This Privacy Policy explains what we do with your personal data at Oyster Law and your rights.
WHO ARE WE?
We are Oyster Law Limited (“Oyster Law”) a limited liability company registered in England & Wales with company number 15336564. Our registered office is c/o RNS Accountants, 50-54 Oswald Road, Scunthorpe, United Kingdom, DN15 7PQ. If you need to contact us, please email us at [email protected]
WHAT DO WE DO WITH YOUR PERSONAL DATA AND WHAT IS OUR LEGAL BASIS FOR DOING IT
We use personal data in a few different ways:
Carrying out our work for our clients
In doing legal work for clients, we need to process the names and business contact details of the people we work with. We might also need to process information about customers and suppliers who clients work with so we can communicate with them. We do this on the basis of our legitimate interest in doing so.
We keep names, contact details, correspondence and other documents which form part of our files during a client engagement and for 6 years after a client engagement ends, or if later, for as long as required by our insurers or the law.
Promotion of Oyster Law
We promote our business through the channels you would expect, such as personal networking, online research, and searching for leads using social media such as LinkedIn. In the course of doing that, we will either be given or will find out from publicly available sources the names and business contact details of people with who work at businesses we think could be interested in our services, or who could act as a source of referrals. We will then use those contact details to reach out to them to see if they might be interested.
We do this on the basis of our legitimate interest in promoting our services to businesses. We will always honour requests to stop contacting people in this way.
We will keep data gathered for this purpose until the business in question becomes a client (in which case we will continue processing that data as necessary for that purpose) or it becomes clear that there is no prospect of its becoming a client, which we determine based on when the last contact took place and what the outcome of that contact was (for example, if they asked us to stop contacting them).
Providing updates and similar
Sometimes we may email legal updates or newsletters to clients. You can unsubscribe from these communications at any time. We send such emails on the basis of our legitimate interest.
Complying with our legal obligations
As lawyers we have to maintain certain records and perform “Know Your Client” checks to make sure we know who our clients are. We must help prevent money laundering and ensure that our clients do not appear on sanctions lists. If you work for or are a beneficial owner of one of our clients, we may ask you to provide us with information about ultimate ownership or sources of funds, or copies of identity documents like passports and driving licences. We will only use that information for compliance purposes. You do not have to provide that information, but if you don’t then we may not be able to work with you.
From time to time the law can require us to do other things with personal data. For example, we may be required to share information with UK government authorities. We do this on the basis that it is necessary to comply with our legal obligations. We keep this information during a client engagement and for 6 years after a client engagement ends, or if later, for as long as required by our insurers or the law.
Administration of our business
In operating and administering our business we will process the names and business contact information of contacts at our clients, suppliers and the other organisations we work with, for example to send them an invoice. We do this on the basis of our legitimate interest in operating and administering our business.
We keep those names and contact details together with any correspondence and other documents in which they appear as part of our business records during a client engagement and for 6 years after a client engagement ends, or if later, for as long as required by our insurers or the law.
Our website
Our website (www.oysterlaw.co.uk) logs information about which pages are viewed and when, which IP address requested them and some technical information about the device used. We use that data to fix problems with the website and improve visitor experience and to help us understand how it is used. We do this on the basis of our legitimate interests in fixing problems with, and improving, our website and in understanding how it is used.
Our website only uses cookies and similar technologies to deliver essential functions.
THIRD PARTIES WE SHARE PERSONAL DATA WITH
Generally, the only third parties we share personal data with are our suppliers, where it’s necessary to their service to do something with that data on our behalf. They do that as our “processors”, under contracts which (among other things) require them to keep the data safe and not to use it for other purposes.
TRANSFERRING PERSONAL DATA OVERSEAS
We may transfer, store, and process your information in countries other than the UK. Whenever we do transfer your information outside of the UK, we will take all reasonably practicable measures to protect it in accordance with this Privacy Policy and all applicable laws. Otherwise, we only send personal data overseas on your instructions or incidentally in the course of providing you with advice.
YOUR RIGHTS AND HOW TO EXERCISE THEM
UK and EU data protection laws give you certain rights over your personal data, which we summarise below. If you would like to exercise any of these rights, you can contact us at [email protected].
Your right of access. You have a right to a copy of information that we hold about you. That right has certain exceptions designed to protect the rights of others. For example, we may decline to give you information on the grounds of client confidentiality or legal professional privilege.
Your right of correction. You have the right to have information about you corrected if it is factually inaccurate or incomplete.
Your right of erasure. In some limited circumstances, you have the right to have information about you deleted, generally if we no longer have a valid basis for keeping it.
Your right to have processing restricted. In some limited circumstances, chiefly in connection with a dispute or complaint about how we handle your data, you have the right to restrict what we do with that data.
Your right to object. If we are processing your personal data on the basis of our legitimate interests, then you have the right to object to that, and we must assess whether we have a good reason to continue which outweighs that objection. In the case of direct marketing (e.g. newsletters), your right to object is absolute.
Your right to data portability. If we are carrying out automated processing of information that you have given us, and we are doing that with your consent, then you have the right to have a copy of that data provided to you in a commonly used electronic format.
Your right to complain. If you are unhappy with how we have handled your personal data, you have the right to complain to your local data protection authority, which in the UK is the Information Commissioner’s Office. If you are based in the EU, then you can find the contact details for your local supervisory authority on the website of the European Data Protection Board.
You can read more about your rights on the ICO’s website.
This Privacy Policy was last updated on 1st March 2024.