This policy explains matters concerning user privacy and covers the obligations and requirements of the users, the website and the website owners. The means by which this website processes, stores and protects user data and information is also detailed in this policy.
Ip & Heathfield will be the manager of any personal data that we collect from or about you in connection with the provision of our professional services, or related activities such as promoting our business areas, marketing or handling job applications.
You may find the notice as to why your personal data is collected, how it is intended to be used, to whom your personal data may be provided, and how to access, review and correct your personal data in accordance with the requirements of Personal Data (Privacy) Ordinance (Cap. 486) and the details of the terms “personal data” and “sensitive personal data” can be found in the Personal Data (Privacy) Ordinance (Cap. 486)
Content from Other Websites
Collection, use and disclosure of Personal Data
We generally do not collect your Personal Data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the Personal Data is collected, and (ii) you (or your authorised representative) have provided consent to the collection and usage of your Personal Data for those purposes, or (b) collection and use of Personal Data without consent is permitted or required by the Act or other laws. We shall seek your consent before collecting any additional Personal Data and before using your Personal Data for a purpose which has not been notified to you (except where permitted or authorised by law).
We may collect and use your Personal Data for any or all of the following purposes:
Privacy of Your Data
We will not use your personal data for any other purpose, nor disclose it to nor share it with any third party, without your consent unless we are required to do so by law, or as mentioned below in this section.
Any personal information submitted as part of an application for a job with Ip & Heathfield will only be used in connection with such application.
Professional or business contacts
If you have given us your professional or business contact details or other relevant personal data, we may use such data for the purposes of promoting our legal services, unless you indicate otherwise.
Other professionals and other bodies
In the course of providing legal services, we may require the services of third parties such as counsel, external / overseas lawyers, accountants and experts, or we may refer you to such third parties. This will require us to share with such third parties your contact details, as well as any further personal data which is relevant to the services they provide. We may also be required to disclose your personal data to regulators, by order of the court or to government departments.
Data processing services
Some of our data processing services may be supplied by third-party providers who will need to have access to your data for that purpose. We will appoint such third-party suppliers on the basis that they implement the technical and organisational measures necessary to meet the requirements of the applicable Data Protection legislation and ensure the protection of the rights of the data subjects. We will also ensure that they carry out such processing only on our written instructions, or where we have a legitimate interest in doing so, as indicated above.
Sharing Your Data
In order to provide some of our professional services, we may need to share your personal data with one or more third-party providers situated in foreign countries that do not have the same standards of data protection laws. We will only do so with your consent, or where it is necessary for the performance of the contract we have with you. However, we will ensure that contractual and other safeguards are in place so that your personal data is adequately protected, and that enforceable rights and effective legal remedies are available for data subjects.
Retention of personal data
Should you contact us with an enquiry about our professional services but subsequently not become a client (or the company or other person you represent does not do so), it is Ip & Heathfield policy to delete your personal data after 12 months.
If you already become a client (or the company or other person you represent is or becomes a client), we normally retain contract information (including personal data) for seven years after the end of the relevant contract or client relationship, or for longer where it is necessary for us to do so to comply with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with you to do so. In some cases we may need to retain records indefinitely.
Personal data relating to our professional relationship will be retained for so long as necessary, or until you indicate otherwise to us. We aim to update our contacts’ preferences on a regular basis.
In cases where it is not physically possible to delete certain data (for example, where it is stored on a secure external server), we will take the necessary measures to ensure that it is not available for re-use or disclosure to third parties.
Security Over Your Data
We take reasonable precautions to ensure that your personal data remains confidential and have put in place appropriate security measures to protect your personal data. We will limit access to those who have a business need to know; they will only process your personal data on our instructions and subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.
Your Rights Over Your Data
At any time, you can ask us to provide you with an exported file of the personal data we hold about you, including any data you have given us. You can also request that we erase any personal data we have about you. We will do, however this does not include any data we are obliged to keep for administrative, legal, or security purposes.
Changes of this policy
We may revise this Policy from time to time without any prior notice. Any amended Policy will be posted on our websites. You are encouraged to visit our websites regularly to ensure you are familiar with our latest Personal Data policies. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated.
Your continued use of our services constitutes your acknowledgement and acceptance of such changes.
Data Protection Officer
If you have any questions, comments or requests about our commitment to data protection, please contact the Head of Finance & Operations or any of the partners at Ip & Heathfield