PRIVACY NOTICE (CLIENT AND CONTACTS)

 

Sauce People Limited (referred to as the Company, we, us or our in this Privacy Notice) are committed to protecting the privacy and security of your personal data.

 

This privacy notice provides you with the details on how we collect and use personal information about you as a client, potential client or other business contacts during and after our working relationship, in accordance with the General Data Protection Regulations (“GDPR”).

 

We issue other Privacy Notices that may also cover data we hold on you in other formats such as through using our website and specific notices for staff and candidates during a recruitment process. You should read this and any other relevant privacy notices so that you are aware of what information we hold, for what purpose and how we process it.

 

 

DATA PROTECTION PRINCIPLES

 

We will comply with all relevant data protection legislation. The General Data Protections Regulations 2018 says that the personal information we hold about you must be:

 

1. Used lawfully, fairly and in a transparent way;
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
3. Relevant to the purposes we have told you about and limited only to those purposes;
4. Accurate and kept up to date;
5. Kept only as long as necessary for the purposes we have told you about; and
6. Kept

 

 

IMPORTANT INFORMATION AND WHO WE ARE

 

Who is the Data Controller?

 

Sauce People Limited is the Data Controller and responsible for deciding how we hold and use your personal data.

 

We have appointed a Data Privacy Officer who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the Data Privacy Officer using the details set out below in this Privacy Notice

 

Contact details

 

Full name of legal entity:                                         Sauce People Limited

 

 

Name or title of Data Privacy Officer:                  Paul Thirlwell –  Director

 

Email address:                                                            enquiries@saucepeople.co.uk

 

Postal address:                                                           Unit 2, Manor Mill Lane, Leeds. LS11 8LQ

 

 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

We have a formal complaints process for clients which can be obtained from our website or from requesting it from any member of the team or emailing enquiries@saucepeople.co.uk Using this complaints process does not, in any way, affect your rights under General Data Protection Regulations as specified further in this Privacy Notice.

 

 

THE TYPES OF DATA WE PROCESS

 

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

 

The Company processes personal data about the following categories of people:

 

• Clients;
• Employees, associates, apprentices, casual workers and candidates of Clients;
• Potential clients;
• Other people, organisations and their employees involved in client matters we are acting on;
• Referrers of work; and
• Other third parties we (including our employees, associates and casual workers) have business relationships with.

 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

 

1. Client Data – this includes information about client matters we are acting on, including business and company relationships and affiliations, personal circumstances, employment background and circumstances, services provided to clients (or services which could be provided to potential clients) and staff

 

2. Contact Data – includes home address, billing address, email address and telephone
3. Financial Data – includes your financial affairs, details about payments to and from you, bank account and payment card details and salary and benefit Where we are making payments to you we may hold your banking details as provided by yourself in order to process the payment of monies owed.
4. Identity Data – includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, identification documents (including passport and/or driving licence information).
5. Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication
6. Supplier Data – incudes details about the goods or services you or your company provide to us and the prices paid.

 

In some circumstances we may process special categories of personal data about you in relation to our work for you as a client or potential client. In such cases we will take particular care to only process such data in accordance with strict legal parameters.

 

Special Category Data includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, information about criminal convictions and offences.

 

We may obtain personal data from you directly, from our clients or from other third parties involved in matters we act on for our clients. We may also obtain personal data from other third parties (including publicly available information).

 

When we ask you for information directly, it is your responsibility to ensure that all such information is complete and accurate. If the information provided by you changes during our work together, please let us know as soon as possible so that we can keep our systems updated.

 

The table below identifies what type of data we may collect for each type of individual category of people.

 

 

 

 

 

Category of person	Personal data	Sensitive data	Reason(s) for processing	Detriment assessment for legitimate interest
Clients	1.    Client data 2.    Contact data 3.    Financial data 4.    Identity data 5.    Marketing and communication data	When required for an individual matter we may process data relating to your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, information about criminal convictions and offences.	Contractual Legal obligation Legitimate interest	Legitimate interest relates to all marketing and communication data, we have a legitimate business interest to process this data and keep current and previous clients up to date with changes to the law, relevant content and our services.
				Any business can request for their information to be processed for marketing and communication data purposes.
				All other data listed is not covered by legitimate interest.

 

 

 

Category of person	Personal data	Sensitive data	Reason(s) for processing	Detriment assessment for legitimate interest
Employees, associates, apprentices, casual workers and candidates of Clients	1.    Client data 2.    Contact data 3.    Financial data 4.    Identity data 5.    Marketing and communication data	When required to provide legal advice and guidance to clients with regards to their employees, associates, apprentices, casual workers and candidates we may process data relating to their race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, information about criminal convictions and offences.	Contractual Legal obligation Legitimate interest	Legitimate interest relates to all marketing and communication data, we have a legitimate business interest to process this data and keep current and previous clients up to date with changes to the law, relevant content and our services. We use the data gathered to target this marketing and do not target employees of client’s directly.   Any business can request for their information to no longer be processed for marketing and communication data purposes.
				All other data listed is not covered by legitimate interest.

 

 

 

Category of person	Personal data	Sensitive data	Reason(s) for processing	Detriment assessment for legitimate interest
Potential clients	2. Contact data   3. Financial data   5. Marketing and communication data	When required during the process of discussing the issues a potential client faces we may process data relating to their employees, associates, apprentices, casual worker and candidates race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, information about criminal convictions and offences.	Legitimate interest Consent	Legitimate interest relates to all marketing and communication data, we have a legitimate business interest to process this data and keep current and previous clients up to date with changes to the law, relevant content and our services.   Any business can request for their information to no longer be processed for marketing and communication data purposes.
				All other data listed is not covered by legitimate interest.
Other people, organisations and their employees	2. Contact data   3. Financial data	None required to be recorded. Any disclosure of sensitive data will be treated with particular care	Legal obligation   Legitimate interest	We have a legal obligation to process certain information and data when the advice we carry out

 

 

 

Category of person	Personal data	Sensitive data	Reason(s) for processing	Detriment assessment for legitimate interest
Involved in client matters we are acting on		to only process such data in accordance with strict legal parameters and if required specific to your relationship with us.		includes work with the Employment Tribunal, High Court, HMRC or similar body.   We have a legitimate interest to hold data and information with regards to organisations, employees and other involved parties with any matter for which we act upon.   No detriment will be suffered by any person for whom we hold and process such data as we will use it solely for the purpose of which it is intended and keep it confidential to the parties involved and/or only relevant third parties such as the Employment Tribunal, Courts or similar relevant organisations.

 

 

 

Category of person	Personal data	Sensitive data	Reason(s) for processing	Detriment assessment for legitimate interest
Referrers of work	1. Contact data   3. Financial data   5. Marketing and communication data	None required to be recorded. Any disclosure of sensitive data will be treated with particular care to only process such data in accordance with strict legal parameters and if required specific to your relationship with us.	Legitimate interest	Legitimate interest relates to all data held – including marketing and communication data, we have a legitimate business interest to process this data and keep referrers up to date with our current services, changes to the law which may affect individuals or organisations to whom they refer to us.   Any business can request for their information to no longer be processed for marketing and communication data purposes.
Other third parties we (including our employees, associates and casual workers) have business relationships with.	2. Contact data   3. Financial data   6. Supplier data	None required to be recorded. Any disclosure of sensitive data will be treated with particular care to only process such data in accordance with strict legal	Contractual Legal obligation Legitimate interest	Where there is a legitimate interest it with regards to information that have provided information to us above and beyond what we

 

 

 

Category of person	Personal data	Sensitive data	Reason(s) for processing	Detriment assessment for legitimate interest
		parameters and if required specific to your relationship with us.		require contractually or legally.   No detriment is suffered, the information is offered voluntarily from the individual and the individual can request to review and remove any of this data from our records if they request and we are able to comply subject to legal and contractual obligations.

 

 

 

WHAT DO WE DO WITH YOUR DATA?

 

We process your personal data for the purposes of providing legal services to our clients and prospective clients. We also process personal data for the purposes of our business including:

 

• Fraud prevention, anti-money laundering, anti-bribery and for the prevention of other crimes;
• Ensuring the safety and security of our staff and premises;
• Disclosures to our auditors, regulators, our legal and professional advisers, our insurers and insurance brokers;
• Administering our internal accounts, including preparation of invoices and debt collection;
• Managing our business, developing new products and services, managing our hardware and software;
• Advertising, marketing and publicity, including sending you email or postal legal updates and invitations to events where we have a legitimate interest in doing

 

 

WHAT IS THE BASIS FOR PROCESSING YOUR DATA?

 

We will only use and process your personal information when the law allows us to, most commonly in the following circumstances:

 

• Where we need to perform our contract with you (including taking steps at your request before we enter into a contract with you);
• Where we need to comply with a legal obligation; and
• Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.

 

We may also use your personal information in the following situations, which are likely to be rare:

 

• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest or for official

 

In addition, in some circumstances we may process personal data of our clients, potential clients and business contacts where we have their express consent to do so, for example, by signing up to receive copies of our email updates on our website contact form or on a feedback form, by agreeing to be a referee in support of our legal directory or award submissions or agreeing to provide testimonials about our products or services for publicity purposes. If you provide consent, you can withdraw it at any time, either by unsubscribing from one of our email updates or by contacting us using the details above.

 

WHO DO WE SHARE YOUR DATA WITH?

 

When we process and use the personal data of our clients, potential clients and other business contacts, we may need to share that personal data with other parties, including:

 

• Third parties involved in your matter, including (but not limited to) courts, Tribunals, ACAS, other legal and professional advisers with whom we work, other parties to the matter (including counterparties), experts and private investigators.
• Suppliers and service providers used by us in providing our services to you, including case management and document storage systems, marketing platforms (such as MailChimp), IT service providers (including cloud based providers of software services) and data room providers.
• Financial organisations, debt collection services, identity checking agencies, credit reference and tracing agencies.
• Our auditors, our regulators, our professional body, our own legal and other professional advisers, our insurers and insurance brokers.
• Government agencies, other authorities, the Information Commissioner’s Office and
• Legal Directories (Legal 500 and Chambers and Partners).

 

 

HOW LONG DO WE KEEP YOUR DATA?

 

We will only retain your personal information for as long as necessary for the purposes we collected it for. When deciding the appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

If appropriate, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

 

Unless we have reasonable grounds for lawfully holding your personal data for a longer period, our normal retention periods for paper or electronic records are as follows:

 

• Client, contact, financial, identity, supplier and special category data – we will retain this for a period of 6 years from the date of file closure.
• Marketing and communications data whilst a member of our email newsletter distribution list

 

 

WHAT DO WE DO ABOUT DATA SECURITY?

 

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only

 

process your personal information on our instructions and they are subject to a duty of confidentiality.

 

We vet and review the security measures of any third party agent who we use to store and/or process your data. Where possible we limit access for these third party providers for only the required information needed to complete the tasks for which they are instructed to complete on our behalf.

 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

 

INTERNATIONAL TRANSFERS

 

We store some of our Client data on services which may result in personal information going outside the European Economic Area (EEA) such as MailChimp and other cloud platforms.

 

We have ensured that service providers processing your data offer an appropriate level of data security, privacy and protection that is commensurate to the data which we choose to store there.

 

Service providers have agreements in place that provide contractual consent to process the data which we provide to them.

 

We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

WHAT ARE MY RIGHTS?

 

Under certain circumstances, by law you have the right to:

 

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

 

• Request the transfer of your personal information to another

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing.

 

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

 

YOUR RIGHT TO WITHDRAW CONSENT

 

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Paul Thirlwell, in writing. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 

 

CHANGES TO THIS PRIVACY NOTICE

 

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

 

If you have any questions about this privacy notice, please contact Paul Thirlwell at enquiries@saucepeople.co.uk OR in writing to the office.