This statement explains how we may use personal data which we obtain about you. It sets out who we are, how and why we collect, store, use and share your personal data and the basis on which we do so. It also explains your rights in relation to personal data and explains how to contact us or the relevant supervisory authority should it be necessary.
2. Who we are and how to contact us
Brennan & Partners Limited is incorporated and registered in England and Wales with company number 10226819 and registered office at Wilmington House, High Street, East Grinstead, West Sussex RH19 3AU, United Kingdom (“B&P”).
Our website may be found here: www.brennanandpartners.com
Should you have any queries about our policy or wish to exercise any of the rights described herein, please contact us in writing at:
Address: 35 Berkeley Square, London, W1J 5BF
3. Key terms
Personal data – any information relating to an identified or identifiable individual.
Special category personal data – information revealing an individual’s racial or ethnic origin, data about ethnic origin, religious, philosophical, and political beliefs, trade union membership, health and genetic data and data concerning a person’s sex life and sexual orientation.
Our use of personal data is regulated by the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
5. Personal data we may collect
We may collect the following types of personal data about you:
6. How we collect your personal data
We collect personal data in a variety of ways, including:
7. How we use your personal data
Under the UK GDPR the lawful bases we rely on to use your personal data are that:
8. Who we will share your personal data with
We may share your personal data with certain trusted third parties, including:
Where we are legally obliged to, as personal data may also be shared with regulatory authorities (including the Information Commissioner’s Office (‘ICO’) and courts, tribunals, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this unless we are legally restricted from doing so.
9. How we protect your personal data
We take all reasonable steps to protect your personal data but cannot guarantee the security of any data you disclose to us online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. You accept the inherent security risks of providing information over the internet and will not hold us responsible for any breach of security unless this is due to our negligence or willful default.
In line with the data protection laws and any applicable guidance, we use a variety of technical and organisational measures to prevent unauthorised access, loss, use, disclosure, alteration or destruction of personal data. We have put in place appropriate training measures to inform our staff about keeping personal data secure.
We have also put in place procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected personal data breach where we are legally obliged to do so.
10. Transferring your personal data out of the UK
To deliver services to you, it may sometimes be necessary for us to share your personal data outside the United Kingdom (‘UK’). For example, this may happen:
Where we transfer personal data outside the UK, we ensure that it is permissible under the special rules governing such transfers under UK data protection legislation. These special rules may include where a data protection “adequacy decision” has been made by the UK which found that the country where your personal data is transferred offers essentially the same level of data protection that exists in the UK.
They may also include where we have reached a binding agreement containing Standard Contractual Clauses with the organisation to whom we transfer your personal data ensuring that it will provide the same level of data protection as the UK.
11. Data storage & retention period
B&P holds personal data in physical and electronic forms. Where data is held in physical form, it is stored securely either on our premises or in secure off-site storage. Where data is held electronically, it is securely stored on our servers which are located in the UK.
B&P will process personal data in accordance with its records retention practices or as long as required by the terms of a contract. In setting retention periods, we take account of the purpose for which personal data was collected and any legal and regulatory obligations on us to retain information, limitation periods for legal action and our business purposes.
Where it is no longer necessary to retain your personal data, we will delete or anonymise it.
12. Your rights to access personal data
You have the right to receive information about the personal data which we hold about you.
You may do this by making a written request known as a ‘data subject access request’.
If you are concerned that any of the information we hold on you is incorrect, please contact us (see item 14 ‘Data subject rights’ below).
13. Data subject rights
Under the UK GDPR you have a number of important rights which you may exercise unless a national law prevents us from complying. Where you do exercise your rights, this will be free of charge. In summary, your rights include:
If you would like to exercise any of your rights, please write to Data Protection, 35 Berkeley Square, London, W1J 5BF or email us at: firstname.lastname@example.org
14. Cookies, online forms & third-party websites
When accessing our website, B&P collects standard internet log information for statistical purposes and to provide the website experience.
Please visit the cookies page on our website for further information. When we collect personal data, for example via an online form, we will explain what we intend to do with it.
16. Questions and complaints
While we hope to be able to resolve any concern that you may have, the UK GDPR also gives you the right to lodge a complaint with the supervisory authority for data protection issues. In the UK, the supervisory authority is the ICO.
The ICO’s website is: www.ico.org.uk. The ICO’s telephone number is: 0303 123 1113