Privacy Notice - Clients
- Data Controller
The partners of Dehns are the Data Controllers for data protection purposes and Dehns is registered under the Data Protection Act 1998. Dehns can be contacted concerning data protection matters at firstname.lastname@example.org.
- Who we collect information about
In order to deal with your affairs, we may store and process information comprising personal data. This personal data will concern you as our client, if you are an individual. Where you are not an individual, this personal data may concern your representatives e.g. your employees who we deal with. We may also store and process personal data concerning individuals who are the owner or licensee of a proposed, pending or granted patent, design, trade mark or other intellectual property right which we are handling on your instructions, or concerning individuals who are an inventor, whether actual or potential, or designer designated in connection with such an intellectual property right. Where you, our client, are an IP attorney, lawyer or similar professional, this will include equivalent individuals connected with your own clients for whom we are passed personal data as part of the services we are to perform.
- What information we collect, how we obtain it and how we store it
The personal data we collect will be the name of the individual concerned, their relationship to our client and, where we will need to contact them directly, their contact details (including postal address, email address and telephone number).
Where you, our client, are an individual, we will request sight of your passport for identity verification purposes and so additional information contained therein will also be collected. We will receive your business bank account details when you make a payment to us and we may use this to make refunds to you, where appropriate. We may also collect financial data for credit-referencing purposes.
In the case of an inventor or designer, the personal data may include a contact address, information as to the individual’s nationality, profession and country of residence, whether they are an employee of the owner of the intellectual property right concerned, and / or brief details of how rights were transferred from that individual to the owner.
We will usually obtain this data from you, our client, or your representatives. By accepting our Terms of Business, you are confirming that personal data provided to us by you or your representatives concerning other individuals is so provided with the prior permission of those individuals. In certain situations, we may obtain the information from an existing record in the public domain e.g. from details concerning a particular intellectual property right as published by various public intellectual property organisations around the world. Where you, our client are an individual, we may also obtain personal data from credit-referencing agencies.
The personal data will be entered, where applicable, into the databases within our specialised case management system, our accounting and credit control systems, in records held within our document management system and within written records held for specific cases. Data may also be held in communication systems and software.
- Why we process personal data and the legal basis for doing so
Where you, our client, are an individual, we process your personal data under the legal basis that it is necessary for the performance of our contract with you.
In respect of data collected in respect of your representatives or the other individuals referred to above, we process this data under the basis that we have a legitimate interest to do so because such data is also necessary to properly perform the services we have agreed to supply to you.
We also have a legitimate interest to use the information we hold about you or your representatives to contact you from time to time to advise you of information such as developments in the law or other news or to bring to your attention services which may be of benefit to you. You have the right to object to direct mailing in this way.
- Who has access to this data and the third parties we share it with
The personal data will be entered into our databases and /or written records and the details will then be accessible by all of our partners, staff and consultants located in our offices within the UK and in Germany unless we specifically agree with you that certain details are restricted to selected personnel.
Details may also be made available to:
- Public intellectual property organisations such as the Intellectual Property Office in the UK and equivalent bodies in other countries. These organisations may publish such personal data and may make the personal data available to third parties who may in turn publish the personal data.
- IP/law firms outside the UK who we engage to deal with your affairs in other countries and they in turn may make the data available to public intellectual property organisations.
- Specialist organisations to whom we sub-contract certain work such as payment of renewal/annuity fees, validation of European patents in various European countries, preparation of technical drawings etc.
Where you, our client, are an individual, to credit-referencing agencies for assessing credit risk and to our bankers where we need to make a refund or other payment to you.
Where, as part of the above, we transfer personal data outside of the EEA, we do this because it is necessary for the performance of a contract between the relevant individual and us or for the performance of a contract, concluded in the interest of the relevant individual, between us and our client or a third party.
- How we keep the data secure
We take the security of personal data seriously. We have internal policies, controls and technical processes in place to try to ensure that such data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised personnel. Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
- How long we store the data
(a) Where the data held is related to a particular case, we will store the data for a period of up to 10 years after the completion of our work or, if later, 2 years after the expiry of the IP right involved. However, the data will continue to be stored where, at the relevant time, paragraph (b) also applies to the data.
(b) Where the data held also has general application to the services we provide to you (for example, the contact details of you or your representatives) we will store this data throughout the period we provide such services to you. Should we cease to act for you, we will continue to hold this data for a period of up to 7 years after we cease to act for you in order to be able to deal with any queries or issues that arise during that period concerning our previous work.
Paragraphs (a) and (b) above are subject to any specific alternative agreement concerning data retention that we have with you.
- The rights of a data subject
A data subject has a number of rights. In certain circumstances, they can:
- request access to, and obtain a copy of, their data;
- request rectification of their data that is incorrect or incomplete;
- request deletion of their data;
- request restriction of the processing of their data;
- object to the processing of their data; and
- request the transfer of their data.
If a data subject believes that we have not complied with their data protection rights, they can complain to the Information Commissioner.
- Where you do not provide us with the personal data
An individual is not obliged to provide personal data to us. However, it is possible that we will be unable to properly perform the services we are engaged to provide without this information.
- Automated decision-making
Personal data is not processed based on automated decision-making.
- Your responsibilities
By accepting our Terms of Business, you are accepting responsibility for bringing the information in this privacy notice to the attention of any individual whose personal data may be stored, processed, supplied and published in the manner set out in this clause. Where you are an IP attorney, lawyer or similar professional, this will include individuals connected with your own clients for whom we are passed personal data as part of the services we are to perform.