This privacy notice (“Notice”) describes how Paxus LLP collects and uses your Personal Data in accordance with applicable data protection legislation. It tells you what Personal Data we collect, why we need it, how we use it and what protections are in place to keep it secure.
“Paxus” “we” “us” and “our” mean Paxus LLP.
“Personal Data” means information about individuals (including you) which can identify them.
“You” means individuals whose Personal Data we process including, but not limited to, Paxus clients, Paxus client personnel, suppliers and supplier personnel, job applicants, people we have commercial relationships with, people we interact with and people who visit this website.
How does Paxus obtain your Personal Data?
In some circumstances, we may obtain your Personal Data from you directly, including through your correspondence and enquiries, your use of this website or job applications, but, more typically, we will obtain your Personal Data from a third-party source, for example, we may collect information from our clients/our clients’ personnel, agents and advisors, the company for whom you work, other organisations/persons with whom you have dealings, government agencies, credit reporting agencies, information or service providers and publicly available records
What about Personal Data which you provide to Paxus?
If you provide information to us about someone else (such as one of your associates, directors, employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that information to us and that, without our taking any further steps, we may process that information in accordance with this Notice.
What Personal Data does Paxus collect from and about you?
We collect and use different types of Personal Data about you, which will vary in type and detail depending on the circumstances and purpose of processing. Please consider the following illustrative and non-exhaustive examples:
- Personal Data about you: name, address, date of birth, marital status, nationality,race, gender, preferred language, job title, work life and restrictions and/or required accommodations, possibly about your family life;
- Personal Data to contact you at work or home: name, address, telephone, and e-mail addresses;
- Personal Data which may identify you: photographs and video, passport and/or driving license details, electronic signatures;
- Personal Data to process any payment we might need to make to you: bank account details, HMRC numbers and references (where applicable); and
- Personal Data to monitor your use of our website: IP address, traffic and location information, weblogs and other communication information.
Why do we need to collect and use your Personal Data?
We need to collect and use your Personal Data for a number of reasons, the primary purpose being to provide legal advice and services to our clients which may involve the use of your Personal Data in the following (non-exhaustive) ways:
- to contact you if you are involved in a matter we are undertaking for a client, whether in your professional or personal capacity;
- to carry out investigations, risk assessments and client due diligence;
- to analyse the practices of your employer or other organisations and/or persons with whom you have dealings;
- to review, draft and disclose correspondence and other documents, including court documents;
- to instruct third-parties on behalf of our clients; and
- for comparison/analytical purposes and to formulate legal opinions and provide advice.
We may also process your Personal Data for our clients’ effective business management purposes which may involve the use of your Personal Data in the following (non-exhaustive) ways:
- to engage and contact suppliers;
- to carry out internal reviews, investigations, audits;
- to conduct business reporting and analytics;
- to help measure performance and improve our services;
- for advertising, marketing and public relations purposes;
- for recruitment purposes;
- for regulatory and legislative compliance and related reporting; and
- for the prevention and detection of crime.
What is Paxus’ legal basis for processing your Personal Data?
Paxus must identify a legal basis for processing your Personal Data which may vary according to the type of Personal Data processed and the individual to whom it relates.
Performance of a contract with you (where applicable):
Paxus is entitled to process the Personal Data it requires in order to fulfil its obligations under its contract with you. This will be the relevant legal basis if you are an individual client or supplier / other individual who has a direct contractual relationship with us.
Legitimate interests of Paxus or a third-party:
Paxus processes some of your Personal Data on the basis that it is in its legitimate interests and/or the legitimate interests of a third-party to do so. This will primarily concern the processing of Personal Data that is necessary to provide legal advice and services to our clients. Paxus’ legitimate business interest in these instances is the proper performance of its function as a provider of such services. Paxus’ clients’ also have a legitimate interest in benefiting from the services.
Paxus’ broad interest in the provision of legal advice and services as a basis for processing your Personal Data, and our clients’ corollary interest in the receipt of such services, can be broken down into more discreet categories. Some examples include:
- the interest in contacting individuals relevant to Paxus’ work and our clients’ business, which may involve the use of your Personal Data;
- the interest in reviewing, creating and providing documents and correspondence which may contain your Personal Data;
- the interest in instructing third-parties on behalf of our clients which may involve the use of your Personal Data;
- the interest in receiving payment from our clients and third-parties and to facilitate payments to and from our clients and third-parties which may involve your Personal Data; and
- in order to allow for all of the above, the secure management and storage of your Personal Data, within our IT environment and hard-copy filing systems.
Paxus may also process your Personal Data on the basis that it is necessary for its legitimate interests in the effective management and running of our and our clients’ businesses. Some examples include:
- the interest in engaging suppliers and supplier personnel;
- the interest in ensuring that its systems and premises are secure and running efficiently;
- the interest in hiring/recruiting personnel and processing job applications;
- the interest in marketing and advertising the services we provide;
- the interest in obtaining and maintaining insurance; and
- the interest in facilitating, making and receiving payments.
We always ensure that our processing of your Personal Data, on the basis that it is within our legitimate interests (whatever such interests might be), is not unwarranted because of any prejudicial effect on your rights and freedoms or your own legitimate interests.
Compliance with a legal obligation to which we are subject:
In certain circumstances, we must process your Personal Data in order to comply with our legal obligations. This might include, but is not limited to, Personal Data required for tax and accounting purposes and for Paxus to fulfil its compliance and other obligations under relevant legislation/regulation.
More information relating to legal bases for processing Personal Data can be found on the Information Commissioner’s website (see details below) or by contacting us.
Special category and criminal records Personal Data
If Paxus processes your criminal records Personal Data or special category Personal Data relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health data, biometric data or sexual orientation, we will obtain your explicit consent to do so unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing Personal Data based on your consent, you have the right to withdraw that consent at any time.
Who receives your Personal Data?
We may disclose your Personal Data to third-parties if, but only when, we have a legal basis to do. Such recipients include but are not limited to: our clients; our insurance brokers and underwriters; our bank, auditors and accountants; our outsourced IT providers and other suppliers; HMRC; and legal regulators.
How do we protect your Personal Data?
We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your Personal Data. We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that any Personal Data we hold is not accessed by anyone unauthorised to access it. We have in place, and abide by, a specific information security policy about the security standards used to protect your Personal Data.
When we use third-party organisations to process your Personal Data on our behalf, they must also have appropriate security arrangements, must comply with our contractual requirements and instructions and must ensure compliance with applicable data protection legislation.
Is your Personal Data transferred to “third countries” and, if so, what safeguards are in place?
In accordance with this Notice and the provisions of relevant data protection legislation, we may transfer your Personal Data to organisations located in “third countries” (those outside of the UK). In addition to the security arrangements mentioned above in relation to our engagement of third-party organisations, where such transfers are required we will ensure that your Personal Data is adequately protected, for example, by using a contract for the transfer which contains specific data protection provisions.
How long will your Personal Data be retained by Paxus?
It is our policy to retain your Personal Data for the length of time required for the specific purposes for which it is processed by us and which are set out in this Notice. However, we may be obliged to keep your Personal Data for a longer period, for example, where required by our legal and regulatory obligations or in order to ensure we have effective back-up systems. In such cases, we will ensure that your Personal Data will continue to be treated in accordance with this Notice, restrict access to any archived Personal Data and ensure that all Personal Data is held securely and kept confidential.
What are your rights?
Data protection legislation generally affords individuals a right to access their Personal Data, to object to the processing of their Personal Data, to rectify, to erase, to restrict and to port their Personal Data.
We have specific procedures in place in relation to Subject Access Requests (“SARs”) that you may be entitled to make. Put simply, a SAR is a request made by you which requires us to provide you with details of your Personal Data which we hold and process and a description of how we process it. Any questions or requests should be put in writing to us at email@example.com or addressed to us at Paxus LLP, Thomas House, 84 Eccleston Square, Pimlico, London, United Kingdom, SW1V 1PX
How to make a complaint
If you are unhappy with the information provided in this Notice or have concerns about the way in which Paxus processes your Personal Data you may in the first instance contact us and if you remain dissatisfied then you may apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, www.ico.org.uk.