Privacy Policy

Last updated: October 2018

Introduction

  • We are a specialist Diversity and Inclusion ("D&I") consulting company that is committed to safeguarding the privacy and security of personal information provided to us.
  • This policy sets out how we collect your personal information, what we do with it, how we keep it secure and explains your rights in relation to any personal information we hold about you.
  • More information can be provided upon request. Please contact us by sending an email to PrivacyTeam@pinsentmasons.com.

Who we are

Brook Graham Limited is a specialist D&I consulting company that is a wholly owned subsidiary of Pinsent Masons LLP, an international law firm. We specialise in the strategic management of D&I in global companies.

We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers, contractors and partners comply with data protection laws in relation to the information we handle.

Why do we process your personal information?

We process your personal information where:

  • it is necessary for the performance of a contract with you (eg. to provide legal services to you);
  • you have provided us with your consent to use your personal information;
  • to exercise or defend our legal rights or to comply with court orders;
  • it is necessary to pursue our legitimate interests in a way which is reasonably expected as part of running our business, which is not detrimental to you and would have minimal impact on your privacy.

Examples of where our use of personal information is necessary to pursue our legitimate interests include:

  • monitoring and recording information relating to your browsing behaviour on our website to make personalised content available to you;
  • monitoring and recording information relating to web based services including how and when the system is accessed and how data is uploaded for the purposes of analysing the performance of and improving the quality of the products and services we provide to you;
  • processing information relating to our clients to send them information about our products and services. This helps to facilitate our business development activities including building relationships with current and prospective clients.

Collection, use and disclosure of your personal information

We collect and process personal information:

  • relating to online service userss;
  • obtained or created in relation to the legal services we provide;
  • relating to associates/contractors whom we use to provide our services to our clients;
  • relating to other third parties, including suppliers, experts and other service providers.

Information about collection, use and disclosure of personal information relating to Pinsent Masons LLP employees that provide their services to Brook Graham can be found in Pinsent Masons' Group Data Protection Policy.

The personal information we collect will include the types of data shown below. If you would like to access the personal information we hold about you, please contact us in writing at DataSubjectRequest@pinsentmasons.com.

Contacts

 
Types of personal data Identification information (eg. title, name, the company you work for, or your job title).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. in relation to paying for an event).

Technical information (eg.  IP address, browsing preferences, details of visits made to our online services, online registration details and login credentials).

Health or religious beliefs information (eg. access and dietary requirements for our events).

Images (eg. CCTV/ photos taken when attending our events).

Any other information relating to you which you may provide to us.
Collection Via CRM system

when you register to receive legal updates, or we otherwise receive your contact details.

Via our website

When you contact us by email or telephone.
Use To complete any request you may make in relation to your marketing preferences.

To provide and improve our services and products to you.

To promote our services and to contact you with communications about legal updates, breaking news, newsletters and event invitations.

To improve website user experiences.

To facilitate our internal business operations.

Monitoring and analysing our interactions with you to improve our relationship with you and help us to grow our business.

Make users' experiences more efficient and understand how we can improve your browsing experience and the services Pinsent Masons provides.

Analyse what subjects are of interest to particular users so that we can improve the content in our newsletters and promotional material.

For the prevention and detection of criminal activity.
Disclosure Your personal information:

●  may be transferred worldwide to our affiliates, and to service providers who support the operation of our business;

●  which is shared with service providers will be limited to the minimum required for providing the service and will be adequately protected; and

●  will not be given to other third parties, apart from in limited circumstances including where we run a joint seminar and you book onto it. 

Our Clients

 
Types of personal data Identification information (eg. title, name, the company you work for, your job title or position).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. in relation to paying for services).

Technical information (eg.  IP address, details of visits made to our online services such as the volume of traffic received, logs, online registration details and login credentials).

Health or religious beliefs information (eg. access and dietary requirements for our events).

Images (eg. CCTV/ photos when attending our meetings or events).

Personal information provided to us by or on behalf of our clients or generated by us in the course or providing legal services to you, which may include special categories of data.

Any other information relating to you which you may provide to us. 
Collection Directly from you

Relationship management and file opening information is collected from you directly.

Where we have direct contact with you as an individual identified in a matter on which we are advising our client, we may collect information directly from you.

From Third Parties

Some further information (eg. to verify your identity) may be collected from third parties, such as publicly available sources.

Where you are named in or connected with matters on which we are advising our client, we will collect information about you directly from our client.

Via web based services

Some information may be collected via a web based service you are using (eg. document production services on SmartDelivery).
Use Provide and improve our legal services to you.

Manage and administer our relationship with you.

Meet our commercial requirements (eg. creditworthiness).

Facilitate our internal business operations.

Establish, exercise or defend legal claims.

As required by law and to comply with our statutory/ regulatory obligations (eg. anti-money laundering).

In relation to our web based services we will monitor and record information relating to use of the services. This will include how and when the system is accessed and how data is uploaded.

For the prevention and detection of criminal activity.

Health and safety and the application, audit and enforcement of our policies.
Disclosure Your personal information: 

●  may be transferred worldwide to our affiliates, and to service providers who support the operation of our business; 

●  which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected; and

●  may be transferred to other third parties such as our insurers, legal and other professional advisors, regulators, administrators and government departments, who may be acting as data controller.

Associates/contractors

 
Types of personal data Identification information (eg. title, name, the company you work for, your job title or position).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. payment-related information).

Technical information (eg.  IP address, browsing preferences, details of visits made to our online services such as the volume of traffic received, logs, online registration details and login credentials).

Health or religious beliefs information (eg. access and dietary requirements for our events).

Images (eg. CCTV/ photos taken when attending our events) and swipe card access.

Diversity information (eg. sex, gender, ethnicity in diversity questionnaires).

Employment and education history, background checks and character suitability references (eg. criminal records checks and psychometric tests).

Any other information relating to you which you may provide to us.
Collection Directly from you 

Application forms and CVs.

Interviews.

Catch-ups and any other communication with you.

Events and networking.

From Third Parties 

Providers of background checks and referees.

Public domain (e.g. LinkedIn or other social media).

Clients that you have worked for.
Use Administration and management purposes including connecting Varios with suitable clients.

Assessing suitability, eligibility and/or fitness to work.

Performance management.

Training and development.

Pay and remuneration.

Health and safety and the application, audit and enforcement of our policies and other terms and conditions relating to you working as a Vario.

Ensuring our information and offices are secure.

Monitoring use of the @brookgraham.com email address and other information systems made available to you by Brook Graham.

For the prevention and detection of criminal activity.

Any other purposes connected with you providing services on behalf of Brook Graham.
Disclosure Your personal information may be:

●  stored worldwide within Pinsent Masons' information systems and within third party software applications and services which have been procured to support the operation of the Brook Graham team. When information is shared with service providers it is limited to that which is required for providing the service and will be adequately protected;

●  transferred to other third parties such as our insurers, legal and other professional advisors, regulators, administrators and government departments, who may be acting as data controller; and

●   shared with Brook Graham's clients who are considering our services. The customer may make such information available to their advisers, insurers or suppliers, regulatory authorities, governmental or quasi-governmental organisations. The customer's privacy policies will detail how it may further process your personal data.

Third Parties, including suppliers, experts and other service providers

 
Types of personal data Identification information (eg. title, name, the company you work for, your job title or position).

Contact information (eg. your postal address, email address and phone number).

Financial information (eg. payment-related information).
Collection Directly from you

Relationship management information is collected from you directly.

From Third Parties

Some further information may be collected from third parties, such as publicly available sources.
Use Manage and administer our relationship with you.

Meet our commercial requirements (eg. creditworthiness).

Facilitate our internal business operations.

As required by law and to comply with our statutory/ regulatory obligations (eg. anti-money laundering).
Disclosure Personal information: 

●  may be transferred worldwide to our affiliates, and to other service providers who support the operation of our business; 

●  which is shared will be limited to that which is required to enable us to facilitate our internal business operations and will be adequately protected; and

●  transferred to other third parties such as our insurers, legal and other professional advisors, regulators, administrators and government departments, who may be acting as data controller.

How long do we keep your information for?

We will always retain your personal information in accordance with applicable law, regulation and our data retention schedule which sets out the appropriate retention period for the information held by Pinsent Masons.  We will never retain your information for longer than is necessary, taking account of factors such as:

  • how long we need to keep the data for in the event of any claims or litigation;
  • guidance from official bodies such as the ICO and SRA;
  • how long we need to keep the data to fulfil the original purpose for which it was collected;
  • the nature and sensitivity of personal data; and
  • compliance with legal obligations (eg. to preserve data relevant to official investigations).

If you want to learn more about our specific retention periods please contact us at PrivacyTeam@pinsentmasons.com.

How do we protect your data?

The protection and security of your personal information is a number one priority for Pinsent Masons. We have a dedicated team who enforce and assure good industry security practices across all the countries we operate in. This enables us to secure and protect personal data from loss or unauthorised disclosure or damage in a consistent and appropriate manner. The firm adheres to ISO 27001, NIST and operate technology delivered in line with ISO 27001.

Your rights

We process the personal information we hold about you in line with your rights under applicable law. You have the right:

  • to request a copy of your personal information;
  • for your information to be processed by us fairly and in a transparent way;
  • to object to decisions that we take solely by automated means in relation to your personal information which may have a legal or similarly significant effect on you;
  • to object to processing of your personal information where we do so for the purposes of our legitimate interests; 
  • to request that any inaccurate personal information we hold about you is corrected or deleted;
  • to request that we delete your personal information under certain circumstances; and
  • to opt out of receiving electronic communications from us.

Should you wish to make a request in line with your rights as an individual, please send it in writing to DataSubjectRequest@pinsentmasons.com.

How to change your marketing preferences

If you no longer want to receive any marketing from us, please send an email to PrivacyTeam@pinsentmasons.com and we will action your request. Please note it can take up to 72 hours for your request to take effect.

How to make a complaint

You should direct any complaint relating to how the firm has processed your personal information to PrivacyTeam@pinsentmasons.com.

We hope that we can resolve any query or concern you raise about our use of your personal information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns.

Cookies and other technologies

Information on how we use cookies can be found here.

Links to other websites

We sometimes provide you with links to other websites, but these websites are not under our control. We will not be liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by these websites.

We recommend that you check the privacy policy and terms and conditions on each website to see how each third party will process your information.

Transfer of data between jurisdictions

As we are an international company, and part of an international law firm Pinsent Masons LLP, personal information may be transferred worldwide due to, for example, our shared IT systems and/or cross border working. We also use a number of suppliers in connection with the operation of our business and they may have access to the personal information we process for the purposes of supporting our business processes.  For example, an IT supplier may see your personal information when providing software support or a company which we use for a marketing campaign may process contacts' personal information for us.

When contracting with suppliers and/or transferring personal information to a different jurisdiction, the firm takes appropriate steps to ensure that your information is treated securely and the means of transfer provide adequate safeguards in accordance with applicable law.

Changes to this policy

We reserve the right to update and change this Policy in order to reflect any changes to the way in which we process your personal information or changing legal requirements. All changes will be posted on our website.

Contact information

Privacy Team, 19 Cornwall Street, Birmingham, B3 2DT, United Kingdom

PrivacyTeam@pinsentmasons.com

Glossary of terms

In this policy these terms have the following meanings:-

"CRM" the firm's client relationship management system, InterAction;
"customer" the person or persons, partnership, company or organisation to whom Brook Graham has agreed to provide certain consultancy services.
"data" recorded information whether stored electronically, on a computer, or in certain paper-based filing systems; 
"data controller" a person who or organisation which determines how personal information is processed and for what purposes. The equivalent term under the data protection law applicable to Hong Kong is "data user"; under the law applicable to Singapore it is simply referred to as an "organisation"; and under Australian law it is an "agency" or "organisation";
"individual" or "you" the person whose personal information is being collected, held or processed; 

"personal information" information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which the firm has or is likely to have in its possession. These individuals are sometimes referred to as data subjects;
"process" or "processing" any activity that involves personal information. It includes obtaining, recording or holding the personal information, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal information to third parties as a result of those third parties having access to it;
Brook Graham Limited: Registered in England and Wales: 6040951 VAT no. 899 0801 76
Registered office: 30 Crown Place, London, EC2A 4ES.