Supplier Privacy Notice
PRIVACY NOTICE – clients and potential clients
Oracle is committed to protecting the individual privacy rights and choices of our candidates. Our Privacy Notice contains important information about the types of personal information we collect and process, what we do with it, who we may share it with and why; and your rights when it comes to the personal information you provide us with. If you have any questions about how we use your data, please contact our Data Protection Officer at DPO@oraclesolicitors.co.uk.
1. Controller
A controller is the organisation that makes the decisions about what data is processed and is responsible for your data.
2. The data we collect about you
When you are engage with us, we will collect and process a wide variety of your personal data. The data that we process will depend upon your profession and interactions with us.
We will have your name, email address and phone number.
3. How we use your personal data and legal basis for doing so
We may use your information for the following purposes:
Action | Reason | Legal Basis |
Fulfilment of a contract | We collect and maintain personal data that you submit to us to enable us to have a contract with you. | It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you.
|
Contacting you | We will use your personal data to contact you if, for example, you work for one of our clients or you work for a company that has engaged with us.
| We have a legitimate interest in having your contact details. |
4. Who we share your personal data with
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Entity | Legal basis |
Our professional advisers such as lawyers and accountants. | Legitimate interest. |
Government or regulatory authorities or law enforcement. | Legal obligation. |
Professional indemnity or other relevant insurers. | Legitimate interest. |
Regulators/tax authorities/corporate registries. | Legal obligation. |
Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT support service providers, document and information storage providers. | Legitimate interest. |
Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, court, opposing party and their lawyers, document review platforms and experts such as tax advisors or valuers. | Legitimate interest or a contractual requirement to provide our services. |
Third party service providers to assist us with client insight analytics, such as Google Analytics | Consent. |
Please note this list is non-exhaustive and there may be other examples where we need to share personal data with other parties.
We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers where necessary to deliver the services (for example, accountants, barristers or other third party experts). When doing so we will comply with our legal and regulatory obligations in relation to the personal data and put appropriate safeguards in place.
5. International transfers
Oracle has law firms operating around the world. As such, we will sometimes need to transfer your personal data to recipients in jurisdictions other than your own. Some of these jurisdictions may not provide the same level of protection to your personal data as provided in your jurisdiction. If we transfer your personal data outside the European Union or the United Kingdom, we will only make that transfer if:
- that country ensures an adequate level of protection for your personal data;
- we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission and the UK government;
- the transfer is permitted by applicable laws; or
- you explicitly consent to the transfer.
If you would like to see a copy of any relevant safeguards used by us to protect the transfer of your personal data, please contact our Data Protection Officer at: info@oraclelawglobal.com
6. Data security
We are committed to keeping the personal data provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal data that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of such personal data.
7. Retention of personal data
The length of time that we will keep your information will vary depending upon who you are. If you have been engaged to advise on a matter for us or you are on the other side or you work for one of our clients, then we will keep your data in the client file for a minimum of six years.
If you work for one of our suppliers, then we will retain your data for as long as you work for that company.
8. How to access your information and your other rights
You have the following rights in relation to the personal data that we hold about you:
- Your right of access: if you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Your right to rectification: if the personal data that we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
- Your right to erasure: you can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
- Your right to restrict processing: you can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you raise an objection with us. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also inform you who we have shared your personal data with so that you can contact them directly.
- Your right to data portability: you have the right, in certain circumstances, to obtain personal data that you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- Your right to object: you can ask us to stop processing your personal data, and we will do so, if we are:
- relying on our own or someone else’s legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
- processing your personal data for direct marketing purposes.
- Your right to withdraw consent: if we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
- Your right to lodge a complaint with the Supervisory Authority: if you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the Supervisory Authority in your country. We would, however, appreciate the chance to deal with your concerns before you approach the Supervisory Authority, so please contact us in the first instance.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data, or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.