Lawrie IP – Privacy Policy
Introduction
This privacy notice explains in detail what types of personal information we collect from you when you interact with us. It also explains how we will store and use that data and keep it safe. We hope that this privacy notice will answer any questions that you have, but if not please do get in touch with us. Our contact details can be found at the end of this notice.
Who we are?
Lawrie IP Limited is a firm of European Patent and Trade Mark Attorneys located at 310 St Vincent Street, Glasgow, G2 5RG. We are registered as a data controller at the Information Commissioner’s Office (ICO). Our registration number is ZA084604.
For simplicity throughout this notice, the terms “we”, “us” and “Lawrie IP” will refer to Lawrie IP Limited.
How will we handle your personal data?
Your privacy is important to us. Therefore, we are committed to handling your information in accordance with the Data Protection Act 2018. This means that your personal information will be:
• Processed lawfully, fairly and in a transparent manner
• Collected for specified, explicit and legitimate purposes
• Only collected so far as required for our lawful purposes
• As accurate and up to date as possible
• Retained for a reasonable period of time in accordance with our retention policies
• Processed in a manner which ensures an appropriate level of security
Explaining the legal basis that we rely on
Data protection laws set out the legal bases that we can rely on when processing your personal data. The legal bases that we rely on include:
Consent
– In specific situations, we can collect and process your personal information with your consent. For example, if you tick a box to receive email newsletters your personal details will be added to our mailing list.
Contractual Obligation
– In certain circumstances, we need your personal information to comply with our contractual obligation to provide you with our services.
Legal Compliance
– If the law requires us to, we may need to collect and process your personal information. For example, we can pass details of people involved in fraud and other criminal activities to law enforcement agencies. We may also be required to collect personal information about you so that we can comply with Anti-Money Laundering regulations.
Legitimate Interest
– In specific situations, we may require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
Why do we need to process your personal information?
We cannot provide you with intellectual property services without collecting some personal information from you.
What happens if you do not provide your personal information?
If you choose not to share your personal information with us, we might not be able to provide the services that you’ve asked for. We will notify you if this is the case at the time.
What personal information do we collect?
We may collect the following personal information from clients, potential clients, job seekers, suppliers and visitors to our offices:
• Name, title, job title /position and contact details (including home and business addresses, email, mobile number, and telephone number).
• Information required to identify you where law requires this, including name, date of birth, home address and copies of identification (including passport, driving license and copies of letters to prove your address). If you provide a passport, the data will include your place of birth, gender, facial image and nationality.
• Records of enquiries, meetings, telephone conversations, email and written correspondence and other direct engagement.
• Publicly available data from Companies House and the internet.
• Details of visits to our offices.
• Information relevant to job applications.
• We may connect with you on social media sites such as LinkedIn, Facebook and Twitter.
• Transactional data – details about transactions to and from you and details about services you purchase from us.
• Contractual data – information obtained by providing you with legal services.
• Financial data – your financial position, status and history including bank details and credit rating.
Where do we collect personal information from?
We collect personal information from you in many ways. These include:
• Directly from you – for example, from telephone conversations, email and written correspondence and meetings with you.
• From other organisations that refer you to us, such as other professional advisors and our network of contacts.
• The internet and networking sites such as LinkedIn.
• Our website – as you interact with our website, we will automatically collect data about your browsing actions and patterns by using cookies (see – Using our website).
• The contact form on the Lawrie IP website.
• Publicly available resources such as Companies House.
• Direct contact by you (for example, if you forward us a CV and covering letter).
• Contact made by our employees with you during the course of our business (including the exchange of business cards).
How we use your personal information?
We will only process personal information where we believe we have a lawful basis to do so. The basis for processing will vary from activity to activity. In some instances, processing may have more than one lawful basis. The table below summarises why we hold your personal information and our legal basis for doing so.
What we do not do
We do not use client personal information for profiling, nor do we use your personal information for direct marketing, unless you have given us consent to do so. We do not use your personal information for any automated decision making and we do not sell, rent or distribute your personal information to any third party.
Who we share your personal information with
Some of the processing activities set out above require us to share personal information with third parties. Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party. We do not allow any third-party with whom we share your personal data to use it for their own purposes, and only permit them to process your personal data (i) for specified purposes and (ii) in accordance with our instructions.
The following is a list of the main third parties who we share personal information with:
• UK and overseas intellectual property offices including The UK Intellectual Property Office, European Patent Office, World Intellectual Property Office and European Union Intellectual Property Office.
• Selected lawyers, agents and service providers who we use in the provision of our services (UK and overseas).
• Our service providers (for example our IT providers).
• Equinox (IP Management Software).
• Microsoft Cloud Services.
• Anti-money laundering service providers.
• Financial software (Xero and global payment providers such as MoneyCorp and Afex).
• Your organisation and its employees.
• The police and other law enforcement agencies, HMRC and other government bodies
• Our regulators (The Intellectual Property Regulation Board, Chartered Institute of Patent Attorneys, Chartered Institute of Trade Mark Attorneys and the Institute of Professional Representatives before the European Patent Office).
• Fraud prevention agencies and credit rating agencies
• Counterparties to any case that we are advising you on.
• Other professional advisors engaged by your organisation.
• The Information Commissioners’ Office (ICO).
• Our insurers.
For practical reasons, this is an indicative, but not exhaustive list. Please also note that the list may be updated from time to time.
International Transfers
We will only send your information outside the United Kingdom:
• When we are being instructed on your behalf by someone outside the United Kingdom and/or the European Economic Area (for example, another law firm).
• When you ask us.
• When it is required to provide you with the legal services that you have instructed us to provide or for which you have requested costs (for example, instructing and dealing with foreign attorneys, solicitors or other advisors on your behalf when you are looking to register IP rights in other jurisdictions).
• Where we need to do so to comply with our legal duties.
• When the transfer is necessary to defend legal claims.
When we pass your personal information onto overseas third parties we will take all reasonable steps to ensure that your information is handled appropriately and securely by the third party.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we retain your personal information for?
The period for which we retain personal information depends on the purpose for which the information was obtained. In general terms, we will retain personal data for so long as reasonably necessary to fulfil the purposes we collected it for, including by law or as may be required for record keeping and legal claims purposes. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Where do we store Personal Information?
Personal information is mainly controlled and processed by us at our offices in the UK. To allow us to operate efficiently some of our data is stored on Microsoft servers located outside of the UK and EEA. All Microsoft data centres meet stringent security requirements. Our records system data is stored on servers within the UK.
Using our website
As you interact with our website, we will automatically collect technical data (including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website) about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
We may also collect and process data that you volunteer to us in the “contact us” section of our website. Such personal information may include your name and email address and any other personal information that you provide within the online form.
• We use the data collected from our website to communicate with you by email or telephone.
• We may share this information with selected third parties (such as UK and overseas intellectual property offices, attorneys and IP service providers) so that we can provide you with the services that you have requested.
This policy only applies to our website. Please be aware that while visiting our site, visitors can follow links to other sites that we have no control of. We are not responsible for the content or privacy policies of other sites, and would encourage you to read the privacy policy of every website you visit.
Your rights
Access to your information
You have the right to request a copy of the personal information about you that we hold.
Sometimes, it may not be possible for us to provide information about you because of obligations of professional secrecy to our clients (in the form of legal professional privilege and confidentiality of communications).
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Correcting your information
We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards. Please note we may need to verify the accuracy of the new data you provide to us.
Deletion of your information
You have the right to ask us to delete personal information about you where:
• You consider that we no longer require the information for the purposes for which it was obtained.
• We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information
• You have validly objected to our use of your personal information – see Objecting to how we may use your information
• Our use of your personal information is contrary to law or our other legal obligations.
Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Objecting to how we may use your information
You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Restricting how we may use your information
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where there is no longer a basis for using your personal information, but you don’t want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Requesting transfer of your personal data
You may request us to transfer your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdrawing consent for using your information
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in the _Contact information and further advice _section if you wish to exercise any of these rights. Please note that if you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on our website. Paper copies of the privacy statement may also be obtained by contacting:
Data Protection Officer
Lawrie IP Limited
310 St Vincent Street
Glasgow
G2 5RG
Email: mail@lawrie-ip.com
Telephone: 0141 212 7070
This privacy statement was last updated on 26 October 2022.
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Contact information and further advice
Data Protection Officer
Lawrie IP Limited
310 St Vincent Street
Glasgow
G2 5RG
Email: mail@lawrie-ip.com
Telephone: 0141 212 7070
Complaints
We seek to resolve directly all complaints about how we handle personal information, but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns