privacy policy

1. INTRODUCTION

PURPOSE OF THIS PRIVACY NOTICE

Diego Garrigues respects your privacy and is committed to protecting your personal data. This privacy notice sets out how I collect and process your personal data when I provide services to you, when you communicate with me or when you visit my website or any other associated websites under my control (“websites”) and tells you about your privacy rights and how the law protects you

It is important that you read this privacy notice together with any other privacy notice or fair processing notice I may provide on specific occasions when I am collecting or processing personal data about you so that you are fully aware of how and why I am using your data. This privacy notice supplements the other notices and is not intended to override them.

If you have any such questions, including any requests to exercise your legal rights, please contact me by emailing diego.garrigues@gaviationlaw.com or by writing to me, 21 Ganton Street, W1F 9BN London or by calling +44 (0)7342883744.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact me in the first instance.

CHANGES TO THE PRIVACY NOTICE

I reserve the right to update and change this privacy notice from time to time in order to reflect any changes to the way in which I process your personal data or changing legal requirements. In case of any changes, I will publish the changed privacy notice on my websites and may publish or bring it to your attention by other means. The changes will take effect as soon as they are posted on my website.

It is important that the personal data I hold about you is accurate and current. Please keep me informed if your personal data changes during your relationship with me.

PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO ME

If you provide personal data to me about someone else (such as your directors or employees, or someone with whom you have business dealings) you must ensure you are entitled to disclose that personal data to me and that, without me taking any further steps, I may collect, use and disclose that personal data as described in this privacy notice. You must ensure that the individual concerned is aware of the various matters detailed in this privacy notice

THIRD-PARTY LINKS

My websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control these third-party websites and I’m not responsible for their privacy statements. When you leave my websites, I recommend and encourage you to read the privacy notice of any other website you visit.

2. THE DATA I COLLECT ABOUT YOU

Personal data, or personal information, means any information which is related to an identified or identifiable natural person (i.e. you as an individual). It excludes any data which does not relate to an identified or identifiable individual or personal data rendered anonymous in such a manner that you (as the data subject) are not identified or no longer identifiable (anonymous data).

“Special categories” of particularly sensitive personal information require higher levels of protection. I may need to be able to collect, store and use this type of personal information for the legal services I provide.

I may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, job title, username or similar identifier used by you on any of our platforms or portals, marital status, title, date of birth and gender.
  • Contact Data includes postal address (including home, business and billing addresses), email address, telephone numbers and fax numbers.
  • Financial Data includes bank account, payment card details and other data necessary for fraud prevention and other related billing information.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from me.
  • Instruction Data includes business information necessarily processed in a project or client contractual relationship with me or voluntarily provided by you, such as instructions given, payments made, requests and retainer information.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
  • Profile Data includes your username and password for any of my websites and portals, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use my websites, products and services and visits to my offices.
  • Marketing and Communications Data includes your preferences in receiving marketing from me and my third parties and your communication preferences.
  • Third Party Data includes information that you provide to me during the course of any instruction that relates to third parties that you are connected to (as per the statement above, this information may also be Personal Data relating to those third parties).
  • Special Category Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, data concerning sex life or sexual orientation. Although under the data protection laws, information relating to criminal offences and convictions is not included within the definition of special category data, for the purposes of this privacy notice I include reference to criminal convictions and offences under the category of “Special Category Data”.
  • I may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if I combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, I treat the combined data as personal data which will be used in accordance with this privacy notice.

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where I need to collect personal data by law, or under the terms of a contract I have with you and you fail to provide that data when requested, I may not be able to perform the contract I have or are trying to enter into with you. In this case, I may have to cancel a product or service you have with me but I will notify you if this is the case at the time.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:

  • Where I need to perform the contract I am about to enter into or have entered into with you. This includes:
    • Processing and delivering products and services to you including managing payments, fees and charges and collecting and recovering money owed to me – my legitimate interest is being able to recover debts owed to us.
    • Managing my relationship with you including notifying you about changes to my terms or privacy notice and asking you to provide a reference or take a survey.
    • Enabling you to partake in a prize draw, competition or complete a survey or to attend an event that I am organising alone or jointly with others.
  • Where it is necessary for my legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes:
    • Registering you as a new client and processing and delivering products and services to you
    • my legitimate interest is being able to provide legal services or products to you and/or being able to recover debts owed to me.
    • Managing my relationship with you including notifying you about changes to our terms or privacy notice and asking you to provide a reference or take a survey – my legitimate interest is keeping my records updated and studying how clients use my products/services.
    • Enabling you to partake in a prize draw, competition or complete a survey or to attend an event that I am organising alone or jointly with others – my legitimate interest is studying how clients use my products/services, developing them and growing my business.
    • Administering and protecting my business and my websites – my legitimate interest is running my business, providing administration and IT services, network security, preventing fraud and in the context of a business reorganisation or group restructuring exercise.
    • Delivering relevant website content and marketing to you and measuring or understanding the effectiveness of the marketing I serve to you – my legitimate interest is studying how clients use my products/services, developing them, growing my business and informing my marketing strategy.
    • Using data analytics to improve my websites, products/services, marketing, client relationships and experiences – my legitimate interest is defining types of clients for my products and services, keeping my websites updated and relevant, developing my business and informing my marketing strategy.
    • Making suggestions and recommendations to you about goods or services that may be of interest to you – my legitimate interest is developing my products/services and growing my business.
  • Where I need to comply with a legal or regulatory obligation or where the processing is necessary for the establishment, exercise or defence of legal claims. This includes:
    • Registering you as a new client and processing and delivering products and services including collecting and recovering money owed to us.
    • Managing my relationship with you including notifying you about changes to my terms or privacy notice and asking you to provide a reference or take a survey.
    • Administering and protecting my business and my websites.
    • Complying with legal or regulatory obligations (such as record keeping), compliance screening or recording (such as anti-money laundering and fraud and crime prevention) and court orders.
  • Where I need to carry out a task in the public interest (for example the prevention of fraud). This includes:
    • Registering you as a new client and processing and delivering products and services to you.
    • Complying with legal or regulatory obligations (such as record keeping), compliance screening or recording (such as anti-money laundering and fraud and crime prevention) and court orders.
  • Where you have provided your consent, including:
    • Where you request or subscribe to any of my publications or newsletters.
    • Where you make an enquiry or otherwise interact on my websites (including by any chat function on any of my websites).
    • Where you attend a seminar or other event or complete a survey.
    • Where you request marketing to be sent to you.

SPECIAL CATEGORY DATA

I will only use your Special Category Data when the law allows me to. Most commonly, I will use your Special Category Data in the following circumstances:

  • In limited circumstances, with your explicit written consent (or the consent of the relevant data subject if that is not you) for example when I process special category personal data in connection with the registration for and provision of access to an event or seminar. Specifically, I may ask for health information to identify and be considerate of any disability or dietary requirement. I use such information based on your consent. If you do not provide information about disabilities or dietary requirements I will not be able to take appropriate steps to accommodate your disabilities or dietary requirements. You have the right to withdraw consent to my use of special category personal data in connection with events and seminars by contacting me.
  • Where it is needed in the substantial public interest (for example to prevent fraud).
  • Processing relates to personal data which you or (if you are not the relevant data subject) the data subject has made public.
  • Processing is necessary for the establishment, exercise or defence of legal claims.

MARKETING

You may receive marketing communications from me if you have requested information from me or purchased products or services from me or if you provided me with details when you registered to take part in an event that I am organising either alone or in conjunction with others and, in each case, you have not opted out of receiving that marketing.

I will get your express opt-in consent before I share your personal data with any company for marketing purposes.

You can ask me to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting me at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to me as a result of a product/service purchase or other transactions. Opting out will not apply to any personal data that I am required to keep for regulatory, compliance or legal reasons.

CHANGE OF PURPOSE

I will only use your personal data for the purposes for which I collected it, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact me.

If I need to use your personal data for an unrelated purpose, I will notify you and I will explain the legal basis which allows me to do so.

Please note that I may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. COOKIES

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of my websites may become inaccessible or not function properly.

6. DISCLOSURES OF YOUR PERSONAL DATA

I may have to share your personal data with third parties for the purposes set out in paragraph 4 above. The third parties I may share personal data with are:

  • Service providers acting as processors who provide IT and system administration services.
  • Organisations who provide services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and organisations providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared.
  • Professional advisers including bankers, auditors and insurers based in the EEA or outside the EEA who provide consultancy, banking, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
  • Barristers, other legal specialists (including mediators), consultants or experts based inside and outside the EEA as appropriate who provide consultancy services in relation to a client matter.
  • Foreign law firms based inside and outside the EEA as appropriate for the purpose of obtaining foreign legal advice.
  • Courts, law enforcement authorities, regulators or attorneys or other parties based inside and outside the EEA as appropriate for the purpose (where it is reasonably necessary) of the establishment, exercise or defence of a legal or equitable claim, or for the purposes of dispute resolution.

I require all third parties to respect the security of your personal data and to treat it in accordance with the law. I only permit my third-party service providers to process your personal data for specified purposes and in accordance with my instructions.

7. INTERNATIONAL TRANSFERS

Some of my third party service providers (including any sub-processors appointed by them) are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever I (and/or my third party service providers) transfer your personal data out of the UK, I will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Your personal data is only transferred to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where I (and/or my third party service providers) use certain service providers, specific contracts approved for use in the UK which give personal data the same protection it has in the UK are used, or any alternative transfer mechanisms as recognised by applicable data protection law are implemented.Please contact me if you want further information on the specific mechanism used by me when transferring your personal data out of the UK.

8. DATA SECURITY

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on my instructions, and they are subject to a duty of confidentiality.

I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.

9. DATA RETENTION

I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, I consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which I process your personal data and whether I can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances I may anonymise your personal data (so that it can no longer be associated with or identify you) for research or statistical purposes in which case I may use this information indefinitely without further notice to you.

10. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights are to:

  • Request access to your personal data (commonly known as a “data subject access request”).
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time where I am relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact me.