WHAT DATA DO WE COLLECT AND HOLD?
When conducting business with our firm we will need to collect some information from you in order to provide you with our advisory services.
The categories of your personal data that we may collect may include, but is not limited to, the following:
- Contact details (including names, postal addresses, email addresses and telephone numbers – which may also be available to the public e.g. on your business stationery or web sites or marketing search engines);
- Professional information such as company name and number of employees – but not their names or their personal data;
- Details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data.
If you contact us through this website we will ask you for basic information outlining details relating to your situation.
Sensitive personal data includes gender, race or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sexual life or criminal records. We do not solicit sensitive personal data through any means at all.
Our site and services are not intentionally designed or directed at children of 13 years of age or younger and it is our policy never to knowingly collect or maintain information about anyone under the age of 13 years.
The information we hold about you may include the following:
- your personal details (such as your name and/or address) as above;
- details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
- details of any services you have received from us;
- correspondence and communications with you;
- complaints details and enquiries;
- information from questionnaires relating to your situation, debts and personal circumstances;
- information from publicly available sources or information provided by your employer or from your professional advisers (who must have obtained your consent to have passed on any information about you or your business interests).
HOW IS THE DATA COLLECTED?
Your personal data may be collected by us in a number of ways, including:
- through our provision of services to you;
- during the course of dealings with you;
- when you provide information to us by filling in forms on our website (e. g. information provided at the time of completing the web enquiry from;
- when you contact us for these and any other reason, we may monitor and keep a record of that correspondence (in whatever form);
- when we collect publicly available information about you or your business (including through electronic data sources e.g. Companies House or Creditsafe searches); and
- when we collect your personal data from third parties (e. g. clients, your advisers or financial institutions).
Other data collected
Our website uses modern technology to collect very basic information on how the website is performing in the form of analytics. This information includes the IP address and information about which pages you look at, how long you stay on the website, if you are a new or repeat visitor and if you came via a search engine what search terms etc. you used to find us. We must emphasise that this information is anonymous; we cannot determine who you are or any other personal details and is used for statistical purposes. This type of data is present to enhance the speed of accessibility to the content of our website, its pages and information.
SHARING YOUR DATA
We do not sell, rent or exchange your private personal information with any third party for marketing or any other commercial reason. Instead we are required to keep it confidential and may only share your certain (personal/commercial) data with third parties where we are required by law, where it is necessary to administer the relationship between us (as professionals) or where we have another legitimate interest in doing so (e.g. providing a report to shareholders, unsecured or secured creditors or to Companies House or the Court).
Trusted contractors that assist us in providing our technology, including this website and email services, are subject to contractual confidentiality and security obligations to protect your data.
All third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with our regulator, the Insolvency Practitioners Association, or to otherwise comply with the law.
From time to time, we may, in the ordinary course of business, be required to share your personal data outside of the EEA. All third-party service providers (agents, solicitors, subcontractors) are required to take commercially reasonable and appropriate security measures to protect your personal data. As stated above, we only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions. If you have questions in this regard, please contact Mr Virgil Levy of LABR.
WHERE IS YOUR DATA HELD?
We store your private information in both electronic and paper form. All information is kept in accordance with the Data Protection Act 1998 and GDPR at our offices or at an off-site, secure storage facility. Access to your information is restricted to professional staff that have day-to-day control over insolvency cases and is always under the control of an insolvency practitioner or director.
Data collected from you when completing and submitting a website enquiry form is sent electronically to LABR and is also retained for a time on an LABR webserver, which are secure and are in the UK.
WHAT DO WE DO WITH THE INFORMATION?
We may use the personal information gathered in our normal course of business as follows:
- To confirm identification when you contact us.
- To provide you with information related to our services and our events and activities that you request from us or which we feel may interest you, provided you have consented to be contacted for such purposes.
- For purposes necessary for the performance of our contract with you, your employer or our clients and to comply with our legal obligations (for example to carry out our obligations arising from any agreements between you, your employer or our clients and us for the provision of our service).
- For the purposes necessary for the performance of our contract with our clients. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client (for example to carry out our obligations arising from any agreements entered into between our clients and us, for the provision of our services).
- For the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
- To seek your thoughts and opinions on the services we provide to help us improve and monitor our customer service to you.
- To notify you about any changes to our services.
- For statistical analysis and to track activity on our website.
- For record-keeping purposes.
- For the prevention of crime and fraud.
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so. We do not use your personal information for anything other than to perform insolvency-related work or assignments for which we have your instructions; save as required by any superseding law to GDPR.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of our business and the services provided;
- any statutory or legal obligations;
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the types of personal data we have collected;
- the amount and categories of your personal data; and
Whether the purpose of the processing could reasonably be fulfilled by other means. We usually destroy certain data after a certain period of time when an insolvency appointment comes to an end or an assignment is not taken any further.
As stated, we do not hold your personal details or any details you give to us for marketing purposes. Where we intend to issue a newsletter, we will first seek your permission by the appropriate routes before providing to you a newsletter. You may then provide your preferences for receiving such newsletters (by email or post). You have the right to ask us not to process your personal information for marketing purposes at any time.
You can exercise the right at any time by sending us an email at firstname.lastname@example.org , contacting us on +44 (0)1895 819460, or by writing to us at the following address: Unit 1 Beasley’s Yard, 126 High Street, Uxbridge, UB8 1JT. Note that it is not the intention of LABR to issue marketing material without your express permission to do so.
GDPR legislation is here to ensure that recipients of newsletters want to receive them. It should therefore be the case that on or after May 25 2018, you will not receive newsletters from LABR unless you have expressly opted into receiving them.
LAWFUL BASIS FOR PROCESSING
We process personal data on the following legal grounds:
- Our legitimate interest - processing data in ways which you would reasonably expect, where processing is necessary in the lawful operation of our business and where our interests do not affect your interests, rights and freedoms.
- To satisfy any legal and regulatory obligations to which we may be subject to.
- To fulfil any contractual obligations under any contract LABR has with you.
We do not rely on consent as a legal basis for processing your personal data, other than in relation to sending direct marketing communications to individuals via a personal email address.
When we collect contact information from you (for example, when you provide us with your business card), we may add your details to our contacts database and to a specific newsletter circular. In all other cases, we will ask you (before collecting your information) if we intend to use your information to send to you a newsletter.
We will not process your personal information (personal data) for the purpose or purposes you originally agreed to unless we have another legitimate basis for doing so in law.
How secure is your data?
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business-need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
ACCESSING, AMENDING OR DELETING YOUR DATA
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
- Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. Certain Subject Access Requests may be made utilising the guidance supplied in the ICO’s website for accessing sensitive data (e.g. medical records). There is also guidance on what LABR may charge to process valid Subject Access Requests.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you consider any information that we hold about you to be incorrect or incomplete, or wish us to remove any such data, you should write to us or email us email@example.com with your request.
If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please email our data protection managers, Virgil Levy or David Hughes on 0208 5790 9057 or 01895 819 460 or via email at firstname.lastname@example.org.
You also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner's Office,
Telephone - 0303 123 1113 (local rate) or 01625 545 745 Website - https://ico.org.uk/concerns .