.
© Copyright Tower Legal Limited 2018.