INTRODUCTION

KEN ORRIS LLP (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy and Cookies Notice (together with our Terms of Use, terms of business, and any other referenced documents) outlines how we collect, process, and protect your personal data. It also explains the purposes for which we use your data.

Please read this notice carefully to understand our practices regarding your personal data and how we handle it. References to “we,” “us,” or “our” in this notice also apply to KEN ORRIS LLP when processing employee data.

Data Protection

Under the Data Protection Act 2018 (the Act) and the UK General Data Protection Regulation (UK GDPR) (as transposed into UK law), KEN ORRIS LLP is the data controller of your personal information. We are registered with the Information Commissioner’s Office (ICO) under registration number ………………..

Scope of This Notice

This notice explains how we collect and process personal data about:

• Clients and prospective clients.
• Visitors to our website (www.kenorris.co.uk) and subscribers to our online services.
• Individuals captured by CCTVin and around our office premises (see the CCTV section below).
• Individuals who meet specific job requirements.
• Job applicants, work experience candidates, and current employees.

Depending on your relationship with us, this notice may be supplemented by additional information, such as:

• Terms of Businessand engagement letters (for clients).
• Application formsand employment contracts (for job applicants and employees).

What Personal Information Do We Collect and Why?

We may collect and process personal information about you, including:

1. Information You Provide:

• Through forms on our website or submissions via other online platforms (e.g., LinkedIn, job boards, or recruitment sites).
• When using our professional services as a client.
• In correspondence you send to us.
• As part of a job or student placement application.

2. Information Collected Automatically:

• During calls to and from us (see Call Recordingbelow).
• About your visits to our website (e.g., traffic data and accessed resources).
• From publicly available sources (e.g., the electoral roll, Companies House, or law firm websites).

3. Information from Third Parties:

• If you are a customer of one of our clients and we are providing legal services on their behalf.
• From suppliers, clients, or other third parties with whom you have dealings related to our legal services.
• From databases or third-party sources that have a legal basis for sharing information with us.

4. Information from Events:

• If you attend events or functions organised or sponsored by us, including images captured through photography or videography for marketing purposes.

How We Use Your Information in Marketing

If you receive marketing emails, event invitations, or other direct communications from us, we may collect information in the following ways:

• Email Opens:We log activity if you open an email by downloading images or clicking links.
• View as Web Page:Clicking the “view as web page” link passes a tracking code to personalise the web page.
• Web Links:Clicking any web link in our emails allows us to log your activity.
• Unsubscribing:If you unsubscribe, we record this preference on a “marketing suppression list.”
• Event RSVPs:Clicking RSVP buttons (e.g., accept, decline, cancel) in event invitations passes a tracking code to help us manage the event.

CCTV

We operate CCTV systems in and around our office premises for security purposes. Images captured by CCTV are processed in accordance with this notice and applicable data protection laws.

Call Recording

Certain calls to and from us may be recorded for training, quality assurance, and legal compliance purposes.

How We Use Your Personal Data

The way we process your personal data depends on our relationship with you. The purposes for which we collect and use your information will always be clear from the context in which it is obtained. These purposes include, but are not limited to:

1. Providing Legal Services

• Delivering our services to you or an entity you work for.
• Verifying your identity to comply with legal and regulatory requirements.

2. Service Management

• Maintaining records of the services you have subscribed to and fulfilling your requests.
• Handling administration, billing, and record-keeping.

3. Communication

• Communicating with you via telephone, email, fax, or post.

4. Legal and Regulatory Compliance

• Meeting our obligations under anti-money laundering legislation, employment law, or other legal and regulatory frameworks.

5. Improving Services

• Enhancing customer service and support.
• Administering and improving our website, operational capabilities, and internal processes.

6. Enforcement and Compliance

• Verifying or enforcing compliance with this notice and applicable laws.

7. Marketing and Updates

• Informing you of legal developments that may affect you.
• Sharing information about products, services, or events we believe may interest you (unless you have opted out of marketing communications).

8. Market Analysis and Recruitment

• Enhancing our understanding of the legal market.
• Supporting recruitment activities.

9. Event Management

• Handling your participation in webinars, processing registrations, and providing follow-up materials.

Disclosure of Your Personal Data

We will only disclose your personal information to third parties under the following circumstances:

1. Service Provision

• Sharing information to provide a product or service you have requested.

2. Client Engagement

• Disclosing information to persons or organisations that engage us to conduct legal services on their behalf, including where you are their customer.

3. Third-Party Service Providers

• Sharing information with persons or organisations that work on our behalf to deliver products or services to you. These parties are contractually obligated to:
  • Implement appropriate technical and organisational measures to protect your data.
  • Use the information solely to provide services on our behalf.

4. Legal and Regulatory Requirements

• Disclosing information to comply with the law or regulatory authority requirements.

5. Event Coordination

• With your consent, sharing your personal data with co-organisers for event coordination, including registration details, contact information, and preferences.

Legal Basis for Processing Your Personal Data

Our use of your personal data is based on one or more of the following legal grounds:

1. Contractual Necessity

• Processing necessary to perform a contract with you or to take steps at your request before entering into a contract.

2. Legitimate Interests

• Processing necessary for our legitimate interests, such as:
  • Providing legal services to an entity you work for.
  • Managing and monitoring our website.
  • Preventing fraud.
  • Promoting our business and ensuring compliance.

3. Legal and Regulatory Obligations

• Processing necessary to comply with legal and regulatory responsibilities.

If you choose not to provide your personal data, we may be unable to provide legal services or process your application for employment or other services.

Where our use of your data is not based on the above grounds, we will seek your consent (e.g., for event registrations or legal updates). You are free to refuse or withdraw consent at any time by contacting us using the details below. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

CCTV

This section explains our use of CCTV, including:

1. How we obtain your personal data.
2. The types of personal data we collect.
3. How we use your personal data.
4. The lawful basis for processing.

How We Obtain Your Personal Data

1) CCTV cameras monitor our office premises internally and externally, including:

• Reception areas, entry and exit points.
• External courtyards, underground car parks, and elevator foyers.
• ANPR (Automatic Number Plate Recognition) technology at the car park entrance.

2) Cameras operate 24/7, and data is continuously recorded.

3) Camera locations are chosen to minimise capturing irrelevant images.

4) Surveillance systems do not record sound.

How We Use Your Personal Data

1. Live images are monitored in real-time by authorised security personnel.
2. Recorded images are stored on a secure device in our security office.
3. Access to live feeds and recordings is restricted to approved staff whose roles require it (e.g., Facilities or HR staff involved in disciplinary matters).

Areas of Privacy

• Cameras are not placed in areas with a reasonable expectation of privacy (e.g., changing rooms) unless exceptional circumstances justify it.

Covert Monitoring

1. Covert monitoring (where you are unaware of surveillance) is only used in highly exceptional circumstances, such as:

• Suspected criminal activity or serious malpractice.
• When no less intrusive method is available.

2. Covert monitoring is limited in duration and scope to address the specific concern.

Types of Personal Data We Use, Legal Bases for Processing, and Data Sharing

CCTV Data

We use personal data obtained through our CCTV systems, which capture images of individuals inside and outside our office premises. This data is used to:

1. Prevent and detect crime.
2. Protect our property and the property of those using our offices.
3. Ensure the health and safety of individuals on our premises.
4. Assist in resolving disputes, including litigation.

Legal Bases for Processing CCTV Data:

1. Legitimate Interests:To protect our property, ensure safety, and prevent crime.
2. Consent:Where applicable, with the consent of the data subject.
3. Legal Obligations:To comply with relevant laws and regulations.

Sharing CCTV Data:

1. We may share CCTV footage with third parties, including:

• Other occupants or visitors to our building.
• Law enforcement agencies, where appropriate and legally justified.

2. A record of all disclosures of CCTV footage will be maintained.

Call Recording

As a law firm, we may record certain telephone calls for:

• Regulatory compliance.
• Training and quality assurance purposes.

Sharing Call Recordings:

• Call recordings may be shared with the relevant financial services business if you are (or were) their customer.

Storage and Transfer of Your Personal Data

The personal data we collect may be transferred to and stored at locations outside the United Kingdom (UK) or the European Economic Area (EEA). This may occur when:

• Staff or suppliers operating outside the UK or EEA process your data.
• Your legal matter involves international considerations or parties located overseas.

Safeguards for International Transfers:
Before transferring your data outside the UK or EEA, we will ensure:

• The transfer is secure.
• Adequate protections are in place, as required by the Data Protection Act 2018and Chapter V of the GDPR.

Retention of Your Personal Data

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, in accordance with our legal obligations.

Retention Periods:

• Hard Copy Information:Minimum of 6 years.
• Electronic/Digital Data:Minimum of 10 years.
• CCTV Footage:Retained for 120 days unless required for evidential purposes, investigations, or legal requirements.

After these periods, data is securely destroyed in line with our data destruction policy.

Links to Other Websites

This Privacy Notice applies only to our website, www.kenorris.co.uk, which is owned and operated by KEN ORRIS LLP. It does not extend to any third-party websites linked from our site. We are not responsible for the privacy practices or content of such external sites.

Your Rights Under Data Protection Law

You have several rights regarding your personal data. To exercise these rights or for any queries, contact us using the details provided under ‘Contact and Complaints’. Note that these rights may not apply in all circumstances.

1. Right of Access:

• You have the right to access the personal data we hold about you, subject to certain exceptions.

2. Right to Rectification:

• If the data we hold about you is inaccurate or incomplete, you can request corrections.

3. Right to Erasure (Right to Be Forgotten):

• You may request the deletion of your data in certain circumstances. However, this right is not absolute, and we may retain data if required for legal or contractual reasons.

4. Right to Restrict Processing:

• You can request restrictions on the processing of your data, for example, while disputing its accuracy.

5. Right to Object:

• You may object to the processing of your data based on our legitimate interests or for direct marketing and statistical analysis purposes.

6. Right to Data Portability:

• You have the right to receive and transfer your data to another controller when processing is based on consent or a contract and carried out by automated means.

IP Addresses

We may collect information about your computer, including your IP address, operating system, and browser type, for:

• System administration.
• Aggregating statistical data on browsing actions and patterns.
• This data is anonymised and does not identify any individual.

Cookies

What Are Cookies?

Cookies are small text files that are created and stored on your browser or computer’s hard drive when you visit a website. They serve various purposes, such as enabling the website to function properly, remembering your preferences, and monitoring website traffic and usage. Cookies are typically only visible to the website that created them and not to other websites.

How to Manage Cookies

Most internet browsers automatically accept cookies. However, you can manage cookies by accepting, deleting, or disabling them through your browser settings. To learn more about controlling cookies, consult your browser’s ‘Help’ menu or visit ALL ABOUT COOKIES.

To give you maximum control over cookies, we use a cookie banner that appears when you first visit our website. You can also access this banner at any time via the link at the bottom of the homepage. The banner allows you to set your preferences for specific cookies used on our website. For detailed information about the types of cookies we use, visit the cookie settings in the website footer.

Cookies We Use

We use cookies on our website for various purposes:

1. Necessary Cookies:

• Essential for the website to function properly.
• Enable basic functions like page navigation and access to secure areas.
• The website cannot operate without these cookies.

2. Preference Cookies:

• Allow the website to remember your preferences (e.g., language or region).
• Enhance your browsing experience by customising the website’s behaviour or appearance.

3. Statistics Cookies:

• Help us understand how visitors interact with our website.
• Collect and report anonymous data to improve website functionality and user experience.

4. Marketing Cookies:

• Track visitors across websites to make our content more relevant to your interests.
• Used for targeted advertising and personalised marketing.

5. Unclassified Cookies:

• Cookies that are currently being classified and will be categorised in the future.

Unless strictly necessary for the website’s functionality or communication transmission, we only place cookies with your consent. If you do not consent, you can still access and use our website, but certain features may be disabled, potentially affecting your user experience.

Advertising

KEN ORRIS LLP occasionally advertises products, services, and vacancies on third-party platforms like LinkedIn, Instagram, Facebook, etc. To target and monitor these advertisements, we use third-party cookies on our website to track which pages you interact with.

Third-Party Cookies:

• These cookies are controlled by the third-party platforms, not by us.
• If you visit third-party websites displaying our advertisements, check their cookie policies to manage your preferences.
• Some platforms allow you to opt out of targeted advertising from specific advertisers.

Security

KEN ORRIS LLP takes significant measures to ensure the security of our website and your personal information:

• Only authorised personnel and contractors have access to your data.
• We implement appropriate technical and organisational measures to protect against unauthorised access, accidental loss, destruction, or damage.
• We are Information Security certified, demonstrating our commitment to data protection.

Transmission Risks:

• While we strive to protect your data, the transmission of information over the internet is not entirely secure.
• We cannot guarantee the security of data transmitted to our website, and any transmission is at your own risk.
• Once we receive your information, we use strict procedures and security features to prevent unauthorised access.

Changes to This Notice

We may update this notice at any time by amending this page. You are encouraged to check this page periodically to stay informed of any changes, as they are binding on you. If we make significant changes to how we use your personal data, we will notify you by posting a prominent notice on our website.

Contact & Complaints

If you have any questions about how we handle your personal data, wish to exercise your rights, or want to opt out of marketing communications, please contact us:

By Post:
Risk & Compliance
KEN ORRIS LLP
2-12 Parry Place
London, SE18 6AN

By Email: admin@kenorris.co.uk

Lodging a Complaint:

You may also lodge a complaint with the Information Commissioner’s Office (ICO), if we failed to rectify the data breach within the regulatory prescribed timeline:

• Address: Information Commissioner’s Office, Water Lane, Wilmslow, SK9 5AF
• Phone: 0303 123 1113
• Website: ico.org.uk