Privacy policy.

This privacy statement explains how we collect, store and use your personal data in compliance with applicable data protection law including, where relevant, (as amended from time to time) the General Data Protection Regulation (EU) 2016/679 ("EU GDPR"), the EU GDPR as it forms part of the law of Scotland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 No. 419 ("UK GDPR") and the UK Data Protection Act 2018.

Us.

ProTech Legal (“ProTech,” “we,” “our,” or “us”). ProTech and Customer may individually be referred to as a “party” and collectively “the parties.”

You.

You (or “your”) is a reference to a data subject whose personal data we process for the purposes described in this privacy policy.

Collection of Data.

We may collect personal data:

  • directly from you when you engage with us

  • indirectly from third-party sources including your organisation, your representatives, publicly available sources, our service providers other Clifford Chance entities;

  • our clients, when we handle personal data for the purpose of providing our services;

  • regulatory bodies; and

  • and other companies providing services to us.

When we collect personal data directly from you, it is your decision whether to provide data. If you do not provide data, it may affect your use of our services or products, not allow you to remain in contact with us, to enter into contracts/agreements with us, or to exercise your rights. If you provide information to us about another person, you must comply with any legal obligations that may apply to your provision of the information to us, and allow us, where necessary, to share that information with our service providers.

Use of Data.

We will only use your personal data when applicable law allows us to. Depending on the nature and purposes of processing is carried out, our basis for processing may include:

  • pursuing our legitimate interest or those of a third party. Under the EU GDPR and the UK GDPR, the lawful basis of such processing is Article 6(1)(f) of the EU GDPR (or equivalent provisions in the UK GDPR) (i.e. the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests, fundamental rights and freedoms which require protection of personal data);

  • complying with legal obligations. Under the EU GDPR and the UK GDPR, the lawful basis of such processing is Article 6(1)(c) of the EU GDPR (or equivalent provisions in the UK GDPR) (i.e. the processing is necessary to discharge a relevant legal or regulatory obligation to which we are subject); and

  • performance of a contract. Under the EU GDPR and the UK GDPR, the lawful basis of such processing is Article 6(1)(b) of the EU GDPR (or equivalent provisions in the UK GDPR) (i.e. the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract).

We do not sell your personal information. We do not envisage your personal data will undergo any automated decision making.

To the extent that our processing of your personal data is subject to data protection legislation other than the EU or UK GDPR, the relevant legal basis are explained in the Supplementary Provisions.

Website.

When you visit our website or microsites, we automatically collect, store and use technical information about your equipment and your interaction with our website. This information is sent from your computer to us using cookies.

We collect contact and related information via our website, email and by telephone. We process this information because we have a legitimate interest in responding to enquiries.

Suppliers.

We will retain contact information, information regarding the goods or services you provide to us and billing and financial information, including billing address, bank account and payment information. We use this information to manage our supplier relationships and to comply with our contractual and legal obligations. We may also use this information to establish, exercise or defend legal claims.

Platform we use.

We will store transactional information on Notion. We do not store personal information on this platform. Notion has an impressive amount of security certifications, namely ISO 27001, ISO 27701, ISO 27017, and ISO 27018, and meets the standards we demand from our supplies. Further information is available at https://www.notion.so/security.

We use Grammarly for our correspondence. Grammarly does not use information for training third-party language models and complies with EU GDPR and UK GDPR. Further information is available at https://www.grammarly.com/privacy. If you have any concerns about this, please do let us know.

Sharing Data.

We treat your personal data with respect and do not share it with third parties, unless the following scenario applies:

  • We may share personal data with our suppliers and service providers who process personal data on our behalf to provide or support the services described in this Privacy statement and with other legal specialists, including barristers, mediators, arbitrators, consultants, experts and other law firms.

  • We may share personal information, where necessary, with courts, law enforcement regulatory authorities and government officials, where it is necessary to provide legal services, as permitted by applicable law or as required under applicable law (in which case we will notify you, unless we are prohibited from doing so or it is not possible or reasonable to do so).

  • We may also share your personal data where you have consented to us doing so. 

Protect your Data.

We are committed to protecting your personal data and have implemented appropriate technical, physical and organisational security measures.

We operate a robust information security international programme and aim to hold ISO27001 and SOC II certificates. We have a comprehensive framework of policies and procedures covering data protection, physical and information security. 

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.

Your Rights.

To the extent that our processing of your personal data is subject to the GDPR or other data protection legislation with data subject rights, you may have rights which are explained below. To exercise these rights, please contact us at dataprivacy@protech.legal

  • You have the right to ask us for a copy of your personal data. This right is subject to applicable law and relevant exemptions.

  • You can ask us to correct or complete any inaccurate or incomplete personal data.

  • You can (in certain circumstances) ask us to delete your personal data. We may be unable to delete your data if we are legally obliged to retain it.

  • You can (in certain circumstances) object to our processing of your personal data or ask us to "restrict" our use of it.

  • If you have consented to our processing of your personal data, you can withdraw your consent. 

  • You have the right to ask that personal data which you have provided to us be provided to you in machine readable format if we process that data using automated means, you have consented to its use or so that we can enter into a contract with you. 

We aim to respond to all legitimate rights requests within the relevant statutory time limits; however, where permitted by law, we may take longer if the request is complex.

Complaints.

We respect your rights and want you to be comfortable with our use of your personal data.  If you have a complaint or concern about how we use your personal data, we would like to work with you to resolve it.  You can report a concern or ask us a question. You also have the right to make a complaint to your local data protection authority using their website. If you are unsure as to who is your local data protection authority, please contact us.

If you have any queries regarding anything mentioned in this Privacy policy or want to exercise any of the rights mentioned, please contact us at:

Email: dataprivacy@protech.legal