Privacy policy

CMS Cameron Mckenna Nabarro Olswang LLP

We are committed to protecting your Personal Data.

This Privacy Policy contains important information about who we are and how and why we collect, store, use and share your Personal Data. This Privacy Policy also sets out the rights and options you have in relation to your Personal Data.

In this Privacy Policy “Personal Data” is information relating to you, which can be used to personally identify you (either directly or indirectly).

References to “you” or “your” are references to individuals whose Personal Data we process in connection with the provision of our services.

UPDATES this Privacy Policy was last updated on 31 December 2020. We may make minor changes to this Privacy Notice to reflect changing legal requirements or our processing practices. When we make these changes we will publish the updated notice on our Website and copies of prior versions can be requested from our Data Protection Lead.

Our websites are managed by CMS Legal Services EEIG, which gathers information from the use of our websites and shares it with member firms including us. For details please see the CMS Legal Services EEIG Privacy Policy https://cms.law/en/gbr/footer-configuration/privacy-policy#I

If you would like more information about the use of cookies and other web tracking devices on our websites, please see our Cookie Policy which can be found here: https://cms.law/en/gbr/footer-configuration/cookie-notice.

The Early Talent website also uses additional cookies and these cookies are controlled by CookieBot, details can be found here: https://www.cmsearlytalent.com/cookies/.

Who are we?
1. CMS Cameron McKenna Nabarro Olswang LLP (“CMNO”) is a member of CMS Legal Services EEIG, a European Economic Interest Grouping that coordinates CMS Member firms. Client Services are provided by CMNO and its associated offices in other countries (the “CMNO Entities”). For full details of the CMNO Entities please see the Legal Information page of our website https://cms.law/en/int/footer-configuration/legal-information#United-Kingdom. This Privacy Policy applies to the CMNO Entities in the following jurisdictions: Australia Belgium, Brazil, Bulgaria, China, Czech Republic, Hong Kong, Hungary, Oman, Poland, Romania, Singapore, Slovakia, Turkey, Ukraine, UAE and the United Kingdom. In this Privacy Policy, references to “we,” “us” “our” means the CMNO Entities.

Who is responsible for your Personal Data?
1. Your data will be controlled by the CMNO Entity that you have instructed, or the CMNO Entity that is providing services to, or communicating with you. In the UK, the relevant CMNO Entity is CMS Cameron McKenna Nabarro Olswang LLP, an English limited liability partnership with registration number OC310335, Cannon Place, 78 Cannon Street, London EC4N 6AF.
2. In some circumstances CMNO acts as a joint controller of Personal Data with other CMNO Entities. This means that CMNO will jointly determine the purpose and means of processing with other CMNO entities. Please see section 9, ‘Who we share your personal data with’, for more details of the circumstances in which CMNO acts as a joint controller.
3. Insofar as CMNO is acting as a joint controller of personal data CMNO shall be the point of contact for data subjects whose personal data is gathered by CMNO and shall continue to comply with all applicable data protection legislation working together with all other CMS member firms. Should you have any questions about how CMNO uses personal data as a joint controller or your rights in relation to this processing, please contact the Data Protection Lead. Please visit https://cms.law/en/GBR/Footer-Configuration/Legal-Information for details of the CMNO Entity through which we practise law in each jurisdiction. For some CMNO Entities, due to local applicable data protection or privacy laws, there is a supplementary privacy policy. Copies of these supplementary privacy policies are available when you click on the links provided within the details of the relevant CMNO Entity.
4. In addition, where Personal Data is collected on our websites, CMS Legal Services EEIG is also a controller of Personal Data. CMS Legal Services EEIG has its head office at: Neue Mainzer Straße 2–4, 60311 Frankfurt, Germany. The contact email address for CMS EEIG is: info@cmslegal.com. Its contact telephone number is: +49 69 717 010, its Ust-ID is: DE 257 695 176 and it is registered on Handelsregister A in Frankfurt am Main with the registration number: HRA 44853.

Data Protection Lead
1. Our Data Protection Lead is:
  1. Craig Perry
    Office: Cannon Place, 78 Cannon Street, London EC4N 6AF
    Direct Dial: +44 20 7367 3947
    Email: craig.perry@cms-cmno.com
2. Please contact our Data Protection Lead by post, email or telephone if you have any questions about this Privacy Policy or about the Personal Data we hold about you.

How to Complain about our use of your Personal Data
1. If you have a complaint about our use of your Personal Data, please contact our Data Protection Lead in the first instance.
2. We hope that we can resolve any query or concern you may raise about our use of your information. If you are not satisfied with our response you have the right to lodge a complaint in relation to our processing of your Personal Data with a local supervisory authority as set out below:

CMNO Entity	Jurisdiction	Supervisory Authority
CMS Cameron McKenna Nabarro Olswang LLP	UK	Information Commissioner’s Office www.ico.org.uk
Cameron McKenna Solicitors (Australia) Pty Ltd	Australia	Office of the Australian Information Commissioner www.oaic.gov.au
CMS Cameron McKenna Nabarro LLP (EU Law Office)	Belgium	Autorité de Protection des Données Gegevensbeschermingsautoriteit www.dataprotectionauthority.be
CMS Cameron McKenna Nabarro Olswang LLP	Bulgaria	Republic of Bulgaria Commission for Personal Data Protection www.cpdp.bg
CMS Sofia Lawyers Partnership
Cameron McKenna EOOD
CMS Cameron McKenna Nabarro Olswang LLP	China (Beijing)	No one designated data protection regulator. Data subjects may be able to make a complaint to local branches of the authorities including: (i) the Cyberspace Administration of China (CAC); (ii) the Ministry of Industry and Information Technology (MIIT); (iii) the Ministry of Public Security (MPS); and (iv) the sectoral regulators (e.g. those in charge of sensitive sectors such as banking, healthcare, etc.).
CMS Cameron McKenna Nabarro Olswang advokati v.o.s	Czech Republic	Office for Personal Data Protection www.uoou.cz
CMS Cameron McKenna Nabarro Olswang advokati v.o.s	Slovakia	Office for Personal Data Protection of the Slovak Republic www.dataprotection.gov.sk
CMS (UAE) LLP	Dubai	DIFC Commissioner of Data Protection www.difc.ae/business/operating/data-protection/
Lau, Horton & Wise LLP	Hong Kong	Office of the Privacy Commissioner for Personal Data, Hong Kong www.pcpd.org.hk
CMS Cameron McKenna Nabarro Olswang LLP Magyarorszagi Floktelepe	Hungary	National Data Protection and Freedom of Information Authority www.naih.hu
Ormai, Papp and Partners	Hungary
Al Rashdi, Al Juma & Ewing Advocates & Legal Consultants	Oman	N/A *There is currently no data protection law in Oman, and there is accordingly no Data Protection Authority.*
BKP Sp. Zoo	Poland	Office of Data Protection www.uodo.gov.pl
CMS Cameron McKenna Nabarro Olswang Pośniak I Bejm Sp. K	Poland	Office of Data Protection www.uodo.gov.pl
CMS Cameron McKenna Nabarro Olswang LLP S.C.P.	Romania	National Supervisory Authority for Processing Personal Data www.dataprotection.ro
CMS Tax srl
Modular Services SRL
CMS CMNO (Singapore) LLP	Singapore	Personal Data Protection Commission www.pdpc.gov.sg
Holborn Law	Singapore	Personal Data Protection Commission www.pdpc.gov.sg
CMS Cameron McKenna Nabarro Olswang Services Consultores Em Direito Estrangeiro	Brazil	National Authority of Data Protection (ANPD)
CMS Cameron McKenna Nabarro Olswang Services (Brazil) Consultoria LTDA	Brazil	National Authority of Data Protection (ANPD)
CMS Cameron McKenna LLC	Ukraine	Ukraine Human Rights Ombudsman http://www.ombudsman.gov.ua/
CMS Danişmanlik Hizmetleri Avukatlik Ortakliği	Turkey	Turkish Data Protection Authority www.kvkk.gov.tr
Babalioglu Avukatlik Ortakligi Istanbul Bar No. 164	Turkey	Turkish Data Protection Authority www.kvkk.gov.tr

The Personal Data we collect about you.
1. We may collect Personal Data from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal or other services, or as a result of your relationship with one or more of our staff and clients.
2. We may obtain Personal Data directly from you, from our clients or from other third parties. We may also obtain your Personal Data from publicly available sources such as Companies House, websites or business directories.
3. Depending on our relationship with you, we may process the following types of Personal Data about you:
  1. Identity Data: such as your name, any former names, marital status, date of birth, passport number, photographic identification.
  2. Biographic Data: your employer, your title or position and your relationship to a person;
  3. Contact Data: such as your physical address, email address, fax, mobile and telephone number(s);
  4. Financial Data: such as your bank account details and payment card details, and the source of your funds if you are instructing us on a purchase transaction;
  5. Matter Data: Information relating to the matter in which you are seeking our advice or representation;
  6. Publicly Available Data: such as data from compliance databases (used for financial crime, sanctions and politically exposed persons checks) and credit agencies;
  7. Technical Data: (including your IP address); such as information from your visits to our website or applications or in relation to materials and communications we send to you. This may also include traffic data, location data, weblogs and other communications data;
  8. Hobbies and Interest Data: information about your hobbies and interests;
  9. CCTV Data: footage and other information captured by our offices’ CCTV cameras;
  10. Recorded Data: recordings and transcripts of telephone calls and video conferences;
  11. Visit Data: details of your visits to our premises such as the date and time of the visit and who you were visiting;
  12. Attendee Data: information you provide to us for the purposes of attending meetings and events, including disabilities or special dietary requirements you may have;
  13. Special Category Data: Personal Data relating to racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic data, biometric data used to uniquely identify you, health data and information relating to sex life and sexual orientation.
  14. Criminal Conviction Data: Information relating to criminal convictions and offences.
4. Children’s Personal Data
  1. 1. Our services are neither aimed at nor intended for children. However, we may process children’s Personal Data when we act for a client in relation to certain private matters (for instance, when we are advising on tax issues). We process such Personal Data only where necessary for the specific client services we are providing.

How and why we use your Personal Data
1. The way we use your Personal Data depends on our relationship with you.
2. In the table below we explain how we will use your Personal Data in different circumstances. The first part of the table is applicable to everyone. The second part of the table shows additional ways in which we use Personal Data for certain groups, or in particular situations. Please refer to the parts of the table that are relevant to you.

Processing that applies to everyone
Purpose of Processing	Legal basis for Processing	Personal Data Processed
Audits, enquiries and Investigations Gathering and providing information required by or relating to internal or external audits, enquiries or investigations by regulatory bodies.	Necessary for the purposes of our legitimate interests in providing legal services. Necessary to comply with legal obligations to which we are subject.	Identity Data Biographic Data Contact Data Matter Data CCTV Data Recorded Data Visit Data Special Category Data
Security Managing and securing the access to our offices, systems and online platforms.	Necessary to comply with legal obligations to which we are subject. Necessary for the purposes of our legitimate interests in providing legal services.	Identity Data Biographic Data Contact Data Matter Data Technical Data CCTV Data Visit Data Special Category Data
Monitoring Monitoring our technology tools and services, including our websites and email communications sent to and from CMNO.	Necessary for the purposes of our legitimate interests to ensure the integrity and security of our technology and systems.	Identity Data Biographic Data Contact Data Matter Data Technical Data
Updating the Personal Data we hold Keeping the contact details we already hold for you accurate and up to date using publicly available sources, for example, using Company House records and other public websites to update our Client Relationship Management (CRM) system.	Necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us. Necessary for the purposes of our legitimate interests in maintaining accurate records.	Identity Data Biographic Data Contact Data Publicly Available Data Hobbies and Interest Data
Communicating with you about events and seminars that we hold and sending briefings and newsletters, which we call Marketing Communications.	Necessary for the purposes of our legitimate interests in developing and growing our business.	Identity Data Biographic Data Contact Data Hobbies and Interest Data
For insurance purposes such as preparing risk assessments or liaising with our occupier’s liability and employee liability insurers.	Necessary for the purposes of our legitimate interests in maintaining appropriate insurance cover.	Identity Data Biographic Data Contact Data Matter Data CCTV Data Recorded Data Visit Data Special Category Data
Clients, their employees and contractors
Purpose of Processing	Legal Basis for Processing
Managing our relationship with you or your organisation. Whether in connection with the provision or procurement of goods and services, including processing payments, accounting, auditing, billing and collection and related support services.	For individual clients: necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us. For corporate client contacts: necessary for the purposes of our legitimate interests in providing our services.	Identity Data Biographic Data Contact Data Financial Data Matter Data Hobbies and Interest Data Recorded Data
Acting in compliance with our legal obligations, court orders and regulatory requirements. Including with respect to anti-money laundering and sanctions checks and other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety regulation or rules issued by our professional regulator.	Necessary to comply with legal obligations to which we are subject.	Identity Data Biographic Data Contact Data Matter Data Recorded Data Criminal Conviction Data
Providing Legal Advice and Other Services Providing legal advice or other services to you including storing your details in our files, documents, and draft documents, communicating with you by telephone, by email and by post to record your instructions and manage your matter. Making records of meetings with you, and individuals connected to your matter. Carrying out administrative tasks related to these services, such as sending you invoices or checking for conflicts of interest.	For individual clients: necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us. For corporate client contacts: necessary for the purposes of our legitimate interests in providing legal services.	Identity Data Biographic Data Contact Data Financial Data Matter Data Recorded Data Visit Data Special Category Data
Managing and Developing our Relationship with you We will use your Personal Data to send you marketing communications (by email, text message, telephone or post) about legal developments that might be of interest to you and/or information about our services, including exclusive offers, events, seminars, promotions or new services.	Necessary for the purposes of our legitimate interests in providing legal services, developing and growing our business.	Identity Data Biographic Data Contact Data Matter Data Hobbies and Interest Data Visit Data
Barristers
Purpose of Processing	Legal Basis for Processing
Managing our relationship with you or your organisation. Whether in connection with the provision or procurement of goods and services, including processing payments, accounting, auditing, billing and collection and related support services.	Necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us.	Identity Data Biographic Data Contact Data Hobbies and Interest Data Recorded Data Visit Data
Acting in compliance with our legal obligations, court orders and regulatory requirements. Including with respect to anti-money laundering and sanctions checks and other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety regulation or rules issued by our professional regulator.	Necessary to comply with legal obligations to which we are subject.	Identity Data Biographic Data Contact Data Recorded Data Visit Data
In order to provide your services to our client, and for purposes related to your services such as contacting you and processing your invoices.	Necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us	Identity Data Biographic Data Contact Data Financial Data
Suppliers of Services to Us
Purpose of Processing	Legal Basis for Processing
Managing our relationship with you or your organisation. Whether in connection with the provision or procurement of goods and services, including processing payments, accounting, auditing, billing and collection and related support services.	For sole traders: necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us. For corporate contacts: necessary for the purposes of our legitimate interests in receiving services.	Identity Data Biographic Data Contact Data Financial Data Hobbies and Interest Data Recorded Data Visit Data
Acting in compliance with our legal obligations, court orders and regulatory requirements. Including with respect to anti-money laundering and sanctions checks and other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety regulation or rules issued by our professional regulator.	Necessary to comply with legal obligations to which we are subject.	Identity Data Biographic Data Contact Data Recorded Data Visit Data Criminal Conviction Data
To enable you to provide your services to us, to allow us to receive those services for purposes related to your services such as contacting you and processing your invoices.	For sole traders: necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us. For corporate contacts: necessary for the purposes of our legitimate interests in receiving your services.	Identity Data Biographic Data Contact Data Financial Data
Subject Matter Experts
Purpose of Processing	Legal Basis for Processing
Managing our relationship with you or your organisation. Whether in connection with the provision or procurement of goods and services, including processing payments, accounting, auditing, billing and collection and related support services;	For sole traders: necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us. For corporate contacts: necessary for the purposes of our legitimate interests in receiving your services.	Identity Data Biographic Data Contact Data Financial Data Hobbies and Interest Data Recorded Data Visit Data
Acting in compliance with our legal obligations, court orders and regulatory requirements. Including with respect to anti-money laundering and sanctions checks and other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety regulation or rules issued by our professional regulator.	Necessary to comply with legal obligations to which we are subject.	Identity Data Biographic Data Contact Data Recorded Data Visit Data Criminal Conviction Data
In order to provide your services to our client, and for purposes related to your services such as contacting you and processing your invoices.	For sole traders: necessary for the performance of your contract with us, or to take steps prior to entering into a contract with us. For corporate contacts: necessary for the purposes of our legitimate interests in receiving your services.	Identity Data Biographic Data Contact Data Financial Data
Other individuals involved in our Client matters, for example individuals on the opposing side to our Clients and the lawyers acting for them.
Purpose of Processing	Legal Basis for Processing
Providing Legal Advice and Other Services to our Clients Providing legal advice or other services to our Clients, and carrying out tasks related to these services, such as gathering evidence and communicating with witnesses.	Necessary for the purposes of our legitimate interests in providing legal services.	Identity Data Biographic Data Contact Data Recorded Data Visit Data Special Category Data
Individuals attending events at our offices
Purpose of Processing	Legal Basis for Processing
In order to cater for any disability or dietary requirements of which you have informed us.	You have provided your explicit consent for us to process this data.	Identity Data Biographic Data Contact Data Visit Data Attendee Data Special Category Data
In the event of a pandemic, in order to comply with our obligations under Health & Safety laws.	Necessary to comply with legal obligations to which we are subject.	Identity Data Special Category Data

Personal Data about other people which you provide to us.
1. If you provide Personal Data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that Personal Data to us and that, without our taking any further steps, we may collect, use and disclose that Personal Data as described in this Privacy Policy.

Marketing Communications
1. We will use your Personal Data where appropriate (depending on your relationship with us), and where we have your consent if required to send you marketing communications (by email, text message, telephone or post) about legal developments that might be of interest to you and/or information about our services, including exclusive offers, events, seminars, promotions or new services.
2. We have a legitimate interest in processing your Personal Data for marketing purposes. This means we do not usually need your consent to send you marketing communications. However, where consent is needed, we will ask for this consent separately and clearly. We will also comply with your request to stop sending any such further communications.
3. We will not sell or share it with other organisations outside CMNO for marketing purposesexcept with your prior permission.
4. You have the right to opt out of receiving marketing communications at any time by contacting us by emailing info@cmslegal.com or using the ‘unsubscribe’ link in emails.
5. We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Who we share your Personal Data with
1. We are an international law firm and any information that you provide to us may be shared with and processed by another CMNO Entity or CMS Legal Services EEIG and the CMS Member Firms and their connected businesses (the “CMS Member Firms”). In some instances when sharing data with the CMS Member Firms we may act as a joint controller of this Personal Data alongside the CMS Member Firms. We share Personal Data with the CMS Member Firms for the purposes of audits, enquiries and investigations, centralised client administration, conducting legally required checks such as anti-money laundering or know your customer checks, updating the personal data we hold about you, providing legal advice and other services and acting in compliance with our legal obligations, court orders and regulatory requirements.
2. Examples of the information that may be shared include; Identity Data, Biographic Data, Contact Data, client financial information, information relating to client activities, information on particular industry sectors, terms of business used by CMS Member Firms and information from client due diligence checks. A complete list of CMS Member Firms is available on request and on our website at https://cms.law/en/gbr/footer-configuration/legal-information.
3. Our lawful bases for sharing this Personal Data as joint controller are:
  1. Our legitimate interests as a business to centralised client administration and share learnings within our wider organisation.
  2. Our compliance with the relevant legal obligations.
4. We may also share your Personal Data with certain trusted third parties in accordance with contractual arrangements in place with them, including:
  1. Our professional advisers who we instruct on your behalf or refer you to, e.g., barristers, mediators; consultants; medical professionals, accountants, tax advisors or other experts;
  2. Suppliers to whom we outsource certain support services such as word processing, document design and production, IT Support Services, building and office facilities, translation, printing and photocopying and document reviews;
  3. IT service providers to CMNO, CMNO Entities and CMS Member Firms, who provide services domestically or abroad, such as shared service centres, to process Personal Data for the purposes set out in this Privacy Policy on our behalf and in accordance with our instructions only;
  4. Providers of technology platforms and video conferencing platforms, who host data while we use their platforms and who may store copies of data that has been recorded on those platforms;
  5. Third parties engaged in the course of the services we provide to clients and with their prior consent, such as barristers, local counsel and technology service providers like data room and case management services;
  6. Our insurers and brokers;
  7. Our banks;
  8. Courts, law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so; and
  9. Third parties involved in hosting or organising events or seminars.
5. We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers to ensure they can only use your Personal Data to provide services to us and to you.
6. If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new CMS Member Firms or to third parties through which the business of CMNO or the CMNO Entities will be carried out. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
7. CMNO or the CMNO Entities may use social media sites such as Facebook, LinkedIn and Twitter to communicate with you and, when available, to confirm your contact details and current position or employer. If you use these services, you should review their privacy policies for more information on how they deal with your personal information.

Where your Personal Data is held and transfers of Personal Data outside the UK and the EEA
1. Information may be held at CMNO Entities and those of our CMS Member Firms, third party agencies, service providers, representatives and agents as described above (see ‘Who we share your Personal Data with’).
2. Some of these third parties may be based outside the UK and the European Economic Area.
3. CMNO is an international firm and a list of our offices, together with relevant contact information, may be found on our website https://cms.law/en/int/footer-configuration/contacts-by-country. Irrespective of how we obtain your Personal Data, it may be shared among all CMNO Entities and CMS Member Firms (both inside and outside the European Economic Area to locations that may not provide the same level of protection as those where you first provided the information). The CMS Member firms have in place standard contractual clauses to ensure the protection of personal data when shared outside of the UK and EEA.
4. We may also need to transfer Personal Data to third parties, including third parties based outside the UK and the European Economic Area, for example (but not limited to) sub-contractors, other counsel and accountants and third parties involved in your matters.
5. We will only transfer your Personal Data outside of the UK and the EEA:
  1. where the transfer is to a place that is regarded by the European Commission as providing adequate protection for your Personal Information; or
  2. where we have put in place appropriate safeguards to ensure that your Personal Information is protected (for example where both parties involved in the transfer have signed standard data protection clauses adopted by the European Commission); or
  3. where we are legally permitted to do so, for example if the transfer is necessary for the establishment, exercise or defence of legal claims.
You can request further detail about the safeguards that we have in place in respect of transfers of Personal Information outside of the UK and the EEA and where applicable a copy of the standard data protection clauses that we have in place, by contacting us at info@cmslegal.com.

How long will we keep your Personal Data?
1. Your Personal Data will be retained in accordance with our Records Management Policy, which specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account the amount, nature and sensitivity of the Personal Data, legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice, our business purposes and client requirements.
2. We will delete and dispose of your Personal Data appropriately in line with our Records Management Policy when it is no longer reasonably required for the for the purposes described in this Privacy Policy, or you withdraw your consent (where applicable), provided that we are not legally required or otherwise permitted to continue to hold such data .
3. If you would like to know more about the retention periods we apply to your Personal Data, please contact the Data Protection Lead.

Your Rights
1. You have rights under Data Protection law in relation to your Personal Data. We will respect your rights and act in accordance with the law in relation to the processing of your Personal Data. Your rights, which you can exercise free of charge, are set out in the table below.
2. We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee if your request is clearly unfounded, repetitive or excessive, and for any additional copies of the Personal Data you request from us.
3. All such requests, including any requests to update Personal Data about you or any questions or comments regarding this policy or our handling of your Personal Data, should be addressed to the Data Protection Lead.

Your Rights
Access	The right to be provided with a copy of your Personal Data.
Rectification	The right to require us to correct any mistakes in your Personal Data.
To be forgotten	The right to require us to delete your Personal Data in certain situations.
Restriction of processing	The right to require us to restrict processing of your Personal Data in certain circumstances, e.g. if you contest the accuracy of the data.
Data portability	The right to receive the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations.
To object	The right to object: —at any time to your Personal Data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your Personal Data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

Keeping your Personal Data Secure
1. We have appropriate security measures to prevent Personal Data from being accidentally lost or used or accessed unlawfully. We limit access to your Personal Data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
2. Please be aware that the transmission of information via the internet is not completely secure. Although we take appropriate and proportionate steps to manage the risks posed, we cannot guarantee the security of your information transmitted to our online services.
3. We use a variety of technical and organisational measures to help protect your Personal Data from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws. Personal Data may be kept on our Personal Data technology systems, those of our contractors or in paper files.
4. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.