We are committed to treating your personal data properly and lawfully. These FAQs explain how we handle and protect the information you provide.
The law on data protection changed this year when the General Data Protection Regulation (GDPR) was implemented. We want to make sure we are transparent and clear about how we look after your personal data.
We have appointed a Data Protection Officer (DPO) who can be contacted at:
Data Protection Officer | Matrix House | Basing View | Basingstoke | RG21 4DZ
T: +44 (0)1256 407100 | E: email@example.com
Our DPO works with all departments at the firm and reports regularly to the firm’s management board. We reviewed and updated our systems, processes and policies ahead of the EU General Data Protection Regulation and the UK Data Protection Act 2018.
In addition, all our staff are encouraged to take personal responsibility for the information they manage.
We have updated our internal procedures and policies and reviewed our systems. We have invested in data protection training for all staff and partners of the firm, including staff of Intelligent Office who work closely with us in the provision of our services. All new staff joining us receive the same training. Data protection training has been added to our regular ongoing training schedule.
We have set up an ongoing audit process to ensure we continue to manage personal data appropriately. Our DPO and risk and compliance team provide data protection guidance internally, manage data protection elements of external contracts and work with our information security team to ensure we have appropriate technical and organisational measures to keep personal data safe.
We will only ever use your personal data to provide you with legal services or in the legitimate interests of the business. We will never sell your data to anybody else.
Penningtons Manches LLP is registered as a data controller with the Information Commissioner’s Office with registration number Z6414666. Our associated entities PennTrust and Penningtons Manches (US) LLP have separate registrations. Our DPO is a GASQ certified Data Protection Practitioner.
As a law firm, we are registered with the Solicitors Regulation Authority.
We also have external accreditations: Cyber Essentials Plus and PCI-DSS (payment card industry standard).