Processing Personal Data Standards
1. Scope and Purpose
- 1.1 These Standards for processing Personal Data and Sensitive Data (the “ Standards”) relate to information about persons who can be identified from that information, whether directly or indirectly, and in particular by reference to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity ( “Personal Data”).
- 1.2 The Standards define the standards applicable to EC3 Consultants in relation to Personal Data:
- that is processed by the firm; and
- the processing of which is subject to regulation by legislation implementing the Act.
- 1.3 The Standards apply to the processing of Personal Data by EC3 Consultants in the United Kingdom only.
In these Standards the following terms and expressions have the following meanings set:
“EC3 Consultants LLP”means the limited liability partnership established under English law whose registered office is at 4th Floor, 106 Leadenhall Street, London, EC3A 4AA;
“Personal Data”, “Sensitive Data”, “Data Subject”, “process/processing”, “Data Controller” and “Data Processor”shall each have the same meanings as are given to them in the Act.
3. Access to the Standards
The Standards will be made available on the Firm’s website. Any queries in respect of the Standards should be addressed to the following:Postal Address:
Sara Ager - Partner
EC3 Consultants LLP
106 Leadenhall Street
4. Standards Infrastructure
EC3 Consultants will ensure that sufficient resource is provided to maintain compliance with the Standards, and those who have access to Personal Data, or who are involved in the collection of Personal Data, are properly trained in respect of the Standards.
5. Processing Principles
EC3 Consultants shall:
- only process Personal Data for purposes permitted by applicable data protection laws;
- process Personal Data fairly and lawfully;
- when notified of a change to Personal Data, update its records in accordance with legal requirements;
- adopt appropriate measures to retain Personal Data for no longer than is appropriate for the purposes for which it was collected, unless the Personal Data is otherwise required to be kept by relevant legal requirements or regulation;
- obtain Personal Data only for one or more specified and lawful purposes, and shall not further process the Personal Data in any manner incompatible with that purpose or those purposes; and
- only process Personal Data which is adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed
Whilst it is unlikely, EC3 Consultants may be required to disclose Personal Data to comply with legal or regulatory requirements such as anti-money laundering regulations or the rules of the Solicitors Regulation Authority. EC3 Consultants will use reasonable endeavours to notify you before it does this, unless it is legally restricted from doing so.
6. Rights of Individuals
EC3 Consultants shall provide, upon written request from an individual, all Personal Data processed by EC3 Consultants, in relation to the relevant individual. EC3 Consultants shall be entitles to charge a reasonable fee for the provision of copies of Personal Data requested by such individuals. EC3 Consultants shall respect individuals’ statutory rights as to how their data is processed, and shall amend, update or delete, as appropriate or upon notification, any Personal Data which is found to be incorrect or inaccurate.
EC3 Consultants shall take reasonable technical and organisational measures with a view to protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access.
EC3 Consultants shall not sell, rent, distribute or otherwise make Personal and Sensitive Data commercially available to any third party, except as described in the Standards or with your prior permission.
8. Third Party Processing of Personal Data
Before EC3 Consultants transfers Personal Data to a third party in furtherance of an outsourcing or other data processing arrangement or uses the services of a third party to process Personal Data on its own behalf, it shall ensure that where the third party acts as a Data Processor it is contractually bound to only process Personal Data in accordance with the firm’s requirements and instructions.
- 9.1 EC3 Consultants shall not use Personal Data to send marketing information to any individual (including any employee) who has requested not to receive marketing material.
- 9.2 If an individual requests EC3 Consultants to stop processing their Personal Data for direct marketing purposes, EC3 Consultants shall stop processing the Personal Data for those purposes with immediate effect.
- 9.3 On occasions EC3 Consultants will share your information with EC3 Legal, or with third parties who provide services on your behalf. However, we will always take appropriate steps to ensure that all third parties protect your data adequately. By providing us with your email address you are deemed to have given us your authority to share your data with EC3 Legal or any third parties.
If an individual has any query or concern in relation to EC3 Consultants compliance with the Standards please contact the firm using the contact details in paragraph 3 above.
11. Updating the Standards
EC3 Consultants reserves the right to amend the Standards at any time.