December 5th, 2019
PGMBM Law (a trading name of Excello Law Limited- SRA License Number 512898)

GDPR PRIVACY POLICY

INTRODUCTION

Your privacy is important to PGMBM Law (a trading name of Excello Law Limited). This Privacy Policy explains how we collect, use and process your personal data, and how we comply with our legal obligations. We are committed to protecting and safeguarding your data privacy rights and comply with the General Data Protection Regulation (EU 2016/679), the “GDPR”.

We also comply with the "Lei Geral de Proteção de Dados (LEI n. 13.853, 2019), the "LGPD" imposed by the Brazilian Law.

The term “Personal Data” means any information relating to you, who can be identified, directly or indirectly, by reference to other information that we have access to. Where services are provided to you by other entities within PGMBM Law (referred to this Privacy Policy as “PGMBM” or “us”), the entity providing the service will be responsible for your personal data.

The information described below is in addition to any personal data we are required by law to process in any given situation.

CLIENT DATA: When joining a litigation case, we may collect contact and identity details such as name, telephone number, email, postal addresses, date of birth, payment details, tax residence information, copies of photo identifications such as your driving license and/or passport/identity card, information about nationality/citizenship/place of birth, your national identification number, identity verification documents and signature in order to comply with our legal and regulatory obligations.

We may also collect special categories of more sensitive data such as health, physical and mental health information, depending on that necessity of the legal case. We also hold information relating to your online engagement with material published by PGMBM, which we use to ensure that our marketing communications to you are relevant, timely and in accordance with your marketing preferences. Where relevant, we may also hold additional information that someone in your organisation has chosen to disclose to us. If we need any additional personal data for any reason, we will inform you.

SUPPLIER DATA: We may collect your contact details or the details of individual contacts at your organisation (such as names, telephone numbers, email and/or postal addresses). Depending on the circumstances, we may also collect bank details for payment purposes.

JOB APPLICANT DATA: We may collect your C.V., work history, name, contact details, details of professional status, records and qualifications, referees, salaries and social media profiles, if you decide to apply for a job within our company.

PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS: To ask for a reference, we may need the referee’s contact details (such as name, email address and telephone number). We will also need these details if a Job Applicant or a member of our staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.

WEBSITE USERS: We collect a limited amount of data from our website users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, including the time and duration of visit, your CPU speed, the operating system/platform you are using, the frequency with which you access our website, your browser type, the location you view our website from, and the language you choose to view it in.  We may record site traffic patterns, “clickstreams”, and the times that our website is most popular. If you contact us or submit an application for a consultancy via the website, we will collect any information that you provide to us, for example, your name and/or contact details. We may use that information to respond, assess and respond to your application or enquiry.

We collect personal data through the website in two ways:

1. Personal data that we receive directly from you
2. Personal data that we collect automatically (see website users)

Personal data that we receive DIRECTLY FROM YOU:
• Where you contact us proactively, usually via an online form, by phone or email; and/or
• Where we contact you, whether by phone, email or any other form of communication.

WEBSITE USERS: When you visit our website, there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via our website, for example, when you submit a query.
• We collect your data automatically via cookies, in line with cookie settings in your browser.

The personal data that we collect is utilised to enhance our professional relationship with you:

CLIENT DATA – Below are the various ways in which we use your data in order to ensure the smooth running of our agreements and dealings with you:

• Professional services activities – Processing your data in order to storing your details (and updating them when necessary) on our database, so that we can contact you in relation to our relevant activities; and keeping records of our conversations and meetings, so that we can provide targeted services to you and in order to comply with our legal and regulatory obligations.
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.

• Marketing activities – We may process your data for the purpose of targeting you with appropriate marketing and PR campaigns. Subject to any applicable local laws and requirements, we will only send you marketing and PR information.
If you are not happy about this, you have the right to opt out of receiving marketing and PR materials from us and can find out more about how to do so by emailing [email protected]

• To help us to establish, exercise or defend legal claims – In more unusual circumstances, we may use your personal data to help us to establish, exercise or defend legal claims.

SUPPLIER DATA: We will only use your information:
• To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements or our dealings with you;
• Facilitating our payroll and invoicing processes, for example, in relation to consultants or self-employed contractors;
• To help us to target appropriate marketing campaigns, where this arises and with your consent; and
• In more unusual circumstances, to help us to establish, exercise or defend legal claims.
• If you are not happy about this, you have the right to opt out of receiving marketing material from us and can find out more about how to do so by emailing [email protected]

PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES, EMERGENCY CONTACTS AND DEPENDENTS:
We will only use the information about you for the following purposes:
• If a Job Applicant or staff member put you down on our form as an emergency contact, we will contact you in the case of an accident or emergency affecting them; or
• If you were put down by a Job Applicant as a referee, we will contact you in order to take up a reference; or
• If you were put down by a staff member as a next of kin or dependent, we will store your personal data to ensure the personnel records of the staff member are correct and disclose your information to the relevant benefits provider.
• If you are not happy about this, you have the right to object and can find out more about how to do so by emailing [email protected] .

WEBSITE USERS: We use your data to help us to improve your experience of using our website, for example, by analysing your recent search criteria to help us to present information to you that we think you will be interested in.

LEGITIMATE INTERESTS
• We can process your data where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you, which require protection of personal data.
• You have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please contact [email protected] .

CLIENT DATA:
• To ensure that we provide you with the best service possible, we use and store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations and meetings.
• We think this is reasonable – we deem these uses of your personal data to be necessary for our legitimate interests in order to carry out our business activities.
• We have to make sure our business runs smoothly, so that we can carry on providing services. We therefore also need to use your data for our internal administrative activities, such as invoicing where relevant.
• We have our own obligations under the law, which is a legitimate interest of ours to insist on meeting. If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection or tax collection.

SUPPLIER DATA:
• We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. Where you are a sole trader, we also hold your financial details, so that we can pay you for your services.
• We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.

PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS:
• If you have been put down by a Job Applicant or a member of PGMBM as one of their referees, we use your personal data in order to contact you for a reference.
• If a staff member has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We have a legitimate interest to store this data and use it in appropriate circumstances on behalf of our staff.
• If a staff member has given us your details as a dependent or a next of kin, we will use your personal data as appropriate for the purpose of benefits or employment rights.

We have a legitimate interest to store this data and use it in appropriate circumstances on behalf of our staff.

CONSENT
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.
• You have to give us your consent freely, without us putting you under any type of pressure;
• You have to know what you are consenting to – so we’ll make sure we give you enough information;
• We will keep records of the consents that you have given in this way.
• In some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you which are related to the services we provide as long as you do not actively opt-out from these communications.
• As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time by emailing [email protected]

LEGAL OBLIGATIONS
We also have legal and regulatory obligations that we need to comply with.
• If we believe in good faith that it is necessary, we may share your data in connection with crime detection or tax collection.
• We also may share your data with regulatory agencies or other relevant bodies in order to comply with our regulatory obligations.
• We will keep records of your personal data (including personal data contained in communications and calls) in accordance with our legal and regulatory obligations.

CONTRACT
We can process your data where we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract, for example, because you wish to instruct us to carry out legal services for you.

ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data, in connection with exercising or defending legal claims.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.

Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of people:

• Any of our offices;
• Individuals and organisations who hold information related to a Job Applicant’s reference or application to work with us, such as current or prospective employers and employment and recruitment agencies;
• Tax, audit, regulatory bodies or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, in connection with any anticipated litigation or in compliance with our legal and regulatory obligations);
• Third party service providers (including suppliers) who perform functions on our behalf (including benefit providers such as pension providers, private medical insurance, dental insurance and childcare providers, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, transport and distribution suppliers, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
• Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
• Marketing technology platforms and suppliers; and
• If PGMBM merges with or is acquired by another business or company in the future, we may share your personal data with the new owners of the business or company (and provide you with notice of this disclosure).

We do not sell any personally identifiable information provided to us to any unrelated third party, but, as set out above, we may share it with related entities or with unrelated third parties in connection with our own marketing activities or the maintenance and operation of our site, or as may be legally required. Please do not to send confidential or sensitive information to us through this site.

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of necessary technical and organisational measures including but not limited to encrypted systems, to hold your personal data securely in both electronic and physical form.

All our Partners, staff, third party services and cross borders who have or may have access to your personal data, are instructed and subjected to confidentiality obligations. We take all the appropriate measures to maximally secure personal information and to deal with any suspected data breach.

We will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate amount of time after we have parted ways, depending on local law requirements, type of data in question, any overarching legal and regulatory, our legitimate business and risk-management needs. We may, for example, be required to retain certain data for the purposes of tax reporting or responding to tax queries.  In other instances, there may be some other legal, regulatory or risk-management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).

In determining the appropriate retention period for various types of personal data, in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we need to process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

You retain various rights in respect of your data, even once you have given it to us. These are described below:

• Right to be informed

• Right to access*

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to data portability

• Right to object

Rights in relation to automated decision making and profiling

*Right to access: This right enables you to ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. This is called Data Subject Access Request (SAR).We may ask you to verify your identity and for more information about your request. The SAR has no costs for you, unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

To get in touch or exercise any of these rights, please contact our Data Protection Officer, at mydata[email protected]. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

In order to provide you with the best service and to carry out the purposes described in this Privacy Policy, your data may be transferred:
• to third parties (such as regulatory authorities, advisers or other suppliers to PGMBM)
• to overseas suppliers
• to a cloud-based storage provider

We want to make sure that your data are stored and transferred in a way which is secure. We will therefore only transfer data outside of the European Economic Area (EEA) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

• by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
• by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
• transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
• where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a client of ours); or
• where you have consented to the data transfer.

To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with, to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.

WHAT’S A COOKIE?

Cookies are small text files that can be used by nearly all websites to make a user’s experience more efficient. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.

HOW DO WE USE COOKIES?

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

Your consent applies to the following domains: www.pgmbm.com, previously used as www.spglaw.co.uk, and you can at any time change or withdraw your consent from the Cookie Declaration on our website.

NECESSARY COOKIES

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name

Provider

Purpose

Expiry

Type

__cfduid

pgmbm.com

Used by the content network, Cloudflare, to identify trusted web traffic.

29 days

HTTP

CookieConsent

Cookiebot

Stores the user’s cookie consent state for the current domain

1 year

HTTP

 

STATISTIC COOKIES

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Name

Provider

Purpose

Expiry

Type

_ga

Google

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

2 years

HTTP

_gat

Google

Used by Google Analytics to throttle request rate

1 day

HTTP

_gid

Google

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

1 day

HTTP

 

MARKETING COOKIES

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Name

Provider

Purpose

Expiry

Type

ads/ga-audiences

Google

Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites.

Session

Pixel