Privacy policy

1.  Who we are

For the purpose of this Privacy Policy, “you” or “your” means any end user accessing or receiving our services or using our Website (as defined below), and “we” or “us”, “our” or “Asserson” means Asserson Law Offices, an English partnership, regulated by the Solicitors Regulation Authority (Number 549779) and our other branches set out below. Our offices are located at Central Court, 25 Southampton Buildings, Holborn, London, WC2A.

If you are a supplier or a job applicant, it will also include our Israeli branch (Asserson Law Offices, with company number 513723015). If you are a client instructing us to act on matters pertaining to US laws, it will also include our US branch (Asserson Hiller PC).

2.  What We Do

We are an English and US legal practice and provide English and US legal advice on various areas of law.

3.  How We Process Personal Data

This Privacy Policy, and any other documents referred to in it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This Privacy Policy also sets out how you can instruct us if you prefer to limit the use of that personal data, and the procedures that we have in place to safeguard your privacy.

Please read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of applicable data protections laws, in particular the UK GDPR, we or our instructed subsidiary undertaking will each be regarded as an independent data controller of your personal data.

By using or accessing our Website at https://www.asserson.co.uk (the “Website”), communicating with us, or instructing us to act for you, or when we provide our services to you, you understand and agree that we will collect and process your personal data in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you must not use our services, access the Website or submit information to us through or in connection with our services, the Website or otherwise.

4.  Contact Us

For questions, complaints or requesting further information from us on data protection and privacy, or any requests concerning your personal data, or where you’ve identified a risk to our processing of personal data, please write to dataprotection@asserson.co.uk.

5.  Personal Data We May Collect About You

Personal data means any information about an individual from which that person can be identified. We collect and process the following personal data about you:

  • Identity Data: your full name, marital status, title, date of birth and gender;
  • Due Diligence Data:  photo ID, proof of address (e.g. utility bill or bank statement), and other legally required information (such as businesses in which you work, hold a directorship or other senior role, or otherwise own or hold an ownership interest);
  • Contact Data: your billing address, contact address, email address and telephone numbers;
  • Education and Employment Data: information regarding your education or employment history where you apply for a job with us;
  • Financial and Transaction Data: your bank account details and, where applicable, your payment card details, and details of payments to and from you, or other financial or transactional details relevant to our services to you;
  • Profile and Marketing Data: login information regarding password protected platforms or services when provided by us, your preferences in receiving marketing information from us, your communication preferences, feedback and survey responses; and
  • Technical and Usage Data: internet protocol (IP) address, login data, browser type and version, device type, time zone setting, browser plug-in type and versions, operating system and platform and other technology on the devices you use to access the Website, and information on how you interact with and use our Website and services.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Technical and Usage Data to calculate the percentage of users accessing a specific feature of our Website in order to analyse general trends in how users are interacting with our Website to help improve the Website and our service offering.

In certain circumstances, our collection of the different categories of data set out above may include the collection of Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also may collect Criminal Convictions and Offences Data. This may be relevant in some general litigation or employment representation, such as disputes involving alleged discrimination, or where we represent you in tax or social security matters. It may also be relevant where you are applying for a role within our business. We would process such Special Categories of Personal data or Criminal Conviction and Offences Data:

  • where you are a client or prospective client of our business, to assist you and/or your business in complying with any rights or obligations (including legal or regulatory obligations) to which you or your business may be subject;
  • where you are a client or prospective client of our business, to establish, exercise or defend legal claims; and/or
  • where you are a job applicant, to comply with applicable law.

Where you fail to provide us with the personal data we request in order to comply with our legal or professional obligations, provide our services to you, or perform our contract with you, we may not be able to provide you with our services or enter into or perform our contract with you. In such event, we may have to terminate our engagement or contract with you. We will notify you in the event we can no longer continue our contract with you.

6.  Personal Data We May Collect About Other Individuals

Where you provide us with the personal data of other individuals, such as your referees, employees, counterparties, other advisors, customers or contractors, you must ensure that you have their permission and/or a lawful basis to do so.

7.  How Is Your Personal Data Collected

We use different methods to collect data from and about you including:

  • In the process of carrying out work for you (or your business) where we will in almost all instances act as a controller. In circumstances where we act as a processor we will ensure that an appropriate contract is put in place.
  • When we communicate with you by email or other electronic correspondence, by telephone or using video conferencing software. You may give us your Identity, Contact, Due Diligence, Education and Employment, and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • apply for a role within our business;
    • engage in a recruitment process with us (including when attending our offices, meeting our employees and during interviews);
    • make a request for our services;
    • create an account on our Website;
    • subscribe to our publications;
    • request marketing to be sent to you;
    • complete a survey;
    • provide us with feedback;
    • make a request for our services;
    • offer your services or goods to us;
    • create an account on any platform we provide (e.g. to access data rooms hosted by us)
    • subscribe to our publications;
    • request marketing to be sent to you;
    • complete a survey; or
    • provide us with feedback.

We also collect personal data from and about you:

  • through your actions (for example, when submitting a job application);
  • through automated technologies or interactions. As you interact with our Website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. See our cookie policy at https://assersonstg.wpenginepowered.com/legals/#cookies_policy for further details; and
  • Identity and Contact Data from publicly available sources, such as Companies House based inside the UK, or other third party databases (e.g. to confirm your information is accurate).

8.  How We Use Your Personal Data

a.  Legal basis

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

  • Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate interests: Where it is necessary for our legitimate interests as a legal services provider (or those of a third party) and your interests and fundamental rights do not override those interests. These legitimate interests may include our interests in managing our relationship with our clients, prospective clients and their staff, hosting clients and others at our offices, hosting virtual and in-person events and ensuring appropriate standards and compliance with policies, practices or procedures.
  • Legal obligation: Where we need to comply with a legal obligation to which we are subject.
  • Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example for direct marketing or if you subscribe to an email newsletter.
  • Where processing of Special Categories of Personal Data is necessary in the context of legal claims or where another legal ground other than explicit consent is available to us under relevant data protection legislation.
  • Where our legal services require us to process Special Categories of Personal Data and where we have obtained your explicit consent to do so. If we seek and obtain your consent, you may withdraw it at any time.

b.  Purposes for Which We Will Use Your Personal Data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/UseType of personal dataLawful basis
To verify whether we can act for you as a new or existing client or opposite you as a counter party or other third party on a matter involving a new or existing client, and carry out all of our regulatory compliance requirements, including conflicts of interest, anti-money laundering, anti-terrorism, sanctions, fraud and background screening.Identity, Due Diligence, Financial and Contact DataPerformance of a contract with you Necessary to comply with a legal or regulatory obligation Public interest Necessary for our legitimate interests (to detect and prevent the commission of fraud, money laundering and terrorism offences)
To deliver our services to you including engaging service providers, recording time spent on matters, managing payments, fees and charges and collecting and recovering money owed to usIdentity, Contact and Financial and Transaction DataPerformance of a contract with you Necessary for our legitimate interests (to recover debts due to us; and to gain insights on time spent on matters)  
To manage our relationship with you, including to notify you about changes to our terms or this Privacy PolicyIdentity, Contact and Profile DataPerformance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers and clients use our products and services)
To process applications for employment or otherwise to be engaged by us as a consultant or contractorIdentity, Contact and Education and Employment DataPerformance of a contract with you
To enable you to complete a survey or provide feedback on our services or allow you to post a comment on our WebsiteIdentify, Contact, Profile and Marketing Data, and Technical and Usage Data Performance of a contract with you Necessary for our legitimate interests (to study how customers and clients use our products and services, to develop them and grow our business)
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), for insurance purposes and to exercise or defend our legal rights or to comply with court ordersIdentity, Contact, Technical and Usage DataNecessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation
To delivery relevant content to you and measure or understand the effectiveness of the marketing we provide to youIdentity, Contact, Profile, Technical and Usage, Marketing and Communication DataNecessary for our legitimate interests (to study how customers use our products and services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to provide our Website, services, marketing, customer relationship and experiencesTechnical and Usage DataNecessary for our legitimate interests (to define types of clients and customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)
To connect with you, or make suggestions and recommendations to you about services that may be of interest to youIdentity, Contact, Technical and Usage, Profile, Marketing and Communications DataNecessary for our legitimate interests (to develop our products and services and grow our business)

As Asserson operates for all intents and purposes as one firm, we may use client intelligence tools accessible to our various offices allowing the centralisation of our client files. This allows us to stay connected, and streamline data quality management, and offer a better experience to our clients requiring our services from our different firms.

9.  Direct Marketing

Where you are already a client of Asserson, we will contact you by e-mail or by telephone with promotional material relating to services similar to those which you have previously received. You will be entitled to opt out from this by contacting us or by clicking “unsubscribe” in the electronic communication you receive.

Where you are not a client of Asserson, we may contact you where your information is publicly available or where you have expressed interest in being contacted following an event.

For certain promotional activities (e.g. third party marketing), we will rely on consent to sign you up to marketing materials. If you do not want us to use your information in this way, please tick the relevant box (or boxes) situated on the form on which we collect your data (e.g. the registration form).

10. Disclosures of Your Personal Data

Your personal data may, for the purposes set out in this Privacy Policy, be disclosed for processing to:

  • our subsidiary undertakings;
  • our employees;
  • our subcontractors;
  • barristers or other legal professionals, where required;
  • successors in title to our business;
  • a prospective seller or buyer in the event that we sell or buy any business or assets, in which case we will disclose your personal data to such business or assets;
  • third party consultants or contractors to assist in providing you with our services (e.g. legal advice);
  • service providers who may access your personal information when providing services (such as IT support services) to us;
  • Government bodies and law enforcement agencies (for example, the police) and in response to other legal and regulatory requests, if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
  • auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes or processes;
  • to any third party where such disclosure is required in order to enforce or apply any contracts we have in place, or to protect the rights, property, or safety of our company, our clients, our employees or contractors, or others but always in accordance with applicable laws; and/or
  • protect the rights, property or safety of Asserson, our customers, our employees, our contractors, or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

11. International Transfers

A large portion of our workforce is located abroad, which involves accessing or transferring your personal data outside of the UK to our other branch located in Israel, recognised as a country providing adequate protection to personal data by the UK Secretary of State. Our US branch also operates out of Israel.

We may also transfer your personal data to countries outside of the UK to countries that do not provide the same level of data protection and are not recognised as providing adequate protection by the UK Secretary of State. the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide to you, or where it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal data, such as the UK Addendum to the EU Standard Contractual Clauses or the IDTA.

To obtain a copy of these contractual safeguards, please contact us at dataprotection@asserson.co.uk.

12. Information Security

The Internet is not a secure medium. However, we have put in place various security procedures with regards to the Website and your electronic communications with us, as set out in this Privacy Policy.

Please be aware that communications over the Internet, such as e-mails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet.

We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

All of our employees and data processors that have access to, and are associated with, the processing of your personal data are obliged to respect the confidentiality of our users’ information.

We ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.

13. Your Rights in Relation to Your Information

You can write to us at any time to obtain a copy of your information and to have any inaccuracies corrected. Please write to: dataprotection@asserson.co.uk.

You have the following rights under data protection laws in relation to your personal data:

  • Access: you are entitled to be provided with a copy of the personal data we hold about you, and verify we are lawfully processing it.
  • Deletion: you have the right to ask us to delete personal information we hold about you though please bear in mind that we may need to keep all or part of your data in accordance laws and professional regulations to which we are subject, or to exercise or defend our legal rights .
  • Rectification: you are entitled to have any incomplete or inaccurate personal data corrected.
  • Withdraw consent: where collect and/or process your personal data for which you have provided consent, you have the right to withdraw your consent in relation to such processing.
  • Restriction: under certain circumstances specified by Data Protection Legislation, you have the right to request us to restrict the processing of your personal data, or we may restrict the processing of your data (e.g. if you claim your data is inaccurate, you object to the processing of your personal data and we are considering your request, if processing is unlawful and you oppose erasure and request restriction instead, etc.)
  • Object: you have the right to object to our processing of your personal data based: (i) on our legitimate interests or the performance of a task in the public interest; (ii) direct marketing (including profiling); (ii) processing for purposes of scientific/historical research and statistics.  In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • Portability: you have the right to request us to provide you with your personal data in a structured, commonly used and machine-readable form and to ask us to transmit the data directly to another organisation if this is technically feasible.

Requests must be made in writing to dataprotection@asserson.co.uk. Please provide us with your name and address when making any such request, along with brief details of the information of which you would like a copy or which you would like to be corrected (this helps us to locate more readily your data).

We may require proof of your identity before providing you with details of any personal data we may hold about you.

We may only request a reasonable fee from you when your request is manifestly unfounded or excessive or repetitive or we receive a request to provide further copies of the same information.

14.  Cookies

We use cookies to distinguish you from other users of the Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website. For detailed information on these cookies, the way we use them and the purposes for which we use them, please see our cookie policy at https://assersonstg.wpenginepowered.com/legals/#cookies_policy.

15. Where We Store and Process Your Information

The data that we collect from you will be stored at a destination within the UK and in Israel. Israel is recognised by the UK Secretary of State and the European Commission as providing adequate protection to the rights and freedoms of individuals. This means that no further action is necessary in order to transfer information to Israel. The data will be processed by staff operating within the UK and in Israel who work for us or for one of our suppliers or affiliates or and third party consultants, contractors or other service providers who may access your personal information when providing services (such as IT support services) to us. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

16. Changes to this Privacy Policy

We reserve the right to amend or modify this Privacy Policy and if we do so we will post the changes on our Website. It is your responsibility to check the Privacy Policy every time you submit information to us. Historic versions of this Privacy Policy can be obtained by contacting us.

In the event the purposes for which we process personal information changes, then we will contact you as soon as practicable and seek your consent, where such notification relates to a new additional purpose for processing which is not compatible with, or similar to, the originally specified purposes.

17. Use of Your Personal Information Submitted to Other Apps or Websites

We are not responsible for the privacy policies and practices of other apps or websites (such as social media plugins), even if you accessed the third party website or app using links from our Website or by means of our services.

We recommend that you check the policy of each website or app you visit and contact the owner or operator of such website or app if you have concerns or questions.

18. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data, see below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

19. Applying for a Job Online or Sending Us Your CV

When you apply for a job online you will have to provide us with detailed personal information. We will retain this information for at least six months to enable us to deal with enquiries about your application, after which time it will be destroyed. If you are not selected for the post but are a preferred candidate, we may contact you again should a suitable vacancy arise. Likewise, if you send us your CV speculatively, we may contact you should a suitable vacancy arise.

20. Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (https://ico.org.uk/). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance by writing to dataprotection@asserson.co.uk.