Collection and use of personal data via the website
Users of the G&T website can visit the site without revealing their identity or providing information about themselves. The Firm collects information directly from users when they voluntarily submit their personal information to us. At certain parts of our website we may provide the opportunity for users to register to join a mailing list or request information.
The Firm will collect and store this data in accordance with the Principals of the Data Protection Act. We will only collect data that has been volunteered by users and we will provide a reason for collection and an explanation of how the information will be used. The Firm will keep it secure and up to date and only keep the data for as long as reasonably necessary. We will only use this data for the reason that was originally stated.
Where users have opted in to receiving e-communications from the Firm, it will always give them a clear option to opt out at any time. The Firm agrees to act upon such requests in an efficient manner and to stop such e-communications to those users immediately.
The Firm reserves the right to add to this list of opportunities available to our users to interact with us. It is completely up to users to provide us with their personal information.
DATA PROTECTION ACT 1998
The Firm aims to fulfil its obligations under the Data Protection Act 1998 to the fullest extent. The Data Protection Act 1998 (“the Act”) imposes a number of responsibilities and liabilities on the Firm as a Data Controller. The Firm has notified the Information Commissioner of the categories of personal data that are processed, the purposes of such processing and the security measures that have been implemented, in accordance with the Act. “Processing” includes obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data including disclosing such information or data.
The Information Commissioner’s Registration number under the Act for Gardiner & Theobald LLP is Z6062898.
All members of the Firm will be required to comply with any privacy/data protection or other policy issued from time to time by the Firm to ensure compliance with the Data Protection principles, and are required to assist the Firm in complying with the following eight Data Protection Principles
enshrined in the Act:
- All personal data must be obtained and processed fairly and lawfully and may not be processed unless certain conditions are met.
- All personal data must be obtained for a specified and lawful purpose and must not be processed in any manner incompatible with that purpose.
- All personal data must be adequate, relevant and not excessive for that purpose.
- All personal data must be accurate and kept up to date.
- All personal data must not be kept for longer than is necessary for that purpose.
- All personal data must be processed in accordance with the data subject’s rights.
- All personal data must be kept secure from unauthorised access, accidental loss, damage or destruction.
- Personal data must not be transferred to a country or territory outside the European Economic Area (the “EEA”), unless that country has equivalent levels of protection for personal data.
As part of its everyday business activities, the Firm holds personal data of members of the Firm, and it’s clients, contractors and suppliers. “Personal data” means information by which a living person can be identified and includes for example, but is not limited to, training and appraisal records, CVs, references (including both references received from previous employees and references to be given to any future employer), limited financial information (for payroll purposes), sickness records and other personal details. The personal data held by the Firm are regularly collected, processed and stored on computerised records and in manual filing systems. The Firm will review these records regularly, and you will be asked to update your personal records from time to time to ensure that they remain accurate and up to date.
Personal data will be held on a confidential basis and may be disclosed to third parties in accordance with the Data Protection Act 1998 and with the individual’s consent where appropriate. You hereby consent to the Firm processing personal data (including sensitive personal data) concerning yourself in order to properly fulfil the Firm’s obligations to you under this agreement and for reasons relating to your employment as required by the Data Protection Act 1998. You accept and acknowledge that if you are required at any time to work on behalf of the Firm overseas, the Firm may need to pass your personal data to the person, firm or company with whom you are working anywhere in the world and you hereby expressly consent to the Firm doing so. In addition the Firm may, if required, disclose personal data to Clients, but we will not disclose individual names or any identifying information unless the Firm has prior agreement from the Employee. If you have any objection to the processing by the Firm of any of your personal data, please contact the Human Resources Department as soon as possible.
The Firm will comply with its obligations under the Act to register details of the processing it does and the purposes for this processing with the Information Commissioner.
Personal Liabilities And Responsibilities
The Act provides for the right for individuals to have access to data held about themselves and, where appropriate, to have the data corrected or deleted. It is therefore very important that all information about members of the Firm and other individuals which is stored by the Firm should be held in accordance with the Principles of the Act, and such that the Firm is able to retrieve and disclose it in full to those individuals without delay or embarrassment. Any such request from an individual Data Subject should be referred to the Human Resources Department, who will respond as required by the Act.
The Firm also has a duty to ensure that all personal data is securely kept. The Firm will ensure that personal data is not disclosed to or accessible by anybody who does not have authorisation, and members of the Firm should also ensure that they do not disclose personal data relating to any employee of the Firm to anyone, without obtaining prior authority to do so from the Human Resources Department.
Failure to comply with the Act can give rise to criminal liability and could result in compensation being payable to an individual and/or the imposition of fines on the Firm and/or members of the Firm; the Firm may take action to recover any damages suffered. The Firm takes its responsibilities under the Act very seriously, and expects all members of the Firm to take their responsibilities seriously and ensure that they do not do anything that may cause the Firm to be in breach of any of the provisions of the Act. As such, it shall be a disciplinary offence for any member of the Firm to knowingly or recklessly cause the Firm to be in breach of the Act and the Firm may take action against any member of the Firm who causes the Firm to suffer loss.
If you would like further information on the responsibilities and liabilities of the Firm under the Act or advice on compliance with the provisions of the Act, this can be obtained from the Human Resources department.