Please note that you do not have to provide personal information in order to access most areas of the Website. However, in order to use certain services (such as subscription to our newsletters) you will have to provide certain personal information to us.
We collect personal information from you if you use any of our online forms to register for services or if you email us your details. The type of information required will be set out on the relevant page of the Website and may include your name, email address, postal address and other biographical details.
We may also collect information about your usage of our Website (for example, the URL you came from, IP address, domain types like .co.uk and .com, your browser type and the pages of our Website that were viewed during your visit).
Use of Your Information
We use Your Information for the purposes of:
- providing you with access to our Website and personalizing your visit to our Website;
- administering, supporting, improving and developing our business and services;
- dealing with your inquiries and requests for information or services, including subscriptions to newsletters;
- maintaining information as a reference tool or general resource.
We may also use Your Information to let you know about new services, developments to our business, events that we may be holding and other similar information that may be of interest to you including invitations to attend events or conferences, newsletters and legal updates and marketing material in relation to our business and services.
We may contact you by post, telephone, as well as by e-mail as per your stated preference. If, at any time, you wish to update Your Information or if you wish to unsubscribe from receiving these notifications from us please email us at firstname.lastname@example.org.
We will use Your Information in accordance with the Data Protection Act 1998, its equivalents in the European Union and applicable regulations in the United States of America. We are registered as a data controller in the United Kingdom under the Data Protection Act 1998.
When you register on the Website or email us to request information you confirm that you agree to our use of Your Information as described above and that you do not and will not consider any of the uses of Your Information described above as being a breach of any of your rights under the Data Protection Act 1998, its equivalents in the European Union or applicable regulations in the United States of America.
Disclosing Your Information to Third Parties
We do not sell, trade, or rent Your Information to others. We do not disclose Your Information to third parties without consent unless legally required to do so or where such disclosure is necessary to enable third parties with whom we work to assist us in providing our services to you or to respond to your inquiry.
We require these third parties to treat Your Information as fully confidential and we will always take steps to ensure that Your Information is used by third parties in accordance with this policy.
Given the international scope of our business and the fact that the Internet is a global environment, using the Internet to collect and process personal information involves a transmission of data on an international basis. By using this Website and providing us with Your Information either via this Website or by email, you acknowledge and agree to our using Your Information in this way.
Your Information may be shared with all of our offices, located in the United States of America and the United Kingdom, but only for the purposes described above. Your Information will only be disclosed to members of our legal and support staff who all share our commitment to treating Your Information fairly and responsibly. Please note that when you provide Your Information to us by email or via the Website, you confirm that you understand and accept that it may be accessed by our offices in countries whose laws provide various levels of protection for personal data, not always equivalent to the level of protection that may be provided in your own country.
You have a right to know what personal information we hold about you. To request a copy of the personal information that we hold about you, please write to us at Marketing Department, Constantine Cannon LLP, 90 Bartholomew Close, London EC1A 7BN, United Kingdom, or if you are based in the United States of America at Marketing Department, Constantine Cannon, 335 Madison Ave., 9th Floor, New York, N.Y. 10017, USA or email us at email@example.com marking your letter or email “Subject Access Request.” We reserve the right to make a small charge to cover our administrative expenses in responding to your request.
Security to Protect Your Information
We employ security measures to protect Your Information from being accessed by unauthorized persons and against unlawful processing, accidental loss, destruction and damage. We will retain Your Information for a reasonable period or as long as the law requires.
Cookies are small text files that are downloaded to your device by websites you visit. We use Google Analytics cookies. These cookies help us improve our site by providing us with information about how users interact with our Website such as the number of visitors to the Website, the pages they visit and the length of time spent on the site. These cookies don’t collect information that identifies a visitor. All the information that the cookies collect is aggregated and therefore anonymous. You may change your browser settings to delete and block cookies. To find out how visit www.allaboutcookies.org.
If you have any comments, queries and requests relating to our use of Your Information please contact firstname.lastname@example.org.
This Privacy Notice (“Notice”) describes how Constantine Cannon collects and uses your Personal Data in accordance with the United Kingdom General Data Protection Regulation and the EU General Data Protection Regulation (hereafter, unless stated otherwise, referred to together as “GDPR”).
This Notice tells you what Personal Data Constantine Cannon collects, why we need it, how we use it and what protections are in place to keep it secure.
“Constantine Cannon ” “we” “us” and “our” mean Constantine Cannon LLP (London) and as the GDPR applies to it, Constantine Cannon LLP (US).
“Constantine Cannon Personnel” means Constantine Cannon’s prospective, present and past partners, employees, consultants and agency staff, and people connected to such persons.
“Personal Data” means information about individuals (including you), and from which such individuals could be identified.
“You” means individuals whose Personal Data we process including, but not limited to Constantine Cannon clients, Constantine Cannon client personnel, counter-parties, counter-party personnel, other solicitors/advisors, witnesses, suppliers, supplier personnel and individuals who visit this website. “You” does not include Constantine Cannon Personnel.
Data Controller Constantine Cannon is the Data Controller in relation to your Personal Data and is committed to protecting the privacy rights of individuals, including your rights.
Data Protection Manager
Constantine Cannon is not required under the GDPR to appoint a Data Protection Officer and, following a detailed analysis does not consider it appropriate to do so on a voluntary basis. Constantine Cannon has however, appointed a Data Protection Manager (“DPM”) who is responsible for overseeing Constantine Cannon’s compliance with the GDPR and any other applicable data protection legislation and regulation. In addition, our Compliance Officer for Legal Practice (“COLP”) oversees compliance with our professional responsibilities and with legislative requirements.
The DPM can be contacted at email@example.com.
Data Protection Representative
Constantine Cannon has appointed DataRep as its EU Representative under Article 27 of the EU GDPR. DataRep is mandated to be addressed (in addition to the DPM) by supervisory authorities and individuals on all issues relating to the processing of the Personal Data of Constantine Cannon’s individual clients based in the EU. For information on how to contact DataRep, please click here.
How does Constantine Cannon obtain your Personal Data?
In some circumstances, we may obtain your Personal Data from you directly including through your use of this website but, more typically, we will obtain your Personal Data from a third-party source, for example, we may collect information from our clients/our clients’ personnel, agents and advisors, other law firms/advisors which represent you, the company for whom you work, other organisations/persons with whom you have dealings, government agencies, credit reporting agencies, information or service providers and publicly available records.
What about Personal Data which you provide to Constantine Cannon?
If you provide information to us about someone else (such as one of your associates, directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that information to us and that, without our taking any further steps, we may process that information in accordance with this Notice.
What Personal Data does Constantine Cannon collect from and about you?
We collect and use different types of Personal Data about you, which will vary in type and detail depending on the circumstances and purpose of processing. Please consider the following illustrative and non-exhaustive examples:
- Personal Data about you: name, address, date of birth, marital status, nationality, gender, preferred language, job title;
- Personal Data to contact you at work or home: name, address, telephone, and e-mail addresses;
- Personal Data which may identify you: photographs, passport and/or driving license details, electronic signatures;
- Personal Data to process any payment we might need to make to you: bank account details, HMRC numbers and references (where applicable);
- Personal Data to monitor your use of our website: IP address, traffic and location information, weblogs and other communication information.
Why do we need to collect and use your Personal Data?
We need to collect and use your Personal Data for a number of reasons, the primary purpose being to provide legal advice and services to our clients and which may involve the use of your Personal Data in the following (non-exhaustive) ways:
- to contact you if you are involved in a matter we are undertaking for a client, whether in your professional or personal capacity;
- to carry out investigations, risk assessments and client due diligence;
- to analyse the practices of your employer or other organisations and/or persons with whom you have dealings;
- to review, draft and disclose correspondence and other documents, including court documents;
- to instruct third-parties on behalf of our clients; and
- for comparison/analytical purposes and to formulate legal opinions and provide advice.
We may also process your Personal Data for effective business management purposes which may involve the use of your Personal Data in the following (non-exhaustive) ways:
- to engage and contact suppliers;
- to carry out internal reviews, investigations, audits;
- to conduct business reporting and analytics;
- to help measure performance and improve our services;
- for regulatory and legislative compliance and related reporting; and
- for the prevention and detection of crime.
What is Constantine Cannon’s legal basis for processing your Personal Data?
Under the GDPR, Constantine Cannon must identify a lawful basis for processing your Personal Data which may vary according to the type of Personal Data processed and the individual to whom it relates.
- Performance of a contract with you (where applicable):
Constantine Cannon is entitled to process the Personal Data it requires in order to fulfil its obligations under its contract with you. This will be the relevant legal basis if you are an individual client or supplier/other individual with a direct contractual relationship with Constantine Cannon.
- Legitimate interests of Constantine Cannon or a third-party:
Constantine Cannon processes some of your Personal Data on the basis that it is in its legitimate interests and/or the legitimate interests of a third-party to do so. This will primarily concern the processing of Personal Data that is necessary to provide legal advice and services to our clients. Constantine Cannon’s legitimate business interest in such instances is the proper performance of its function as an authorised and regulated provider of legal services. Constantine Cannon’s clients’ also have a legitimate interest (and more general right in law) in obtaining legal advice and services.
Constantine Cannon’s broad interest in the provision of legal services as a basis for processing your Personal Data, and our clients’ corollary interest in the receipt of such services, can be broken down into more discreet categories which may include, but are not limited, to:
- the interest in contacting individuals relevant to Constantine Cannon’s work and our clients’ matters, which may involve the use of your Personal Data;
- the interest in reviewing documents and correspondence that have been disclosed to Constantine Cannon, Constantine Cannon clients and third-parties which may contain your Personal Data;
- the interest in reviewing and analysing all evidence available to Constantine Cannon and its clients, which may contain your Personal Data;
- the interest in adducing legal arguments, creating documents and correspondence, which may contain your Personal Data;
- the interest in disclosing documents and correspondence, which may contain your Personal Data, to various parties in the furtherance of Constantine Cannon’s clients’ objectives;
- the interest in instructing third-parties on behalf of Constantine Cannon clients;
- the interest in receiving payment from Constantine Cannon clients and third-parties and to facilitate payments to and from Constantine Cannon clients and third-parties; and
- in order to allow for all of the above, the secure management and storage of your Personal Data, within our IT environment and hard-copy filing systems.
Constantine Cannon may also process your Personal Data on the basis that it is necessary for its legitimate business interests in the effective management and running of Constantine Cannon which may include, but is not limited to: engaging suppliers and supplier personnel; ensuring that its systems and premises are secure and running efficiently; for regulatory and legislative compliance, and related auditing and reporting; for insurance purposes; and to facilitate, make and receive payments.
Constantine Cannon does not consider that the processing of your Personal Data, on the basis that it is within Constantine Cannon’s legitimate interests (whatever such interests might be), is unwarranted because of any prejudicial effect on your rights and freedoms or your legitimate interests.
- Compliance with a legal obligation to which Constantine Cannon is subject:
In certain circumstances, Constantine Cannon must process your Personal Data in order to comply with its legal obligations. This might include, but is not limited to, Personal Data required: for tax and accounting purposes; for conflict checking purposes as required by the common law and Constantine Cannon’s regulators; and for Constantine Cannon to fulfil its compliance and other obligations under relevant legislation/regulation.
More information relating to legal bases for processing Personal Data can be found on the Information Commissioner’s website (see details below) or by emailing the DPM firstname.lastname@example.org.
Special category and criminal records Personal Data
If Constantine Cannon processes your criminal records Personal Data or special category Personal Data relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health data, biometric data or sexual orientation, we will obtain your explicit consent to those activities unless this is not required by law (because, for example, it is processed for the purpose of exercising or defending legal claims) or the information is required to protect your health in an emergency. Where we are processing Personal Data based on your consent, you have the right to withdraw that consent at any time.
Who receives your Personal Data?
We may disclose your Personal Data to third-parties (outside of Constantine Cannon and Constantine Cannon Personnel) if, but only when, we have a legal basis to do. Such recipients include but are not limited to: co-counsel, other solicitors/barristers/experts/foreign law firms whom we instruct on your behalf; Constantine Cannon’s insurance brokers and underwriters; Constantine Cannon’s bank, auditors and accountants; Constantine Cannon’s outsourced IT providers and other suppliers; HMRC; the Solicitors Regulation Authority; the Law Society; the Home Office and Passport Services; the Courts/Tribunals; the other side/other parties on any given matter (lay and solicitor).
How do we protect your Personal Data?
We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your Personal Data. We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that any Personal Data we hold is not accessed by anyone unauthorised to access it.
When we use third-party organisations to process your Personal Data on our behalf, they must also have appropriate security arrangements, must comply with our contractual requirements and instructions and must ensure compliance with the GDPR and any other relevant data protection legislation.
Is your Personal Data transferred to “third countries” and, if so, what safeguards are in place?
In accordance with this Notice and the provisions of the GDPR, we may transfer your Personal Data to organisations located in “third countries” (those outside of the UK and EEA). In addition to the security arrangements mentioned above in relation to our engagement of third-party organisations, where such transfers are required we will ensure that your Personal Data is adequately protected, for example, by using a contract for the transfer which contains specific data protection provisions. You can request a copy of these contracts, if applicable, by emailing the DPM at email@example.com.
How long will your Personal Data be retained by Constantine Cannon?
It is our policy to retain your Personal Data for the length of time required for the specific purposes for which it is processed by Constantine Cannon and which are set out in this Notice. However, we may be obliged to keep your Personal Data for a longer period, for example, where required by our legal and regulatory obligations or in order to ensure we have effective back-up systems. In such cases, we will ensure that your Personal Data will continue to be treated in accordance with this Notice, restrict access to any archived Personal Data and ensure that all Personal Data is held securely and kept confidential.
What are your rights?
The GDPR generally affords individuals a right to access their Personal Data, to object to the processing of their Personal Data, to rectify, to erase, to restrict and to port their Personal Data.
We have specific procedures in place in relation to Subject Access Requests (“SARs”) that you may be entitled to make. Put simply, a SAR is a request made by you which requires us to provide you with details of your Personal Data which we hold and process and a description of how we process it. Any questions or requests should be put in writing to the DPM at firstname.lastname@example.org.
Individual clients based in the EU should raise any questions or requests with DataRep (in addition to the DPM) as the Constantine Cannon’s EU Representative, appointed under Article 27 of the EU GDPR.
There are exceptions to the rights of individuals in relation to their Personal Data and, particularly when we are processing your Personal Data for the purpose of providing legal advice to our clients, your rights may be limited. We will, at all times, respect your Personal Data and seek to be as transparent as possible but please be aware that, in some instances, we may be restricted from even acknowledging that we process your Personal Data.
How to make a complaint
If you are unhappy with the information provided in this Notice or have concerns about the way in which Constantine Cannon processes your Personal Data you may in the first instance contact the DPM at email@example.com, and, if you are an individual client based in the EU, DataRep as Constantine Cannon’s EU Representative. For information on how to contact DataRep, please click here.
If you remain dissatisfied, then you may apply directly to the Information Commissioner (or a relevant supervisory authority in the EU) for a decision. The Information Commissioner can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk