privacy policy
Effective date: 1st June 2024
This is the privacy notice for Noremo UK Ltd. This privacy notice tells you about how we look after your personal data when you visit our website or otherwise if you work or communicate with us and it tells you about your privacy rights and how the law protects you.
1. Important Information and Who We Are
This privacy notice aims to give you information on how Noremo UK Ltd collects and processes your personal data through your use of our website or otherwise when you communicate or interact with us in the course of business.
We are the data controller of your personal data. We are responsible for its security and for ensuring that we use it only for the purposes outlined in this Privacy Notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights referred to at section 9 below, please contact us using the details set out below.
Contact details
We are Noremo UK Ltd, with a registered office at Pegaxis House, Suite 8, 61, Victoria Road, Surbiton, Surrey, KT6 4JX, United Kingdom. We are registered with the Information Commissioner’s Office, registration number ZB694405. If you need to get hold of us for any reason in connection with your personal data, please email: info@noremo.uk
Although you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), we would, of course, appreciate the chance to deal with your concerns about data protection directly so please contact us in the first instance.
2. The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
· Contact Data includes name, role at business, email address, phone number, address;
· Identity Data includes copies of your passport, utility bills, driving licence, as required to comply with Anti-Money Laundering Regulations;
· Correspondence Data includes email correspondence, other correspondence, notes of conversations;
· Financial Data includes information about your bank account or payment methods,
· Usage Data includes information about how you use our website;
· Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
3. How is your personal data collected?
We use different methods to collect data from and about you including through:
· Direct interactions. We collect the majority of your data when you choose to give this to us by email, over the phone, in person at meetings or otherwise. We may also be provided information about you from your employer or other lawyers in the course of a matter that we are advising on.
· Publicly available sources. We may collect information about you from publicly available databases such as Companies House, Linkedin or ID checking agencies.
4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
· in anticipation of or in accordance with our provision of consulting services where we are engaged to do that; or
· where we consider it is in Noremo UK Ltd legitimate business interests to do so and we have balanced those interests against your fundamental rights (for example to manage our relationship with you); or
· where we need to comply with a legal or regulatory obligation; or
· where you have provided your specific consent.
5. Disclosures of your personal data
We do not generally share your information with third parties although sometimes we are required to do so in the course of providing our legal services.
In the course of the provision of our services, and as you would expect of any operating business, we will need to share your personal data with the following:
· Our IT support and hosting companies, providing us with IT services including a practice management system.
· Our professional advisors.
· Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. We do not allow these companies to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
6. International transfers
Unless you work for a company outside the UK or European Economic Area, we do not as a matter of course, transfer your personal information outside the UK or the European Economic Area. Should we need to do so, we would ensure any transfer was compliant with the UK’s data protection laws.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data retention
How long will you use my personal data for? We are only permitted to keep information for as long as it is necessary to do so. Generally speaking, client files are destroyed after seven years. Certain original documents or files may need to be kept longer if there is a risk of destroying something which is needed. We will also always keep a small amount of information after file closure to do conflicts of interest searches in the future and to otherwise comply with our professional duties.
9. Your legal rights
You have the right in certain circumstances to:
· Request access to your personal data (a "data subject access request").
· Request correction of the personal data that we hold about you.
· Request erasure of your personal data.
· Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is some thing about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
· Request restriction of processing of your personal data.
· Request the transfer of your personal data to you or to a third party
For more information on these rights and when they apply see:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.