Who are we and what do we do?
Briffa is a trading name of Briffa Legal Limited (BLL) and Briffa LLP (BLLP). BLL is a firm of solicitors operating in the UK as a company; registered in England and Wales under company no. 07655999; authorised to practice law by the Law Society of England and Wales; and regulated by the Solicitors Regulation Authority (SRA) under SRA no. 561243. BLLP is a firm of solicitors operating in Ireland as an LLP; registered in Ireland under LLP no. 1262599; authorised to practice law by the Law Society of Ireland; and regulated by the Legal Services Regulatory Authority (LSRA).
We collect, use and are responsible for certain personal data about you. When we do so we are subject to: (a) the UK General Data Protection Regulation (UK GDPR) in relation to services we offer to individuals and our operations in the United Kingdom; and/or (b) to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals and our operations in the European Economic Area (EEA).
Our services and website are not aimed specifically at children. If you are a child and you want further information about how we might use your data, please contact us (see ‘How to contact us’).
The following list sets out some of the key terms we use in this policy:
- We, us, our means BLL and/or BLLP and/or other entities within the Briffa group;
- Personal data means any information relating to an identified or identifiable individual;
- Special category personal data means personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic data, biometric data (where used for identification purposes) and data concerning health, sex life or sexual orientation; and
- Data subject means the individual who the personal data relates to.
Personal data we collect about you
The following list sets out the personal data we will or may collect in the course of providing services to you (depending on the circumstances and depending on why you have instructed us):
- Your name, address and telephone number;
- Information to enable us to check and verify your identity, e.g. your date of birth or passport details;
- Electronic contact details, e.g. your email address and mobile phone number;
- Information relating to the matter in which you are seeking our advice or representation;
- Information to enable us to undertake a credit or other financial checks on you;
- Your financial details so far as relevant to your instructions, e.g. the source of your funds if you are instructing on a purchase transaction;
- Your bank and/or building society details, e.g. if necessary to return money to you;
- Information about your use of our IT, communication and other systems, and other monitoring information, e.g. if using our secure online client portal;
- Details of your spouse/partner or other family members, e.g. if you instruct us that someone else is paying our invoices on your behalf;
- Details of your online presence, e.g. your LinkedIn, Facebook, Twitter or Instagram profile (which may be relevant to the investigation of an online trade mark or copyright dispute);
- Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information, e.g. if you instruct us on a matter in which your nationality is relevant (your nationality may be relevant to the subsistence of copyright or unregistered design rights);
- Your employment records including, where relevant, records relating to status, job title, salary, benefits, National Insurance and tax details, sickness and attendance, performance, disciplinary, conduct and grievances, e.g. if you instruct us on matter in which your employment status or income is relevant (employment status may be relevant to the subsistence of copyright, unregistered design rights and other intellectual property rights).
We only collect and use this personal data to provide services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing those services.
How your personal data is collected
We collect most of the above information directly from you. However, we may also collect information:
- from publicly accessible sources, e.g. Companies House or HM Land Registry;
- directly from a third party, e.g. sanctions screening providers, credit reference agencies, client due diligence providers;
- from a third party with your consent, e.g. your bank or building society, another financial institution or advisor, your employer and/or trade union,
- professional body or pension administrators, your doctors, medical and occupational health professionals; and
How and why we use personal data
Under data protection law, we can only use your personal data if we have a proper reason, e.g.
- you have given consent (where we need your consent, we will ask for it separately and you can withdraw consent at any time);
- to comply with our legal and regulatory obligations;
- to fulfil our contract with you or take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.
The following list sets out what we use your personal data for and why:
- Providing services to you – To fulfil our contract with you or to take steps at your request before entering into a contract;
- Preventing and detecting fraud against you or us – For our legitimate interest, i.e. to minimise fraud that could be damaging for you and/or us;
- Conducting checks to identify our clients and verify their identity and screening for financial and other sanctions or embargoes – Depending on the circumstances, to comply with our legal and regulatory obligations or for our legitimate interests;
- To enforce legal rights or defend or undertake legal proceedings – Depending on the circumstances, to comply with our legal and regulatory obligations or for our legitimate interests, i.e. to protect our business, interests and rights.
- Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies – To comply with our legal and regulatory obligations;
- Ensuring internal business policies are complied with, e.g. policies covering security and internet use – For our legitimate interests, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you;
- Operational reasons, such as improving efficiency, training and quality control – For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price;
- Ensuring the confidentiality of commercially sensitive information – Depending on the circumstances, for our legitimate interests, i.e. to protect intellectual property rights, trade secrets and other commercially valuable information or to comply with our legal and regulatory obligations;
- Statistical analysis to help us manage our business, e.g. in relation to our financial performance, client base, services range or other efficiency measures – For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price;
- Protecting the security of systems and data used to provide services, preventing unauthorised access and changes to our systems – Depending on the circumstances, for our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you and/or us or to comply with our legal and regulatory obligations;
- Updating and enhancing client records – Depending on the circumstances, to fulfil our contract with you or to take steps at your request before entering into a contract, to comply with our legal and regulatory obligations or for our legitimate interests, e.g. making sure we can keep in touch with our clients about existing and new services;
- Ensuring safe working practices, staff administration and assessments – Depending on the circumstances, to comply with our legal and regulatory obligations or for our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you;
- Marketing our services to existing and former clients and third parties – Depending on the circumstances, for our legitimate interests, i.e. to promote our business or consent;
- Credit reference checks via external credit reference agencies – For our legitimate interests, i.e. to ensure our clients are likely to be able to pay for our services; and
- To share your personal data with entities in the Briffa group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale or in the event of our insolvency (in such cases information will be anonymised where possible and only shared where necessary)
- Depending on the circumstances, to comply with our legal and regulatory obligations or in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets.
Where we process special category personal data (see ‘Key terms’), we will also ensure we are permitted to do so under data protection laws, e.g. we have your explicit consent, the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent, the processing is necessary to establish, exercise or defend legal claims; or the processing is necessary for reasons of substantial public interest.
We may use your personal data to send you updates about our services (e.g. our monthly newsletter). We have a legitimate interest in using your personal data for marketing purposes (see ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. Where this is not the case, we will always ask for your consent.
In all cases, you have the right to opt out of receiving marketing communications at any time by contacting us at email@example.com.
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
Who we share your personal data with
We routinely share personal data with:
- entities within the Briffa group;
- information technology (IT) service providers, e.g. our IT support service providers (Workplace Connect), our website service providers (Searchmode), our lead, client and document management service providers (Pipedrive and Clio), our email management service providers (Microsoft Office and MailStore), our invoicing and accounting software service providers (Clio and QuickBooks), our payment processing service providers (PayPal) and our intellectual property formalities management software service providers (Cautus).
- third-party external advisors or experts engaged in the course of providing services to you, e.g. solicitors, barristers, patent attorneys, accountants, tax advisors, investigators and intellectual property searching and screening service providers (Corsearch);
- other third parties we use to help promote our business, e.g. marketing service providers (Mailchimp);
- third parties approved by you, e.g. LinkedIn, Facebook, Twitter, Instagram and any other social media sites you choose to link your account to; and
- our accounting, banking and insurance service providers.
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We or the third parties mentioned above may also share personal data with:
- our and their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
- our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations; and
- law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
Where your personal data is held
Personal data may be held at our offices and those of entities within the Briffa group, third-party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).
Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this occurs, see ‘Transferring your personal data abroad’.
How long your personal data will be kept
We will not keep your personal data for longer than we need it for the purpose for which it was collected or as required by law.
As a general rule, we will keep your personal data for at least 10 years from the conclusion of your matter, in case you decide to renew the intellectual property rights we manage on your behalf (e.g. trade marks filed in most territories are renewable every 10 years) or in case you, or we, need to bring or defend any complaints or claims (e.g. the limitation period for most contract and tort claims is 6 years). However, different retention periods may apply for different types of personal data and for different services.
Transferring your personal data abroad
It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA (e.g. where we instruct overseas lawyers on your behalf to assist us with the management of your international trade mark portfolio). This may include countries which do not provide the same level of protection of personal data as the UK or EEA.
We will transfer your personal data outside the UK and EEA only where:
- the UK government or European Commission has decided the recipient country ensures an adequate level of protection of personal data (known as an adequacy decision); or
- there are appropriate safeguards in place (e.g. an international data transfer agreement or standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you; or
- a specific exception applies under data protection law.
You can contact us (see ‘How to contact us’) if you would like a list of countries benefiting from a UK or European adequacy decision or for any other information about protection of personal data when it is transferred abroad.
The following list set out your rights in relation to your personal data, which you can exercise free of charge:
- Access – The right to be provided with a copy of your personal data;
- Rectification – The right to require us to correct any mistakes in your personal data;
- Erasure (also known as the right to be forgotten) – The right to require us to delete your personal data in certain situations;
- Restriction of processing – The right to require us to restrict processing of your personal data in certain situations, e.g. if you contest the accuracy of the data;
- Data portability – The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations;
- To object – The right to object at any time to your personal data being processed for direct marketing (including profiling) and in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims;
- Not to be subject to automated individual decision making – The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you; and
- The right to withdraw consent – If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.
If you would like to exercise any of those rights, please contact us at firstname.lastname@example.org and let us know what right you want to exercise and provide us with sufficient information to investigate and action your request.
Keeping your personal data secure
We have implemented appropriate technical and organisational measures to keep your personal data confidential and secure from unauthorised access, use and disclosure. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We require our business partners, suppliers and other third parties to implement appropriate security measures to protect personal data from unauthorised access, use and disclosure.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator) and/or the relevant supervisory authority in your jurisdiction. Please contact us if you would like further information.
Updating your personal data
We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your name or address.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider. This information helps us to understand how our website is used and to make improvements.
We will ask for your permission to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.
The following table sets out information about the cookies we use and why:
|The cookies we use
|Whether cookie is essential for us to provide you with a service that you have requested and whether we will seek your consent before we place the cookies
|Google Tag Manager
|_ga, _gat, gid
|Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
|Yes, essential (we will therefore not request your consent before placing this cookie)
|Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.
|Yes, essential (we will therefore not request your consent before placing this cookie)
If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.
For further information on cookies generally, including how to control, manage and disable them, please review the guidance on cookies published by the UK Information Commissioner’s Office (www.ico.org.uk) or visit www.aboutcookies.org or www.allaboutcookies.org.
How to contact us
Individuals in the UK
Business Design Centre, 52 Upper Street, London N1 0QH, UK
Individuals in the EEA
Waterfront Square, 1 Horgan’s Quay, Cork T23 PPT8, Ireland