Emma Charnock, Senior Associate, Provenio Business Litigation

Emma Charnock

Senior Associate
Emma has extensive experience advising
clients in respect of complex
high value commercial litigation
across numerous sectors.
Her practice covers a broad range of disputes
including professional negligence and
breach of contract claims, as well as
shareholder and partnership disputes.

She has acted for corporates,
pension schemes, banks, a professional
football club, local governments and
investors, amongst others.

Emma provides tailored
and strategic commercial advice
to ensure clients achieve the best
possible outcome in accordance with
their commercial objectives through working
with them at an early stage,
as well as through all stages
of the litigation process, including
alternative dispute resolution.

Emma was seconded to the litigation team
of a big four clearing bank and also
to the Information Commissioner’s Office
as part of the Enforcement Team investigating
the use of personal data and data analytics
to the activities of Facebook
and Cambridge Analytica.

Emma is also chair of Merseyside
Young Professionals.

Emma joined Provenio Litigation LLP
in November 2019 after seven years
at DLA Piper’s Liverpool office.

emma.charnock@proveniolaw.com
0151 305 4146
Great people to have on your side, Provenio Business Litigation
Provenio Litigation LLP is a limited liability partnership
registered in England and Wales
with. registration number OC421348.
It is authorised and regulated by
Solicitors Regulation Authority with SRA number 649008.
A list of members is open for inspection at its
registered office above.
Partner denotes member of a limited liability partnership.
Notice: the firm does not accept service by email
of court proceedings other processes or formal notices of any
kind without specific prior written agreement.
Provenio Litigation LLP is a limited liability partnership registered in England and Wales with
registration number OC421348.
It is authorised and regulated by Solicitors Regulation Authority with SRA number 649008.
A list of members is open for inspection at its registered office above.
Partner denotes member of a limited liability partnership.
Notice: the firm does not accept service by email of court proceedings other processes or formal notices of any
kind without specific prior written agreement.
Privacy Policy
Complaints Section
PROVENIO LITIGATION LLP PRIVACY POLICY

Introduction

Provenio Litigation LLP (“we”, “our”, “us”, “the
Firm”) respects your privacy and is committed
to protecting your personal data. This privacy
policy describes how we collect and use
personal information about you.

This privacy policy is provided in a layered
format so you can click through to the specific
areas set out below.
Please also use the Glossary to understand the
meaning of some of the terms used in this
privacy policy.

IMPORTANT INFORMATION AND
WHO WE ARE
THE DATA WE COLLECT ABOUT YOU HOW IS YOUR PERSONAL DATA
COLLECTED?
HOW WE USE YOUR PERSONAL DATA DISCLOSURE OF YOUR PERSONAL DATA DATA SECURITY DATA RETENTION YOUR RIGHTS GLOSSARY

For the purposes of this policy:

“Clients” includes natural persons who have
engaged us to provide legal advice to them in
their personal capacity;

“Authorised Persons” includes natural persons
who have instructed us on behalf of a company,
partnership, trust, estate, agency, department,
corporate body of any description or any other
group or organisation; and

“Subscribers” includes
natural persons that have signed up to one
of our newsletters or bulletins, have
attended or registered to attend one of our
events or follow us on social media.

IMPORTANT INFORMATION AND
WHO WE ARE

This policy applies to the personal data of past
and present Clients, Authorised Persons and
Subscribers. Please note that you may fall in to
more than one of these categories so we may
hold your personal data in a number of
capacities. If you are a past or present
employee, member or consultant of the firm,
we will hold further personal data about you.

This policy does not form part of any contract
hat you may have with the Firm. It is provided
or information purposes only.

Controller

Provenio Litigation LLP is a ‘data controller’ and
responsible for deciding how we hold and use
your personal data. We are required under data
protection laws to notify you of the information
contained in this policy.

Contact Details

For further details please contact
data@proveniolaw.com or write to us at:
Data Protection, Provenio Litigation LLP, 7th Floor,
Walker House, Exchange Flags,
Liverpool L2 3YL.

You have the right to make a complaint at any
time to the Information Commissioner’s Office
(ICO), the UK supervisory authority for data
protection issues (www.ico.org.uk).
We would, however, appreciate the chance
to deal with your concerns before you
approach the ICO so please contact us in the
first instance.

Changes to the privacy policy and your duty
to inform us of changes

We keep our privacy policy under regular
review. This version was last updated on
20 September 2019.

It is important that the personal data we hold
about you is accurate and current.
Please keep us informed if your personal data
changes during your relationship with us.

Third-party links

This website may include links to third-party
websites, plug-ins and applications.
Clicking on those links or enabling those
connections may allow third parties to collect
or share data about you. We do not control
these third-party websites and are not
responsible for their privacy statements. When you
leave our website, we encourage you to read the
privacy policy of every website you visit.

Registrations

Our limited liability partnership registration
number is OC421348.
Our ICO registration number is ZA501904.

THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means
any information about an individual from
which that person can be identified.
It does not include data where the identity has
been removed (such as anonymous data).

There are some ‘special categories’ of more
sensitive personal data which require a higher
level of protection.

Clients and Authorised Persons

We collect, store and use some or all of the
ollowing categories of personal
information about Clients and Authorised Persons:

1. Client take-on information: name, title,
address, telephone number, email address,
job title, photographic identification,
date of birth, credit check;

2. File information: name, title, address,
telephone number, email address, job title,
bank account details;

3. Matter information: the categories of
personal information that we hold about you
for the purposes of specific matters that
we are providing advice on will vary according
to the type of matter.
Where we have collected this information
other than from you, we will always ask you
to confirm its accuracy.
By way of example this category may include,
amongst other things: tax details, employment
details, directorships, shareholding details
or personal correspondence;

4. Relationship information: title, name,
address, telephone number, email address
job title, client relationship details
(i.e. length of relationship, contacts engaged
with at the Firm, calls, meetings and other
engagement with the Firm), services details
(number of engagements, references, reviews
and testimonials) and dietary preferences;

5. Marketing information: name, title, address,
telephone number, email address, job title,
company, engagement details
(click-throughs, open rates, bounce rates,
return to sender notifications) event attendance
history, dietary preferences, payment details
and marketing preferences;

6. Social media information:
username, company details and engagement
details (shares, likes, retweets, reactions,
comments); and

7. Monitoring: CCTV footage, swipe/fob
records, PC login details, use of our IT and
communications systems, vehicle details.
We may also collect, store and use the
following ‘special categories’ of more sensitive
personal information about Clients and
Authorised Persons:

8. Relationship information (sensitive): special
access requirements, allergies; and

9. Matter information (sensitive):
The categories of personal information that we
hold about you for the purposes of specific
matters that we are providing advice on will
vary according to the type of matter.
Where we have collected this information
other than from you, we will always ask you to
confirm its accuracy.
By way of example this category may include,
amongst other things: race or ethnicity,
philosophical or religious beliefs, political
opinions, trade union membership, medical
conditions, prescriptions, surgeries,
medical history, disabilities, biometric data and
sexual orientation.

Subscribers

We collect, store and use some or all of
categories of personal information set out in
paragraphs 4, 5, 6 and 7 above under the
Clients and Authorised Persons heading as it
relates to Subscribers.

We may also collect, store and use the same
‘special category’ of more sensitive personal
information about Subscribers as set out in
paragraph 8 above.

If you fail to provide certain personal
information when we request it, we may not be
able to perform our contract with you properly
(such as providing you with legal advice) or we
may be prevented from achieving our
legitimate interests (such as engaging with you
on social media).

We have a statutory obligation to conduct
the checks that we use the client take-on
nformation of Clients and Authorised Persons
for. If you choose not to provide that
information, we will not be able to engage you
as a client of the Firm.

HOW IS YOUR PERSONAL DATA
COLLECTED?

Clients and Authorised Persons

As part of our file opening procedures,
we will collect personal information in
categories 1 and 2 above directly from Clients
and Authorised Persons.

When we take instructions, we will collect
personal information in categories
3 and 9 above directly from
Clients and Authorised Persons.
We may also obtain further information
about specific matters from other sources
including publicly available registers,
court transcripts, credit searches and private investigators.

Over the course of our relationship,
we will collect personal information in
categories 4 and 5 above directly from
Clients and Authorised Persons.
We may also collect further information
from other sources such as Companies House
or market information providers.

When Clients and Authorised Persons
engage with our social media accounts on
Facebook, Twitter and Linkedin, we collect
personal information in category 6 above either
from Clients and Authorised Persons directly
or from social media platforms.

When Clients or Authorised Persons visit
our premises or use our IT or communications
systems, we collect personal information falling
within category 7 above.

Subscribers

We collect personal information in categories
4, 5 and 8 above directly from Subscribers
over the course of our relationship,
this may be when you when you attend one of
our events, sign up to a newsletter, when you
instruct us on a matter, or some other time
when you engage with us directly.
We may also source some of this information
from other sources such as Companies House
or market information providers.

We collect personal information in
category 6 above either from you directly or
from social media platforms when you engage
with our social media accounts on Facebook,
Twitter and Linkedin.

We collect personal information falling
within category 7 above when
Subscribers visit our premises or use our IT
or communications systems.

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when
the law allows us to. Most commonly,
we will use your personal data in the following
circumstances:

• where we have obtained freely given,
specific, informed and unambiguous
consent from you to use your personal data
in certain ways;

• where we need to perform the contract
we are about to enter into or have entered
into with you;

• where it is necessary for our legitimate
interests (or those of a third party) and your
interests and fundamental rights do not
override those interests; or

• where we need to comply with a legal
obligation.

Click here to find out more about the types
of lawful basis that we will rely on to process
your personal data.

Purposes for which we will use your
personal data

Clients and Authorised Persons

Below, we have set out the purposes for
which we use each category of personal data
and the lawful bases which are relevant to
those purposes.

We use your take-on information to conduct
certain compliance checks that we are required
to carry out by law, these include conflict
of interest, ‘know your client’ and anti-money
laundering searches. Our lawful basis for
this is that we have a legal obligation to
conduct these checks.

We use your file information for
communicating with you during the course of
our engagement, this includes taking your
instructions, providing legal advice and
invoicing for fees and disbursements.

We use your matter information to provide
legal advice to you. In both cases, for Clients,
our lawful basis for this is that it is necessary
in order to perform the contract for legal
services that we have with you.
In both cases, for Authorised Persons, our
lawful basis for this is that it is necessary in
order to pursue the legitimate interest of the
entity you represent in seeking legal advice.

We use your relationship information to
manage our relationship with you at all times.
Our lawful basis for this is that it is necessary
in order to pursue our legitimate interests in
creating deep and lasting relationships with
our Clients and with Authorised Persons.

We use your marketing information for
marketing purposes, this includes contacting
you with relevant newsletters, bulletins and
other information about our services, inviting
you to events and measuring engagement with
our communications to ensure that the content
that we create is relevant and useful.
Our lawful basis for this is your consent.
You have the right to withdraw this consent or
amend your marketing preferences at any time
by contacting data@proveniolaw.com.

We hold your social media information in the
course of operating our social media accounts
on Twitter, Facebook and LinkedIn.
Our lawful basis for this is that it is necessary
in order to pursue our legitimate interest in
maintaining a visible, engaging and relevant
social media presence.

We use monitoring to ensure network and
information security, including preventing
unauthorised access to our systems and
preventing malware distribution and to ensure
compliance with our IT and communications
policies. Our lawful basis for this is our
legitimate interests in securing our information
and systems.

‘Special categories’ of particularly sensitive
personal information require higher
levels of protection.
We need to have further justification
for collecting, storing and using this type
of personal information.
Below we have identified the further
justification on which we are relying to process
Clients’ and Authorised Persons’
special category personal data.
We have in place an appropriate policy and
safeguards which we are required by law to
maintain when processing such data.

We use relationship information (sensitive) to
ensure that our office and events are inclusive
and accessible to all our Clients.
Our lawful basis for this is our legitimate
interest in ensuring that Clients and
Authorised Persons can access and make use
of our office and events.
Our further justification is that any information
that we use to ensure accessibility is information
that you have manifestly made public.

We use matter information (sensitive)
to provide legal advice to you.
For Clients, our lawful basis for this is that it is
necessary in order to perform the contract for
legal services that we have with you.
For Authorised Persons, our lawful basis for
this is that it is necessary in order to
pursue the legitimate interest of the entity you
represent in seeking legal advice.
Our further justification is that it is
necessary for the establishment, exercise
or defence of legal claims.

Subscribers

The purposes for which we use each
category of personal data and the lawful bases
which are relevant to those purposes for
Subscribers are set out below.

We use your relationship information to
manage and strengthen our relationship with
you at all times. Our lawful basis for this is
necessary in order to pursue our legitimate
interests in creating and maintaining deep and
lasting relationships with our contacts.

We use your marketing information for
marketing purposes, this includes contacting
you with relevant newsletters, bulletins and
other information about our services, inviting
you to events and measuring engagement with
our communications to ensure that the content
that we create is relevant and useful.
Our lawful basis for this is your consent.
You have the right to withdraw this consent or
amend your marketing preferences at any time
by contacting data@proveniolaw.com.

We hold your social media information in the
course of operating our social media accounts
on Twitter, Facebook and LinkedIn.
Our lawful basis for this is that it is necessary
in order to pursue our legitimate interest in
maintaining a visible, engaging and relevant
social media presence.

We use monitoring to ensure network and
information security, including preventing
unauthorised access to our systems and
preventing malware distribution and to ensure
compliance with our IT and communications
policies. Our lawful basis for this is our
legitimate interests in securing our information
and systems.

As with our Clients and Authorised Persons,
we have identified the further justification on
which we are relying to process Subscribers’
special category personal data.
We have in place an appropriate policy and
safeguards which we are required by law to
maintain when processing such data.

We use relationship information (sensitive)
to ensure that our office and events are
inclusive and accessible to all our clients.
Our lawful basis for this is our legitimate
interest in ensuring that Subscribers can access
and make use of our office and events. Our further
justification is that any information that we use
to ensure accessibility is information that you
have manifestly made public.

Change of purpose

We will only use your personal information for
the purposes for which we collected it, unless
we reasonably consider that we need to use
it for another purpose and that purpose is
compatible with the original purpose.
If we need to use your personal information
for an unrelated purpose, we will notify you
and we will explain the lawful basis which
allows us to do so.

DISCLOSURE OF YOUR PERSONAL DATA

Data sharing

We share your data with third parties, including
third-party service providers, courts and
other lawyers. We require all third parties to
respect the security of your data and to treat it
in accordance with the law.

Third-party service providers require access
to your personal data in the course of
providing their services to us.
We engage third parties to provide the
following services: public relations and
marketing, IT support, practice management
systems, document management systems, case
management systems, printing and
reprographics support and event
hosting services.

All third parties are required to take
appropriate security measures to protect
your personal information in line with our policies.
We do not allow third parties to use your
personal data for their own purposes.
We only permit them to access your personal
data for specific purposes and in accordance
with our instructions.

We may also need to share your personal
information with a regulator to comply with
the law.

International Transfers

We do not transfer your personal data outside
the European Economic Area (“EEA”).

DATA SECURITY

We have put in place appropriate security
measures to protect your personal information
from being accidentally lost, used or accessed
in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal
information to those people who have a
business need to know. They will only process
your personal information on our instructions
and they are subject to a duty of confidentiality.

We have put procedures in place to deal with
any suspected data security breach and will
notify you and any applicable regulator of a
suspected breach where we are legally
required to do so.

DATA RETENTION

We will only retain your personal information
for as long as necessary to fulfil the purposes
we collected it for, including for the purposes
of satisfying any legal accounting, or reporting
requirements.

We retain client take-on information in
category 1 for 6 years from the date that we
take you on as a Client or open a client file on
your instructions as an Instructing Officer.

We retain relationship information in
categories 4 and 8 for the period of our
relationship with you and for 2 years afterwards.

We retain marketing information in category 5
for the period of our relationship with you and
for 5 years afterwards.

We retain social media information in category
6 for the period during which we are connected
on any given social media platform only.

For details on how long we retain client file,
matter file and monitoring information in
categories 2 – 4 and 7 – 9, please see our
Retention Policy.

In some circumstances we may anonymise
your personal information so that it can no
longer be associated with you, in which case
we may use such information without
further notice to you.

Where you have chosen to unsubscribe from
marketing communications, we will retain your
contact details to ensure that you are not sent
any further communications.
This information will be held indefinitely.

YOUR RIGHTS

Under certain circumstances, you have the
right under data protection laws to:

Request access to your personal information.
This is commonly known as a subject access
request. This enables you to receive a copy of
the personal information we hold about you
and to check that we are processing it lawfully.

Request correction of the personal information
that we hold about you.
This enables you to have any incomplete or
inaccurate information we hold about
you corrected.

Request erasure of your personal information.
This enables you to ask us to delete or remove
personal information where there is no good
reason for us continuing to process it.
You also have the right to ask us to delete or
remove your personal information where you
have exercised your right to object to
processing (see below).

Object to processing of your personal
information where we are relying on a
legitimate interest (or those of a third party)
and there is something about your particular
situation which makes you want to
object to processing on this ground.
You also have the right to object where we
are processing your personal information for
direct marketing purposes.

Request the restriction of processing of your
personal information.
This enables you to ask us to suspend the
processing of personal information about you,
for example if you want us to establish its
accuracy or the reason for processing it.

Request the transfer of your personal
information to another party.

Request the reconsideration of an
automated decision.
This enables you to ask us to reconsider a
decision that was made solely by automated
means or to ask for human intervention.

If you want to review, verify, correct or
request erasure of your personal information,
object to the processing of your personal data,
request that we transfer a copy of your
personal information to another party or
request the reconsideration of an automated
decision, please contact data@proveniolaw.com.

No fee usually required

You will not have to pay a fee to access
your personal information (or to exercise any
of the other rights).
However, we may charge a reasonable fee if
your request for access is clearly unfounded or
excessive. Alternatively, we may refuse to
comply with the request in such circumstances.

What we may need from you

We may need to request specific information
from you to help us confirm your identity
and ensure your right to access the information
(or to exercise any of your other rights).
This is another appropriate
security measure to ensure that personal
information is not disclosed to any person who
has no right to receive it.

Time Limit to Respond

We try to respond to all legitimate requests
within one month.
Occasionally it could take us longer
than a month if your request is particularly
complex or you have made a number of
requests. In this case, we will notify you and
keep you updated.

GLOSSARY

LAWFUL BASIS

Legitimate Interest means the interest of
our business in conducting and managing our
business to enable us to give you the best
service and the best and most secure
experience. We make sure we consider and
balance any potential impact on you
(both positive and negative) and your rights
before we process your personal data for our
legitimate interests.
We do not use your personal data for
activities where our interests are overridden by
the impact on you (unless we have your
consent or are otherwise required or permitted
to by law). You can obtain further information
about how we assess our legitimate interests
against any potential impact on you in respect
of specific activities by contacting us.

Performance of Contract means processing
your data where it is necessary for the
performance of a contract to which you are a
party or to take steps at your request before
entering into such a contract.

Comply with a legal obligation means
processing your personal data where it is
necessary for compliance with a legal
obligation that we are subject to.

THIRD PARTIES

Internal Third Parties

Other companies in the Provenio Group
acting as joint controllers or processors and
who are based in the UK and Ireland and
provide administration services and undertake
leadership reporting.

External Third Parties

• Service providers acting as processors
based in the UK who provide IT and system
administration services.

• Professional advisers acting as processors
or joint controllers including lawyers, bankers,
auditors and insurers based in the UK and
Ireland who provide consultancy, banking,
legal, insurance and accounting services.

• HM Revenue & Customs, regulators and
other authorities acting as processors or joint
controllers based in the United Kingdom who
require reporting of processing activities in
certain circumstances.

PROVENIO LITIGATION LLP PRIVACY POLICY

Introduction

Provenio Litigation LLP (“we”, “our”, “us”, “theFirm”) respects your privacy
and is committed to protecting your personal data. This privacy policy
describes how we collect and use personal information about you.

This privacy policy is provided in a layered format so you can
click through to the specific areas set out below. Please also use the Glossary
to understand the meaning of some of the terms used in this privacy policy.

IMPORTANT INFORMATION AND WHO WE ARE THE DATA WE COLLECT ABOUT YOU HOW IS YOUR PERSONAL DATA COLLECTED? HOW WE USE YOUR PERSONAL DATA DISCLOSURE OF YOUR PERSONAL DATA DATA SECURITY DATA RETENTION YOUR RIGHTS GLOSSARY

For the purposes of this policy:

“Clients” includes natural persons who have engaged us to provide
legal advice to them in their personal capacity;

“Authorised Persons” includes natural persons who have instructed
us on behalf of a company, partnership, trust, estate, agency, department,
corporate body of any description or any other group or organisation; and

“Subscribers” includes natural persons that have signed up to one
of our newsletters or bulletins, have attended or registered to attend
one of our events or follow us on social media.

IMPORTANT INFORMATION AND WHO WE ARE

This policy applies to the personal data of past and present
Clients, Authorised Persons and Subscribers. Please note that you may fall
in to more than one of these categories so we may hold your personal data in a number
of capacities. If you are a past or present employee, member or consultant of the firm,
we will hold further personal data about you.

This policy does not form part of any contract that you may have with the Firm.
It is provided for information purposes only.

Controller

Provenio Litigation LLP is a ‘data controller’ and responsible for deciding how we hold
and use your personal data. We are required under data protection laws to notify
you of the information contained in this policy.

Contact Details

For further details please contact data@proveniolaw.com or write to us at:
Data Protection, Provenio Litigation LLP, 7th Floor, Walker House,
Exchange Flags, Liverpool L2 3YL.

You have the right to make a complaint at anytime to the
Information Commissioner’s Office(ICO), the UK supervisory authority
for data protection issues (www.ico.org.uk). We would, however, appreciate
the chance to deal with your concerns before you approach
the ICO so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review.
This version was last updated on 20 September 2019.

It is important that the personal data we hold about you is accurate
and current. Please keep us informed if your personal data changes
during your relationship with us.

Third-party links

This website may include links to third-party websites,
plug-ins and applications. Clicking on those links or enabling those
connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible
for their privacy statements. When you leave our website, we encourage you
to read the privacy policy of every website you visit.

Registrations

Our limited liability partnership registration number is OC421348.
Our ICO registration number is ZA501904.

THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information
about an individual from which that person can be identified. It does not include
data where the identity has been removed (such as anonymous data).

There are some ‘special categories’ of more sensitive personal data which
require a higher level of protection.

Clients and Authorised Persons

We collect, store and use some or all of the following categories
of personal information about Clients and Authorised Persons:

1. Client take-on information: name, title, address, telephone number,
email address, job title, photographic identification, date of birth, credit check;

2. File information: name, title, address, telephone number,
email address, job title, bank account details;

3. Matter information: the categories of personal information that we hold
about you for the purposes of specific matters that we are providing advice on
will vary according to the type of matter. Where we have collected
this information other than from you, we will always ask
you to confirm its accuracy. By way of example this category may include,
amongst other things: tax details, employment details, directorships,
shareholding details or personal correspondence;

4. Relationship information: title, name, address, telephone number,
email address job title, client relationship details (i.e. length of relationship,
contacts engaged with at the Firm, calls, meetings and other engagement
with the Firm), services details (number of engagements,
references, reviews and testimonials) and dietary preferences;

5. Marketing information: name, title, address, telephone number,
email address, job title,company, engagement details (click-throughs, open rates,
bounce rates, return to sender notifications) event attendance history,
dietary preferences, payment details and marketing preferences;

6. Social media information: username, company details and
engagement details (shares, likes, retweets, reactions, comments); and

7. Monitoring: CCTV footage, swipe/fob records, PC login details,
use of our IT and communications systems, vehicle details. We may also collect,
store and use the following ‘special categories’ of more sensitive personal
information about Clients and Authorised Persons:

8. Relationship information (sensitive): special access
requirements, allergies; and

9. Matter information (sensitive): The categories of personal information
that we hold about you for the purposes of specific matters that
we are providing advice on will vary according to the type of matter.
Where we have collected this information other than from you, we will always ask
you to confirm its accuracy. By way of example this category may include,
amongst other things: race or ethnicity, philosophical or religious beliefs, political
opinions, trade union membership, medical conditions, prescriptions,
surgeries, medical history, disabilities, biometric data and sexual orientation.

Subscribers

We collect, store and use some or all of categories of personal information
set out in paragraphs 4, 5, 6 and 7 above under the Clients and Authorised Persons
heading as it relates to Subscribers.

We may also collect, store and use the same ‘special category’ of more
sensitive personal information about Subscribers as set out in paragraph 8 above.

If you fail to provide certain personal information when we request it,
we may not be able to perform our contract with you properly (such as providing you
with legal advice) or we may be prevented from achieving our legitimate interests
(such as engaging with you on social media).

We have a statutory obligation to conduct the checks that we use the client
take-on information of Clients and Authorised Persons for. If you choose not to provide
that information, we will not be able to engage you as a client of the Firm.

HOW IS YOUR PERSONAL DATA COLLECTED?

Clients and Authorised Persons

As part of our file opening procedures, we will collect personal information
in categories 1 and 2 above directly from Clients and Authorised Persons.

When we take instructions, we will collect personal information
in categories 3 and 9 above directly from Clients and Authorised Persons.
We may also obtain further information about specific matters from other sources
including publicly available registers, court transcripts, credit searches
and private investigators.

Over the course of our relationship, we will collect personal information
in categories 4 and 5 above directly from Clients and Authorised Persons.
We may also collect further information from other sources such as
Companies House or market information providers.

When Clients and Authorised Persons engage with our social media accounts
on Facebook, Twitter and Linkedin, we collect personal information in category 6 above
either from Clients and Authorised Persons directly or from social media platforms.

When Clients or Authorised Persons visit our premises or use our IT
or communications systems, we collect personal information falling within
category 7 above.

Subscribers

We collect personal information in categories 4, 5 and 8 above directly
from Subscribers over the course of our relationship, this may be when you attend
one of our events, sign up to a newsletter, when you instruct us on a matter,
or some other time when you engage with us directly.
We may also source some of this information from other sources such as
Companies House or market information providers.

We collect personal information in category 6 above either from you directly
or from social media platforms when you engage with our social media accounts
on Facebook, Twitter and Linkedin.

We collect personal information falling within category 7 above when Subscribers
visit our premises or use our IT or communications systems.

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to.
Most commonly, we will use your personal data in the following circumstances:

• where we have obtained freely given, specific, informed and unambiguous
consent from you to use your personal data in certain ways;

• where we need to perform the contract we are about to enter into
or have entered into with you;

• where it is necessary for our legitimate interests (or those of a third party)
and your interests and fundamental rights do not override those interests; or

• where we need to comply with a legal obligation.

Click here to find out more about the types of lawful basis
that we will rely on to process your personal data.

Purposes for which we will use your personal data

Clients and Authorised Persons

Below, we have set out the purposes for which we use each category
of personal data and the lawful bases which are relevant to those purposes.

We use your take-on information to conduct certain compliance
checks that we are required to carry out by law, these include conflict of interest,
‘know your client’ and anti-money laundering searches. Our lawful basis for
this is that we have a legal obligation to conduct these checks.

We use your file information for communicating with you during
the course of our engagement, this includes taking your instructions,
providing legal advice and invoicing for fees and disbursements.

We use your matter information to provide legal advice to you.
In both cases, for Clients, our lawful basis for this is that it is necessary
in order to perform the contract for legal services that we have with you.
In both cases, for Authorised Persons, our lawful basis for this is
that it is necessary in order to pursue the legitimate interest of the entity
you represent in seeking legal advice.

We use your relationship information to manage our relationship
with you at all times. Our lawful basis for this is that it is necessary in order
to pursue our legitimate interests in creating deep and lasting relationships with
our Clients and with Authorised Persons.

We use your marketing information for marketing purposes, this includes
contacting you with relevant newsletters, bulletins and other
information about our services, inviting you to events and measuring engagement
with our communications to ensure that the content that we create is relevant
and useful. Our lawful basis for this is your consent. You have the right to withdraw
this consent or amend your marketing preferences at any time by contacting
data@proveniolaw.com.

We hold your social media information in the course of operating our
social media accounts on Twitter, Facebook and LinkedIn. Our lawful basis for this
is that it is necessary in order to pursue our legitimate interest in maintaining
a visible, engaging and relevant social media presence.

We use monitoring to ensure network and information security,
including preventing unauthorised access to our systems and preventing malware
distribution and to ensure compliance with our IT and communications policies.
Our lawful basis for this is our legitimate interests in securing
our information and systems.

‘Special categories’ of particularly sensitive personal information require higher
levels of protection. We need to have further justification for collecting,
storing and using this type of personal information. Below we have identified
the further justification on which we are relying to process Clients’
and Authorised Persons’ special category personal data. We have in place
an appropriate policy and safeguards which we are required by law
to maintain when processing such data.

We use relationship information (sensitive) to ensure that our office and events
are inclusive and accessible to all our Clients. Our lawful basis for this
is our legitimate interest in ensuring that Clients and Authorised Persons can access
and make use of our office and events. Our further justification is that
any information that we use to ensure accessibility is information that you
have manifestly made public.

We use matter information (sensitive) to provide legal advice to you.
For Clients, our lawful basis for this is that it is necessary in order to perform
the contract for legal services that we have with you. For Authorised Persons, our lawful
basis for this is that it is necessary in order to pursue the legitimate interest
of the entity you represent in seeking legal advice. Our further justification is that
it is necessary for the establishment, exercise or defence of legal claims.

Subscribers

The purposes for which we use each category of personal data
and the lawful bases which are relevant to those purposes for Subscribers
are set out below.

We use your relationship information to manage and strengthen our relationship
with you at all times. Our lawful basis for this is necessary in order to pursue
our legitimate interests in creating and maintaining deep and lasting relationships
with our contacts.

We use your marketing information for marketing purposes, this includes
contacting you with relevant newsletters, bulletins and other information
about our services, inviting you to events and measuring engagement
with our communications to ensure that the content that we create is relevant
and useful. Our lawful basis for this is your consent. You have the right to withdraw
this consent or amend your marketing preferences at any time by contacting
data@proveniolaw.com.

We hold your social media information in the course of operating
our social media accounts on Twitter, Facebook and LinkedIn. Our lawful basis
for this is that it is necessary in order to pursue our legitimate interest in maintaining
a visible, engaging and relevant social media presence.

We use monitoring to ensure network and information security,
including preventing unauthorised access to our systems and preventing malware
distribution and to ensure compliance with our IT and communications policies.
Our lawful basis for this is our legitimate interests in securing our
information and systems.

As with our Clients and Authorised Persons, we have identified
the further justification on which we are relying to process Subscribers’ special
category personal data. We have in place an appropriate policy and safeguards which
we are required by law to maintain when processing such data.

We use relationship information (sensitive) to ensure that our office and events
are inclusive and accessible to all our clients. Our lawful basis for this is our
legitimate interest in ensuring that Subscribers can access and make use of our office
and events. Our further justification is that any information that we use to ensure
accessibility is information that you have manifestly made public.

Change of purpose

We will only use your personal information for the purposes for which
we collected it, unless we reasonably consider that we need to use it for another
purpose and that purpose is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify
you and we will explain the lawful basis which allows us to do so.

DISCLOSURE OF YOUR PERSONAL DATA

Data sharing

We share your data with third parties, including third-party service providers,
courts and other lawyers. We require all third parties to respect the security
of your data and to treat it in accordance with the law.

Third-party service providers require access to your personal data
in the course of providing their services to us. We engage third parties to provide
the following services: public relations and marketing, IT support, practice management
ssystems, document management systems, case management systems, printing
and reprographics support and event hosting services.

All third parties are required to take appropriate security measures to protect
your personal information in line with our policies. We do not allow third parties
to use your personal data for their own purposes. We only permit them
to access your personal data for specific purposes and in accordance
with our instructions.

We may also need to share your personal information with a regulator
to comply with the law.

International Transfers

We do not transfer your personal data outside the European Economic Area (“EEA”).

DATA SECURITY

We have put in place appropriate security measures to protect your
personal information from being accidentally lost, used or accessed in an unauthorised
way, altered or disclosed. In addition, we limit access to your personal information
to those people who have a business need to know. They will only process your personal
information on our instructions and they are subject to a duty of confidentiality.

We have put procedures in place to deal with any suspected data security breach
and will notify you and any applicable regulator of a suspected breach
where we are legally required to do so.

DATA RETENTION

We will only retain your personal information for as long as necessary
to fulfil the purposes we collected it for, including for the purposes of satisfying
any legal accounting, or reporting requirements.

We retain client take-on information in category 1 for 6 years from the date
that we take you on as a Client or open a client file on your instructions
as an Instructing Officer.

We retain relationship information in categories 4 and 8 for the period
of our relationship with you and for 2 years afterwards.

We retain marketing information in category 5 for the period
of our relationship with you and for 5 years afterwards.

We retain social media information in category 6 for the period during
which we are connected on any given social media platform only.

For details on how long we retain client file, matter file and monitoring
information in categories 2 – 4 and 7 – 9, please see our Retention Policy.

In some circumstances we may anonymise your personal information
so that it can no longer be associated with you, in which case we may use
such information without further notice to you.

Where you have chosen to unsubscribe from marketing communications,
we will retain your contact details to ensure that you are not sent any further
communications. This information will be held indefinitely.

YOUR RIGHTS

Under certain circumstances, you have the right under data protection laws to:

Request access to your personal information. This is commonly
known as a subject access request. This enables you to receive a copy
of the personal information we hold about you and to check
that we are processing it lawfully.

Request correction of the personal information that we hold about you.
This enables you to have any incomplete or inaccurate information we hold
about you corrected.

Request erasure of your personal information.This enables you to ask
us to delete or remove personal information where there is no good reason
for us continuing to process it. You also have the right to ask us to delete
or remove your personal information where you have exercised your right
to object to processing (see below).

Object to processing of your personal information where we are
relying on a legitimate interest (or those of a third party) and there is something
about your particular situation which makes you want to object
to processing on this ground. You also have the right to object where
we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal information.
This enables you to ask us to suspend the processing of personal information
about you, for example if you want us to establish its accuracy
or the reason for processing it.

Request the transfer of your personal information to another party.

Request the reconsideration of an automated decision.
This enables you to ask us to reconsider a decision that was made solely
by automated means or to ask for human intervention.

If you want to review, verify, correct or request erasure of your
personal information, object to the processing of your personal data,
request that we transfer a copy of your personal information to another party
or request the reconsideration of an automated decision, please
contact data@proveniolaw.com.

No fee usually required

You will not have to pay a fee to access your personal information
(or to exercise any of the other rights). However, we may charge a reasonable fee
if your request for access is clearly unfounded or excessive. Alternatively, we may
refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm
your identity and ensure your right to access the information (or to exercise any of
your other rights). This is another appropriate security measure to ensure that personal
information is not disclosed to any person who has no right to receive it.

Time Limit to Respond

We try to respond to all legitimate requests within one month.
Occasionally it could take us longer than a month if your request is particularly
complex or you have made a number of requests. In this case, we will notify
you and keep you updated.

GLOSSARY

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting
and managing our business to enable us to give you the best service and the best
and most secure experience. We make sure we consider and balance any potential
impact on you (both positive and negative) and your rights before
we process your personal data for our legitimate interests. We do not use
your personal data for activities where our interests are overridden
by the impact on you (unless we have your consent or are otherwise required
or permitted to by law). You can obtain further information about how we assess our
legitimate interests against any potential impact on you in respect of specific
activities by contacting us.

Performance of Contract means processing your data where
it is necessary for the performance of a contract to which you are a party
or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is
necessary for compliance with a legal obligation that we are subject to.

THIRD PARTIES

Internal Third Parties

Other companies in the Provenio Group acting as joint controllers or processors
and who are based in the UK and Ireland and provide administration
services and undertake leadership reporting.

External Third Parties

• Service providers acting as processors based in the UK who provide
IT and system administration services.

• Professional advisers acting as processors or joint controllers
including lawyers, bankers, auditors and insurers based in the UK and Ireland
who provide consultancy, banking, legal, insurance and accounting services.

• HM Revenue & Customs, regulators and other authorities acting as processors
or joint controllers based in the United Kingdom who require reporting
of processing activities in certain circumstances.

PROVENIO LITIGATION LLP COMPLAINTS SECTION

Introduction

1.We pride ourselves in providing a high-quality service to our clients at all times. If, however, you are dissatisfied with any aspects of the Services provided, in the first instance please contact our managing partner, Mark Goodwin.

2.We are authorised and regulated by the Solicitors Regulation Authority (“SRA”) and operate a complaints procedure which complies with the requirements of the SRA a copy of which is available on request. If for any reason we are unable to resolve your concerns, in certain circumstances, depending on your status and circumstances, you may be able to refer the matter to the Legal Ombudsman. You can check your eligibility to make a complaint to the Legal Ombudsman through its website www.legalombudsman.org.uk. If you qualify you have the right to refer the matter to the Legal Ombudsman within six months of receiving a final written response from us notifying you of this right. A complaint must ordinarily be referred to the Legal Ombudsman within six years of the act or omission giving rise to the complaint or within three years from the date when you should reasonably have known there were grounds for complaint. The Legal Ombudsman is an independent public body responsible for resolving complaints about legal services. The Ombudsman scheme is administered by the Office for Legal Complaints.

3.We are required to comply with the SRA Code of Conduct (a copy of which can be found at www.sra.org.uk/solicitors/standards-regulations/code-conduct-firms and www.sra.org.uk/solicitors/standards-regulations/code-conduct-solicitors. If you consider we have failed to comply, you may have the right to complain to the SRA (www.sra.org.uk)

4. You may also have the right to apply to the court for an assessment of your invoice under Part III of the Solicitors Act 1974.

PROVENIO LITIGATION LLP COMPLAINTS SECTION

Introduction

1.We pride ourselves in providing a high-quality service to our clients at all times. If, however, you are dissatisfied with any aspects of the Services provided, in the first instance please contact our managing partner, Mark Goodwin.

2.We are authorised and regulated by the Solicitors Regulation Authority (“SRA”) and operate a complaints procedure which complies with the requirements of the SRA a copy of which is available on request. If for any reason we are unable to resolve your concerns, in certain circumstances, depending on your status and circumstances, you may be able to refer the matter to the Legal Ombudsman. You can check your eligibility to make a complaint to the Legal Ombudsman through its website www.legalombudsman.org.uk. If you qualify you have the right to refer the matter to the Legal Ombudsman within six months of receiving a final written response from us notifying you of this right. A complaint must ordinarily be referred to the Legal Ombudsman within six years of the act or omission giving rise to the complaint or within three years from the date when you should reasonably have known there were grounds for complaint. The Legal Ombudsman is an independent public body responsible for resolving complaints about legal services. The Ombudsman scheme is administered by the Office for Legal Complaints.

3.We are required to comply with the SRA Code of Conduct (a copy of which can be found at www.sra.org.uk/solicitors/standards-regulations/code-conduct-firms and www.sra.org.uk/solicitors/standards-regulations/code-conduct-solicitors. If you consider we have failed to comply, you may have the right to complain to the SRA (www.sra.org.uk)

4. You may also have the right to apply to the court for an assessment of your invoice under Part III of the Solicitors Act 1974.