KEEPING YOUR DATA SAFE
Your privacy is important. As intellectual property professionals, keeping information secure and confidential is second nature to us. This Privacy Policy sets out the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else we think it’s important for you to know.
WHO IS IN CONTROL OF YOUR PERSONAL DATA?
For the purposes of the GDPR, the “controller” for all personal data collected and used for the purposes set out in this Privacy Policy is Greaves Brewster LLP. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.
We rely on you to comply with the EU General Data Protection Regulation (“GDPR”) and any other applicable laws relating to data protection with regard to the information you provide to us, including the obtaining of any necessary consents if you supply us with personal data other than your own.
What data do you collect and where from and what do you use it for?
In order for us to carry out our contract with you to protect and maintain your (or your client’s) intellectual property, you will need to provide us with:
- the first name and surname;
- business address; and
- nationality,
- of applicants and inventors (“Application Information”).
We will also need to hold the information necessary for maintaining and administering your account with us. For this purpose, you will need to provide us with your:
- invoicing name;
- invoicing address;
- bank details;
- email address; and
- contact telephone number.
This is necessary for the performance of our contract with you (“Account Information”).
We may also need you to provide evidence of your identity, or the identity of other people connected with your work, in order to comply with our legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations.
We maintain a separate database of client and other contacts who would like us to send them news relevant to their business interests. These communications may include industry and legal alerts, information relating to our firm blogs, newsletters and event invitations. We only send communications of this kind where there is a legitimate business interest to do so and where contacts have not opted out of receiving such communications. Our contacts may instruct us to stop sending such communications at any time. We will never sell or pass on data from our contacts list.
No-one is obliged to provide us with personal data; but without using the limited types of personal data described above, we may be unable to apply for, maintain or defend a client’s intellectual property rights.
WHAT IS OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA?
Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. The table below tells you what that legal basis is in relation to each of the purposes set out above.
PURPOSE |
PERSONAL DATA USED |
LEGAL BASIS |
Protect and maintain your (or your client’s) intellectual property |
Application Information |
If you are an individual, sole trader or unlimited partnership client, we process this personal data for this purpose as it is necessary for the performance of our contract with you. If you are engaging with us on behalf of any other type of entity or an intermediary, we process this personal data for this purposes as it is necessary for the purposes of our legitimate interests in performing our contract with your business and/or your client’s business. |
Maintaining and administering your account with us |
Account Information |
We process this personal data for this purpose as it is necessary for the purposes of our legitimate interests to be able to maintain our relationship with you. |
Responding to complaints |
Account Information and any other information you voluntarily provide to us when contacting us
|
We process this personal data for this purpose on the basis that this information is necessary for our legitimate interests. We have an interest in making sure that complaints are handled appropriately so that they can be resolved for our clients. |
Marketing |
Your email address, telephone number and/or postal address |
We process this personal data for this purpose on the basis that this is necessary for our legitimate interests in promoting our business and maintaining relationships with our contacts. You can withdraw your consent at any time by following the “unsubscribe” instructions in marketing communications or emailing us at communications@greavesbrewster.co.uk. |
DO WE SHARE YOUR PERSONAL DATA WITH ANYONE?
In many jurisdictions, especially those outside the EU, we will need to share data with a carefully chosen local firm of intellectual property professionals who can deal directly with the Intellectual Property Office in their region. The firms with whom we work in other jurisdictions follow similar professional standards to our own. Please ask us, if you require a copy of their policies regarding data protection.
Other than this, we do not transfer your personal data outside the UK and the European Economic Area. If we ever need to do so, we will update this Privacy Policy and we will make sure that the recipient of your data protects it in the same way that it would be protected in the UK.
WHERE IS YOUR PERSONAL DATA KEPT?
We will store your personal data on our electronic and/paper files, and we will file this information as necessary at Intellectual Property Offices in the jurisdictions where you choose to protect your intellectual property.
As a patent, design or trade mark application progresses towards grant, the application and the personal data contained within it will be published by the Intellectual Property Office concerned.
FOR HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
As described in “Our business terms” under the heading “Your files”, we store electronic and paper files for a little over six years (the legal “limitation period”) after the expiry of the relevant intellectual property rights. We then ensure that the files are destroyed in a way that safeguards the confidentiality of their contents.
If we have no other ongoing matters with you, we will delete your accounts information from our records at the same time.
WHAT RIGHTS DO YOU HAVE?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
Under the GDPR, you have the right to:
- ask whether we hold any of your personal data;
- access (i.e. to a copy of) any information that we hold relating to you (subject to some exceptions);
- have inaccurate data corrected. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible;
- ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this Privacy Policy;
- object to processing of your personal data. If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data;
- ask us not to market to you. You can do this by following the “unsubscribe” instructions in any marketing emails; and
- have processing of your personal data restricted
CONTACTING US
If you have any questions concerning our handling of your personal data or any information you have provided to us or if you would like to exercise any of your rights, please contact our Practice Manager at PracticeManager@greavesbrewster.co.uk, or any of our partners.
COMPLAINTS
If you have any concerns that we are unable to resolve together, you have a right to complain to the Information Commissioner’s Office. This can be done via the ICO’s website at https://ico.org.uk/concerns.
POLICY CHANGES
We may make changes to this Privacy Policy from time to time. Any changes we make will be posted here. We may also notify you if significant changes are made.