- General intro
1.1. We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data. This policy includes an explanation of:
1.1.1. what data we are processing;
1.1.2. why we are processing it and what we do with it;
1.1.3. whether we will share it with anyone else;
1.1.4. whether we will transfer it outside of the United Kingdom;
1.1.5. how we keep your data safe; and
1.1.6. your rights.
- About us
2.1. Our company name is Cruxy & Co Ltd and our registered company number 08770183. We are located at 87 Chancery Lane, London WC2A 1ET, England. In this policy we have referred to the Cruxy & Co Ltd as: we, us, our or Cruxy.
2.2. For any queries concerning your data please contact the company Chairman at the above address or by email at firstname.lastname@example.org or by ‘phone on 07766 330033.
- Your personal data
3.1. We process your personal data if we understand that you may be interested in hearing more about our services. In this section 3 we provide more detailed information about how we will manage your personal data.
3.2. What data do we hold about you and how have we obtained this?
3.2.1. We may obtain information about you:
220.127.116.11. when you have been in contact with us;
18.104.22.168. when you are involved in a matter that we have been retained to provide legal services;
22.214.171.124. when you have attended an event that we have hosted or presented at;
126.96.36.199. from third parties;
188.8.131.52. from information which you allow to be shared that is part of your public profile on a third party social network;
184.108.40.206. when you have signed up to receive our updates; and
220.127.116.11. if you visit our website, we may automatically collect some personal information – please see section 5 (Cookies) for further information.
3.2.2. The personal information that we obtain will usually be limited to your name, business title and business contact information, however if you are also the subject of a legal matter that we are advising on then other personal data may be collected.
3.2.3. If cases where you or a business that you own, or part own becomes a client, we will often ask you to provide identity documents (typically, photo page of your passport or driver licence and a recent utility bill showing your residential address details). We ask for your identity documents to enable us to complete anti-money laundering checks.
3.3. How do we use your personal data and what is the applicable lawful basis?
3.3.1. Where you are an individual and you consent, we will keep you updated with information about our products, services and events.
3.3.2. Where we are required to do so to perform our contract with you, we may process your information that is necessary for completing our work.
3.3.3. We may process your information to comply with legal obligations including completing our anti-money laundering checks, assisting HMRC and the Police.
3.3.4. We may process your information to allow us to pursue our legitimate interests including:
18.104.22.168. to provide you with information about our products, services and events;
22.214.171.124. to analyse our performance to further improve our customer services;
126.96.36.199. to conduct market research, training and to administer our websites;
188.8.131.52. for the prevention of fraud or other criminal acts;
184.108.40.206. for undertaking credit checks for finance;
220.127.116.11. for the purpose of corporate restructure or reorganisation or sale of our business or assets;
18.104.22.168. for enforcing our legal rights or to defend legal proceedings and for general administration purposes.
3.4. Will we share your personal data with any third parties?
3.4.1. If you attend an event that we co-host with other parties, your data (name, title, employer and contact details) may be shared with our co-host partners.
3.4.2. We may disclose your information to our third-party service providers for the purposes of providing services to us or directly to you on our behalf e.g. advertising agencies or administrative service providers. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
3.4.3. We may share your data with third parties where it is necessary for the legal services that we are providing.
3.4.4. If we sell all or part of our business to a third party, we may transfer your information to that party to ensure that it can continue to provide information that you have requested or for any of the other purposes that we have noted above.
3.4.5. We may transfer your data to government or other official bodies for the purposes of complying with legal obligations, for enforcing our rights, or for the prevention or detection of a crime.
3.5. How long do we keep your data?
22.214.171.124. We regularly review our marketing data that we hold and delete or update any data that we understand is no longer correct or up-to-date.
126.96.36.199. For any personal data that’s contained on any of the matters where we have been engaged to provide legal advice, we will keep this data for 20 years, unless our client has asked us to retain it for a different period.
188.8.131.52. The periods stated in this section 3.5 may be extended if we are required by law to keep your data for a different period.
- Transferring your data outside of the United Kingdom (‘UK’)
4.1.1. The information that you send to us may be transferred to countries outside the UK. By way of example, this may happen if any of our servers or those of our third-party service providers are located in a country outside of the UK. These countries may not have similar data protection laws to the UK.
4.1.2. If we transfer your information outside of the UK in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected. These measures include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us if you would like more information about the protections that we have put in place.
5.2. You can find out more about the Cookies we use in our Cookies Policy available on the home page of our website.
5.3. You can set your browser not to accept cookies, however some of our website features may not function as a result.
5.4. For more information about cookies generally and how to disable them you can visit: www.allaboutcookies.org.
- Data security
6.1. We have adopted appropriate technical and organisational measures to protect the personal data we collect and use having regard to the state of the art, the nature of the data stored and the risks to which the data is exposed to human action or the physical or natural environment. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.
6.2. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.
6.3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- Links to other websites
- Your rights
8.1. Your right to access data
8.1.1. We always aim to be as open as we can and allow people access to their personal information. Where we hold your personal data, you can make a ‘subject access request’ to us and we will provide you with:
184.108.40.206. a description of it;
220.127.116.11. an explanation of why we are holding it;
18.104.22.168. information about who it could be disclosed to; and
22.214.171.124. a copy of the information in an intelligible form – unless an exception to the disclosure requirements is applicable.
8.1.2. If you would like to make a ‘subject access request’ please make it in writing to our contact email address noted in section 2.2 and mark it clearly as ‘Subject Access Request’.
8.1.3. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
8.1.4. Unless you agree a different time, we will complete your subject access request within one month.
8.2. Right to stop marketing messages
8.2.1. You always have the right to stop marketing messages. We will usually include an unsubscribe button in any marketing emails. If you do wish to unsubscribe, please just click the unsubscribe button and we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at any-time. Our contact details are shown in section 2.
8.3. Right to be forgotten
8.3.1. If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified – you have the right to request that we delete the data.
8.4. Right to restrict data
8.4.1. If we hold personal data about you and you believe it is inaccurate you have the right to request us to restrict the data until it is verified. You also have the right to request that the data is restricted where you have a right to it being deleted but would prefer that it is restricted.
8.5. Transferring your personal data
8.5.1. Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under section 3.3, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.
8.5.2. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information
8.6. Right to complain
8.6.1. You always have the right to complain to the personal data regulator, the ICO. You may also be entitled to seek compensation if there has been a breach of data protection laws.
- Policy updates
9.1. This policy was last updated on 15th May 2018