Introduction and purpose
This privacy notice serves to communicate:
- The data that we process about you (clients, designers, third parties etc.)
- Our reasoning of data collection
- The period of time we hold on to your data
- The lawful basis of the data collection (GDPR compliance), and your rights in regards to your data
This notice applies to current and former clients, IP holders/inventors/designers, subscribers, and to those third parties intending to become clients and subscribers.
This policy does not form part of any contract that you may have with the Firm. It is provided for information purposes only.
Types of data
We collect and store:
- Identity info: name, email address, phone number, company you work for, job title, our relation to the client etc.
- Technical information (IP address, location, operating system, browser type) and behavioural information (pages visited, length of visit, number of times visiting pages
- Marketing preferences
- And any other relevant information you provide (limited to data that would be pertinent to our relationship)
We collect data from clients via their submission of data – from the beginning of our relationship and during – through using our site/submission form on our website, phone conversation, email (including those working on behalf of a group/person/organisation).
We use social media to collect personal data from clients/subscribers through interactions (Twitter, Facebook, Linkedin) and public sources.
We do not collect data that would be of no relevance to our professional relationship (sensitive personal data).
How your data is used
Our data collection, processing and usage is governed by what the law allows us to. This is adhered to in the following ways:
Receiving confirmation of consent of data collection, attained through confirmed marketing preferences or providing of updates through social media.
The necessity to undergo a client/contractual or legal obligation
To accomplish/progress a business objective/interest (first or third party), in the event that the information’s usage won’t override the interests/rights of the individual.
Below, we have set out why we use your personal data and the lawful bases which are relevant to those purposes. We use your personal data to:
|Activity requiring your data||Lawful basis|
|Conducting compliance checks that we are required to carry out by law, these include conflict of interest.||A legal obligation to conduct these checks.|
|Communicating with you in the course of our engagement. This includes taking your instructions, providing legal advice and invoicing our fees and disbursements.||To perform our contract for services with you.|
|Managing our relationship with you.||To pursue our legitimate interests in creating and maintaining relationships with you.|
|Marketing purposes. This includes contacting you with relevant newsletters, bulletins and other information about our services, and inviting you to events.||Consent and our legitimate interest in ensuring that our clients are informed of important changes to IP law and practice.
We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. You will be given clear instructions on the desired processing activity, informed of the consequences of your consent and of your clear right to withdraw consent at any time.
You have the right to withdraw this consent or amend your marketing preferences at any time by contacting office@JOSHI-IP.LAW.
|Operating our social media accounts on Twitter and LinkedIn.||To pursue our legitimate interest in maintaining a social media presence.|
|IT security and to ensure compliance with our IT and communications policies.||Our legitimate interests in securing our information and systems.|
|Providing Intellectual Property Offices and firms of patent and trade mark attorneys within and outside the EU with information legally required for processing of patent, trade mark and other IP applications.||It is legally necessary to provide this information to such third parties in the course of applying for intellectual property protection.|
Data sharing/third parties
We share your data with third parties, such as Intellectual Property Offices and trade mark attorneys.
We operate with our third parties under a data processing agreement to ensure the necessary measures are in place to align their handling of data and data protection with ours. This involves only using it for issues pertaining to the client through our instruction (i.e. IP protection), and not their own purposes.
We may also need to share your personal information with a regulator to comply with the law. You can find more information about the handling of data protection between us and US third parties here.
Failure to provide personal information
Providing relevant personal information facilitates our ability to perform our contract with you/failure to do so could prevent us from doing so. Our ability to fulfil other interests (i.e. social media interaction) can also hinge on data collection. Our ability to engage with clients is largely contingent on the personal data we’re able to collect.
Data Protection Principles
Personal data we collect is processed and handled under GDPR principles. This governance ensures that:
- a) processing is fair, lawful and transparent
- b) data is collected for specific, explicit, and legitimate purposes
- c) data collected is relevant and limited to what is necessary for the purposes of processing
- d) data is kept accurate and up to date (to a reasonable extent, with steps taken to remove inaccurate/outdated data)
- e) data is not kept for longer than is necessary
- f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- g) we comply with the relevant GDPR procedures for international transferring of personal data
Alongside our security measures implemented to protect personal information (preventing unauthorised access), we limit the scope of information accessed by/provided to third parties to the extent of what’s required, who process the information based on our instructions. These third parties are subject to a duty of confidentiality.
We log any data breaches we discover. Breaches are reported to the Information Commissioner within 72 hours and inform the subject(s) to the breach (both where legally required).
We store your personal information for a variable amount of time, depending on the salient purpose of data collection being met. This means that we hold on to your contact data after informing us of your unsubscription so ensure you are to not be contacted. This also includes holding on to data for as long as your intellectual property holds protections and/or an additional 7 year period post our relationship.
Data Protection Contact
A Compliance Officer for Data Protection (CODP) ensures the adherence to the compliance with this policy. If you have any questions about this policy or how we handle personal information, please contact the CODP in writing using the details below.
Email address: office@JOSHI-IP.LAW
Automated decision making
We use a limited level of automated decision making. This never consumes more than a partial consideration (all potentially significant decisions involve human decision making).
Changes to your data
You can ensure our data records are accurate by emailing office@JOSHI-IP.LAW
By law you may have the right to:
- a) be informed about the data we hold on you and what we do with it;
- b) access to the data we hold on you. You can request access to the data we hold on you at any time, by emailing office@JOSHI-IP.LAW.
- c) any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
- d) have data deleted in certain circumstances. This is also known as ‘erasure’;
- e) restrict the processing of the data;
- f) transfer the data we hold on you to another party. This is also known as ‘portability’;
- g) object to the inclusion of any information;
- h) regulate any automated decision-making and profiling of personal data.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer a copy of your personal information to another party or request the reconsideration of an automated decision, please contact our CODP by emailing: office@JOSHI-IP.LAW.
Generally, accessing your personal information (or to exercise any of the other rights) bears no fees. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
As a security precaution, we may request identifying information to ensure access to information isn’t provided to those who don’t hold rights to the information.
You hold the right to withdraw your consent (where provided) to collection of specific information by contacting our CODP at office@JOSHI-IP.LAW. Once we have been informed of your updated consent, we will accordingly process data under the new guidelines of your consent.
Making a complaint
Please contact our CODP at office@JOSHI-IP.LAW if you have any concerns or queries over our use and processing of your data.
Otherwise if you believe your data rights have been infringed, the Information Commissioner will be able to assist you with a complaint
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can find their contact details here.
Changes to this policy
We reserve the right to update this policy at any time and we will provide you with a new policy when we make substantial updates.