Privacy Notice

Introduction

Welcome to Simple Legals’ privacy notice, which sets out how we collect, look after and process your personal data, together with some information about your rights, and how the law protects you.

This privacy notice applies to information we collect about visitors to our websites; our clients; attendees at our training workshops and people making enquiries about our workshops.

This privacy notice was last updated on 4 June 2019.

 

Who we are

Simple Legals is a trading name of Thackmore Limited. Full details can be found on our Legal Information page together with details about how you can contact us.

 

The personal data that we collect

We collect personal data in a number of ways:

We collect technical data about visitors to our websites including IP addresses, browser type and version, time zone setting and location, and other details using Google Analytics cookies and software. This enables us to record and analyse visitors to our website so that we can make improvements to it, and gain a better understanding of our visitors.

We will collect your personal data when you contact us, or through direct interactions with us. The nature of this data will be dependent on the circumstances, but is likely to be your contact details, and information about your business.

We collect the names and contact details of attendees of our workshops, and keep a record of who has attending which workshops. This enables us to contact you about additional workshops that may be of interest, or updates to the law that may be relevant following on from the workshop. We also keep this information for insurance and accounting purposes.

Where we are speaking at an event organised by a third party, we will ask for the attendee list to be shared with us if possible so that we can contact you as follow up to the event, for feedback, or where permitted, to let you know about other events or workshops that we are running.

 

Marketing

Where you have attended a workshop run by us or requested information about our workshops, then we may send you emails or call you regarding future events that may be of interest. If you would rather we didn’t do this, then please let us know, and there will be an ‘unsubscribe’ link on all our marketing emails.

We will also ask visitors to our site if they would like to sign up for updates and newsletters. You can change your mind at any point.

 

Sharing your personal data

We use a number of third party IT service suppliers in our business, and these third parties will be third-party data processors of your personal data. They are not allowed to use your data for their own purposes unless they, or we, tell you about it at the time the data is collected. In practice, we can’t see this happening.

Where we are co-hosting an event, then attendee lists will be shared between the hosts to enable us to run the event. This will be made clear on the event registration details.

We may also share your data where we are in the process of selling our business, or a part of it. This would form a part of any buyer’s due diligence process. For many reasons, and not just the protection of your personal data, we would insist upon any potential purchaser signing up to strict confidentiality terms and not using the data for any other purpose.

 

Transfers outside of the UK

We have made a conscious effort to ensure all our servers are based within the UK where possible, but some service providers (noticeably Google Analytics) do not offer that functionality. Where any data is to be transferred outside of the UK then:

If it is to an EU member state or EEA country, then we insist upon GDPR compliant terms being in place;

If it is outside of the EEA then we will only transfer it to a country where the European Commission have issued a finding of adequacy (i.e. the EU Commission believe the data protection laws in that country are adequate to protect your data without the need for any further action on our part) or we will use EU approved contract wording to ensure that your personal data is protected.

 

Data security

We’ve put in place a number of technical and organisational measures to secure your personal data, and to deal with any suspected personal data breach. We’re not going to publish exactly what these are (and hopefully you will understand the rationale behind this).

 

Your legal rights

Under data protection law, you have certain rights which have been summarised below:

  • The right to request access to your personal data processed by us;
  • The right to request correction of any inaccurate personal data that we hold about you;
  • The right to request erasure of your personal data held by us;
  • The right to object to our processing of your personal data;
  • The right to request a restriction of processing of your personal data;
  • The right to request the transfer of your personal data to you or a third party; and
  • The right to withdraw any consent at any time.

These rights are subject to certain limitations, but if you would like to exercise any of them, please do get in touch with us at the details found on our Contact Us page.

You do not usually have to pay a fee to exercise any of the above rights. We may need further information from you to help us confirm your identity, this is a security measure that we implement to ensure that personal data is not disclosed to the wrong person. We may also request further information to speed up our response.

We try to respond to all legitimate request within one month, but on occasions we may need to extend the deadline for response by up to two months if the information requested is particularly complex or you have made a number of requests. If this is the case we will let you know and keep you updated.

You also have the right to complain to the Information Commissioner’s Office, who are the supervisory authority for data protection law in the UK. Their website is at www.ico.org.uk and contains all relevant contact details. We would of course prefer it if you contacted us in the first instance.