2k Tiger (2kT) is committed to respecting your privacy and protecting confidential and privileged information. We take our obligations in relation to personal data seriously.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)) and other applicable data protection law, this privacy notice contains information about what personal data we collect and store, and why. It also tells you how we collect your data, who we share this information with, the measures we have put in place to protect your data, the rights and options that you have, and how to contact us if you have a complaint.
Who are we?
2kT is a firm and any individual member who collects personal data and uses it is responsible for personal information about you and is regarded as an independent data controller of your personal data.
Your data will be controlled by the individual legal entity that is providing services to you.
When do we collect your personal data?
We collect personal data:
- When you or your organisation seek legal services from us.
- When we provide you or your organisation with legal services.
- When you your organisation provide, or offer to provide, services to us.
- When you correspond with us in any manner.
- When you or your organisation interacts with us and/or our website or makes an enquiry through the same.
- When you attend our seminars, training or other events or sign up to receive communications from us, including newsletters.
- When we make enquiries from third party sources such as regulatory agencies, government agencies, online information service providers or from publicly available records.
- When we view or consider information that you or your organisation make available publicly, for example on a firm’s website or LinkedIn.
What personal data do we collect?
When providing and carrying out legal services we may collect some or all of the following personal information:
For use in our internal case-management systems:
- Your name, address, telephone number, email address or contact details, job title, and other personal data relevant to our offering to or providing our services.
- Financial and payment information necessary for administering payment to us and our accounting systems.
- Business information, including information provided in the course of the contractual or client relationship between you or your organisation and us, or otherwise voluntarily provided by you or your organisation.
- Diary and appointment data relating to details of your visits to our premises or visits by members of chambers to your premises or other meetings or appointments relevant to the provision of legal services (e.g. attendance details at court hearings or arbitrations);
- Data from third party sources such as regulatory agencies, government agencies, online information service providers or from publicly available records and personal data that is available publicly, for example on a firm’s website or LinkedIn.
- As part of providing or carrying out legal services: Personal information such as name, telephone number and contact details, job title or role, employment history, educational or professional background, and nationality, as well as (depending on the nature of the relevant legal case or issue) special category data, including personal information relating to racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences, or genetic or biometric data. We may collect this information about you or other members of your organisation or in relation to third parties relevant to the provision of legal services.
- When carrying our very limited marketing (such as events and newsletters), we collect information such as your name, address, telephone number, email address or contact details and job title, including from publicly available sources.
Use of your personal data
We use your personal information for the following purposes:
- To carry out conflict checks.
- To offer you or your organisation legal services.
- To register you or your organisation as a client.
- To provide and administer legal services, as instructed by you or your organisation.
- To administer and manage our relationship with you, including billing, processing payments, accounting, and fee collection and activities linked to the professional relationship with your or your organisation.
- To comply with our legal obligations, including maintaining records, or conducting any necessary checks (e.g. anti-money laundering, fraud and crime prevention and detection, or in relation to international or trade sanctions).
- To monitor compliance with our policies and standards.
- To manage access to our premises and for security purposes (including at any events that we organise).
- To protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities.
- To exercise or defend our legal rights, or to comply with the order of any court or other judicial authority or arbitral body.
- To communicate with you to invite you to our events and to keep you up-to-date on legal developments and topics of interest or announcements about members of chambers, and for other marketing and information purposes.
- For other purposes ancillary to any of the above or any other specific purposes for which your personal data was provided to us.
The legal basis we rely on for processing your information is:
- Because it is necessary for us to do so to perform your instructions or another contract with you or your organisation.
- To comply with our professional, regulatory and legal obligations as well as to keep records of our compliance processes or other records.
- Because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
- Because you have expressly given us your consent to process your personal data in that manner.
Please note that the majority of our processing of personal data will be covered by legal professional privilege.
Who will we share your personal data with?
- We have relationships with a number of third parties that we routinely share data with in connection with the legal services we provide or the marketing of T or the provision of legal updates (such as any newsletters) and training. A list of these third parties can be provided on request.
- With law enforcement authorities and regulators if required by applicable law.
Transfers of personal data out of the European Economic Area
- You should be aware that we operate on a worldwide basis and some of our members frequently work or are based overseas. In the course of providing legal services or administering our practices, it may be necessary to transfer your personal information out of the European Economic Area (“EEA”) when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims. We will take appropriate measures to safeguard the security of any information transferred out of the EEA and to protect your privacy rights.
If you would like any further information please contact us at: email@example.com [“SUBJECT: PRIVACY”]
How long will we store your personal data?
We will hold your personal data for as long as necessary to fulfil the purposes that it was collected it for.
In general that means that personal data in relation to any specific legal case or legal service provided will be retained for a period long enough to satisfying any legal, accounting, or reporting requirements or to provide protection for us in relation to any complaint or legal claim, or as necessary in relation to any past, ongoing or potential dispute which is the subject of the legal service.
In relation to the very limited information necessary to conduct conflict checks, we are required to retain this data indefinitely in order to comply with our professional, regulatory and legal obligations. Such data is limited to your name (only if you were an individual client) or the name of your organisation (which is not personal data in any event).
For marketing purposes, we retain limited information (name, job title, and contact details) for longer periods.
We periodically review our retention of personal data. In relation to specific cases or legal services we consider any departure from our general policy on a case by case basis. In order to decide on the appropriate period to retain any personal data, we take into account the nature, extent and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which it was collected and will be processed and whether there is an appropriate way of achieving our legitimate purpose through other means.
At the end of the retention period we will securely destroy your personal data in accordance with our obligations under applicable laws and in accordance with any relevant guidance.
Where we rely on your explicit consent to the processing of your personal data, this is contained in any contractual terms agreed with a member or members of chambers or other explicit privacy consent obtained during the process of instructing us to provide or carry out legal services.
You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. In order to request to withdraw your consent, please contact us with relevant details at the email address below.
You are entitled to view, amend, or delete the personal data that we hold.
Under the GDPR, you have a number of important rights:
- Transparency over how we use your personal data and fair processing of it.
- To receive a copy of the personal data that we hold about you upon request, unless there is a legal reason for non-disclosure, or disclosure would reveal the personal data of a third party.
- Request that we correct any mistakes or incomplete personal data we hold about you.
- To object to your personal data being used in direct marketing, and opt out. In certain circumstances you may ask for your personal data to be erased.
- Receive a copy of the personal information you have provided to us or have this information sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format.
- Restrict our processing of your personal information in certain circumstances.
If you want to exercise any of these rights, or to inform us of any changes to your personal data, please email us at: firstname.lastname@example.org [“SUBJECT: PRIVACY”], stating the right or rights that you wish to exercise. We will respond to you within one month from when we receive your request. If you wish to unsubscribe from any email invitations or updates you can do so by following unsubscribe contained in any periodic newsletter.
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR. The ICO website is at ico.org.uk.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this change, this notice will be updated.
Changes to this privacy notice
We periodically review our internal privacy practices and may change this policy from time to time. When we do we will inform you by on our website.
If you have any questions about this privacy notice or the information we hold about you, please contact us on email@example.com [“SUBJECT: PRIVACY”],.
How to make a complaint?The GDPR gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) State where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office.