CAMBRIDGE EMPLOYMENT LAW LLP
1. Data Controller
The data controller in relation to any personal data a client supplies to us about themselves or a third party is Cambridge Employment Law LLP.
2. Purposes for which data will be collected and processed
We will collect and process a client’s data or the data supplied to us by or on behalf of a client in order to fulfil our client’s instructions and for other administrative functions associated with that, including record keeping, issuing fee notes and managing payments and for promoting the firm (‘the Services’).
If a client does not want us to process their data for marketing purposes, they should email firstname.lastname@example.org to let us know.
3. What information we may collect
We will collect information reasonably required for us to carry out the Services. This will include a client’s name, relevant address(es), and other contact details such as email address and phone number(s) and, where appropriate, title and occupation. We may need to collect salary and benefit details and any relevant documentation relating to a person’s employment such as appraisal records, disciplinary or grievance papers, health records, nationality or other sensitive personal information that we need to carry out the Services.
4. Who we might share data with
We operate a cloud-based office and document management system hosted by Select Legal which complies with the Law Society’s requirements as issued from time to time. Select Legal are a data processor in respect of the personal data. In theory the staff and contractors of that company could access your data but our agreement with them is that they will only do so where necessary for operating or servicing the system and only on a strictly confidential basis.
We may need to disclose the data to a third party in order to carry out the Services: for example, a person with whom a client may have a dispute or their solicitors, an accountant or barrister or other expert, court or tribunal staff, our auditors or in fulfilment of a legal obligation on us.
We may also share very limited data (likely to be names, job title and contact details only) with a known and trusted third party for marketing purposes, for example, where we are holding a training session jointly with that third party.
We do not transfer the data outside the EEA unless it is necessary for us to provide the Services (for example where the person with whom there is a dispute or their solicitors are based or have operations abroad). We will do our best to ensure that there are adequate safeguards in place.
We may share data about other individuals with our client but this must be on the basis of strict confidentiality and only for the purpose of the Services.
5. How long we keep data
We keep a client’s file for as long as is necessary to perform the Services. Generally we will destroy the file 12.5 years after the relevant instructions have been fulfilled, unless there is good reason to retain it for longer or the client is still instructing us on other matters.
6. Rights to correct and access information and to ask for it to be erased
Any client wishing to correct or request access to the personal data that we hold should contact email@example.com. You also have the right to ask for some but not all of the information we process to be erased (the ‘right to be forgotten’) in certain circumstances.
We hope clients will raise any concerns they may have with us in the first instance by emailing firstname.lastname@example.org but otherwise they can make a complaint in accordance with our Terms of Business or to the Information Commissioner (www.ico.org.uk).