We also comply with the Brazilian Lei Geral de Proteção de Dados (Lei n. 13.853, 2019), the Peruvian Ley de Protección de Datos Personales and, to the extent applicable, with the data protection laws of other jurisdictions.
The term “Personal Data” means any information relating to you, who can be identified, directly or indirectly, by reference to other information that we have access to.
We have offices in the United Kingdom, United States, and Europe and maintain an institutional relationship with a specialist claims firm in Brazil. The office(s) providing services to you/your company is/are the controller(s) with regard to your personal data within the meaning of the GDPR.
For services provided by our office in the Netherlands, the controller is PGMBM Nederland B.V., based at Herengracht 433, 1017 BR Amsterdam.
However, our offices will all qualify as joint controllers with regard to the processing of your personal data through our website (including cookies), apps and social media pages and for general marketing, business development and recruitment activities. Whenever we are joint controllers, we are jointly responsible for the way your personal data is handled and you can exercise your rights in respect of and against each entity.
FAQs surrounding data and privacy:
The information described below is in addition to any personal data we are required by law to process in any given situation.
CLIENT DATA: When joining a litigation case, we may collect contact and identity details such as name, telephone number, email, postal addresses, date of birth, payment details, tax residence information, copies of photo identifications such as your driving license and/or passport/identity card, information about nationality/citizenship/place of birth, your national identification number, identity verification documents and signature in order to comply with our legal and regulatory obligations.
We may also collect special categories of more sensitive data such as health, physical and mental health information, depending on the necessity of the legal case.
Where relevant, we may also hold additional information that someone in your organisation has chosen to disclose to us. If we need any additional personal data for any reason, we will inform you.
SUPPLIER DATA: We may collect your contact details or the contact details of individuals within your organisation (such as names, telephone numbers, email and/or postal addresses). Depending on the circumstances, we may also collect bank details for payment purposes.
JOB APPLICANT DATA: We may collect your C.V., work history, name, contact details, details of professional status, records and qualifications, referees, salaries and social media profiles, if you decide to apply for a job within our company.
PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS: To ask for a reference, we may need the referee’s contact details (such as name, email address and telephone number). We will also need these details if a job applicant or a member of our staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.
WEBSITE USERS: We collect a limited amount of data from our website users which we use to help us improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, including the time and duration of visit, your CPU speed, the operating system/platform you are using, the frequency with which you access our website, your browser type, the location you view our website from, and the language you choose to view it in. We may record site traffic patterns, “clickstreams”, and the times that our website is most popular. If you contact us or submit an application for a consultancy via the website, we will collect any information that you provide to us, for example, your name and/or contact details. We may use that information to assess and respond to your application or enquiry.
We collect personal data through the website in two ways:
1. Personal data that we receive directly from you
2. Personal data that we collect automatically when you use our website.
DIRECTLY FROM YOU: We receive personal data directly from you where you contact us proactively, usually via an online form, by phone or email; and/or
· Where we contact you, whether by phone, email, or any other form of communication.
WEBSITE USERS: When you visit our website, there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via our website, for example, when you submit a query.
We collect your data automatically via cookies, in line with cookie settings on our homepage and in your browser.
The personal data that we collect is utilised to enhance our professional relationship with you. More specifically, your personal data is processed for the following purposes, which are further explained
under Section E together with the applicable legal bases for processing data under Articles 6 and 9 of the GDPR.
USING CLIENT DATA: Below are the various ways in which we use your data in order to ensure the smooth running of our agreements and dealings with you:
1. Professional services activities – Processing your data in order to establish, exercise and defend our client’s legal rights, to store your details (and updating them when necessary) on our database, so that we can contact you in relation to our relevant activities; and keeping records of our conversations and meetings, so that we can provide targeted services to you and in order to comply with our legal and regulatory obligations.
2. To help us to establish, exercise or defend legal claims – In more unusual circumstances, we may use your personal data to help us to establish, exercise or defend legal claims.
USING SUPPLIER DATA: We will only use your information:
1. To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements or our dealings with you;
2. To facilitate our payroll and invoicing processes, for example, in relation to consultants or self-employed contractors; and
3. In more unusual circumstances, to help us to establish, exercise or defend legal claims.
USING JOB APPLICANT DATA: We will only use your information:
· To assess your suitability for the position, to determine your employment terms, to safeguard our internal control and security, and to comply with legal obligations.
PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES, EMERGENCY CONTACTS AND DEPENDENTS:
We will only use the information about you for the following purposes:
· If a Job Applicant or staff member put you down on our form as an emergency contact, we will contact you in the case of an accident or emergency affecting them; or
· If you were put down by a Job Applicant as a referee, we will contact you in order to take up a reference; or
· If you were put down by a staff member as a next of kin or dependent, we will store your personal data to ensure the personnel records of the staff member are correct and disclose your information to the relevant benefits provider.
If you are not happy about this, you have the right to object and can find out more about how to do so by emailing email@example.com.
WEBSITE USERS: We use your data to help us to improve your experience of using our website, for example, by analysing your recent search criteria to help us to present information to you that we think you will be interested in.
We can process your data where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights or freedoms, which require protection of personal data. These interests were identified by carrying out a Legitimate Interests Assessment.
You have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please contact firstname.lastname@example.org.
To ensure that we provide you with the best service possible, we use and store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations and meetings.
We think this is reasonable – we deem these uses of your personal data to be necessary for our clients’ legitimate interest in establishing, exercising and defending their legal rights and our legitimate interests in order to carry out our business activities.
We have to make sure our business runs smoothly, so that we can carry on providing services. We therefore also need to use your data for our internal administrative activities, such as invoicing where relevant.
We have our own obligations under the law, which is a legitimate interest of ours to insist on meeting. If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection or tax collection.
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. Where you are a sole trader, we also hold your financial details, so that we can pay you for your services.
We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
JOB APPLICANT DATA
We use and store the personal data of job applicants to ensure that we find suitable candidates for our vacancies, or – in the case of identity documents and certificates of conduct – because we have a legal obligation to do so.
PEOPLE WHOSE DATA WE RECEIVE FROM JOB APPLICANTS AND STAFF, SUCH AS REFEREES AND EMERGENCY CONTACTS
If you have been put down by a job applicant or a member of Pogust Goodhead as one of their referees, we use your personal data in order to contact you for a reference.
If a staff member has given us your details as an emergency contact, we will use these details to contact you in the case of an accident or emergency. We have a legitimate interest to store this data and use it in appropriate circumstances on behalf of our staff.
If a staff member has given us your details as a dependent or a next of kin, we will use your personal data as appropriate for the purpose of benefits or employment rights.
We have a legitimate interest to store this data and use it in appropriate circumstances on behalf of our staff.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain processing activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent. In all cases where we rely on consent:
· You have to give us your consent freely, without us putting you under any type of pressure; and
· You have to know what you are consenting to – so we’ll make sure we give you enough information.
We will keep records of the consents that you have given in this way.
In some cases, we will be able to rely on soft opt-in on the basis of our legitimate interest. We are allowed to market products or services to you which are related to the services we provide as long as you do not actively opt out from these communications.
You have the right to withdraw your consent to these activities at any time. You can do so at any time by emailing email@example.com
We also have legal and regulatory obligations that we need to comply with. For example, prior to certain engagements, we collect certain information to verify the identity of the client, in order to comply with anti-money laundering, know-your-client legislations and legislation governing legal professions.
If we believe in good faith that it is necessary, we may share your data in connection with crime detection or tax collection with the relevant public authorities. For example, in the Netherlands we are obliged to report unusual transactions to the Financial Intelligence Unit (FIU-Nederland).
We also may share your data with regulatory agencies or other relevant bodies in order to comply with our regulatory obligations.
We will keep records of your personal data (including personal data contained in communications and calls) in accordance with our legal and regulatory right and obligations.
We can process your data where we are carrying out necessary steps in relation to a contract to which you are party to or prior to you entering into a contract, for example, because you wish to instruct us to carry out legal services for you.
ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data, in connection with exercising or defending legal claims.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
Where appropriate and in accordance with local laws and requirements, we may share your personal data, for the purposes described in Sections D and E and purposes compatible with those purposes, with the following categories of people:
· Any of our offices;
· Courts, arbitral tribunals, mediators, lawyers from other firms and other advisors to clients, in the course of providing our professional services;
· Individuals and organisations who hold information related to a Job Applicant’s reference or application to work with us, such as current or prospective employers and employment and recruitment agencies;
· Tax, audit, regulatory bodies or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, in connection with any anticipated litigation or in compliance with our legal and regulatory obligations);
· Third party service providers who perform functions on our behalf and who do not qualify as processors either on the basis of specific legal provisions, their professional capacity or the nature of the function (including benefit providers such as pension providers, private medical insurance, dental insurance and childcare providers, external consultants, business associates and professional advisers such as lawyers, auditors and accountants transport and distribution suppliers, technical support functions and IT consultants carrying out testing and development work on our business technology systems).
· Other third-party service providers (suppliers) who provide certain elements of services to us including third party outsourced IT services providers (client relationship management services (call centres, automated text services), payment services providers, litigation management software providers, and document storage providers where we have an appropriate processing agreement (or similar protections) in place);
· Marketing technology platforms and suppliers (cookie data only); and
· If Pogust Goodhead merges with or is acquired by another business or company in the future, we may share your personal data with the new owners of the business or company (and provide you with notice of this disclosure).
We do not sell any personally identifiable information provided to us to any unrelated third party, but, as set out above, we may share it with related entities or with unrelated third parties in connection with our own marketing activities or the maintenance and operation of our site, or as may be legally required. Please do not to send confidential or sensitive information to us through this site.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of necessary technical and organisational measures including but not limited to encrypted systems, to hold your personal data securely in both electronic and physical form.
All our Partners, staff, third party services and cross borders who have or may have access to your personal data, are instructed and subjected to confidentiality obligations. We take all the appropriate measures to maximally secure personal information and to deal with any suspected data breach.
We will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate amount of time after we have parted ways, depending on local law requirements, type of data in question, any overarching legal and regulatory, our legitimate business and risk-management needs. We may, for example, be required to retain certain data for the purposes of tax reporting or responding to tax queries. In other instances, there may be some other legal, regulatory or risk-management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).
In determining the appropriate retention period for various types of personal data, in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we need to process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. You can obtain more information on our retention periods by emailing firstname.lastname@example.org.
You retain various rights in respect of your data, even once you have given it to us. These are described below:
· Right to be informed
· Right to access*
· Right to rectification
· Right to erasure
· Right to restrict processing
· Right to data portability
· Right to object
· Rights in relation to automated decision making and profiling
*Right to access: This right enables you to ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. This is called Data Subject Access Request (SAR or DSAR). We may ask you to verify your identity and for more information about your request. The SAR has no costs for you, unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
To get in touch or exercise any of these rights, please contact our Data Protection Officer, at email@example.com. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
· To third parties (such as regulatory authorities, advisers or other suppliers to Pogust Goodhead)
· To overseas suppliers; and
· To a cloud-based storage provider.
We want to make sure that your data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the European Economic Area (EEA) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
· By way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws;
· Transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation;
· Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a client of ours); or
· Where you have consented to the data transfer.
To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with, to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.
WHAT’S A COOKIE?
Cookies are small text files that can be used by nearly all websites to make a user’s experience more efficient. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Your consent applies to the domain www.pogustgoodhead.com, and you can at any time change or withdraw your consent from the Cookie Declaration on our website.
As a data subject, you are entitled to contact a Data Protection Authority if you have enquiries, concerns, or complaints regarding the processing of your data:
· The Netherlands: the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) may be contacted via their website (Contact us | Autoriteit Persoonsgegevens) or by calling +31 (0)70 888 85 00.
· Brazil: the National Data Protection Authority (Autoridade Nacional de Proteção de Dados) may be contacted via their website (Fale Conosco — Autoridade Nacional de Proteção de Dados (www.gov.br)) or by calling +55 (61) 2025-8101.
· Peru: the Peruvian Data Protection Authority (Autoridad Nacional de Protección de Datos Personales) may be contacted via their website (Contacto – Autoridad Nacional de Protección de Datos Personales – Plataforma del Estado Peruano (www.gob.pe)) or by calling (01) 204 8020 annex 2410.
Whether you’re a client, journalist, NGO, political operative, or legal professional, we’re always happy to talk. If you require any help or advice, please get in touch with the Pogust Goodhead team.
If you are a client in the Mariana dam disaster claim, please click here to be redirected to the client portal.