Privacy Notice - Suppliers (Including Agents and Subcontractors)
- Data Controller
The partners of Dehns are the Data Controllers for data protection purposes and Dehns is registered under the Data Protection Act 1998. Dehns can be contacted concerning data protection matters at firstname.lastname@example.org.
- Who we collect information about
In order for you to deal with our affairs, we may store and process information comprising personal data. This personal data will concern you as our agent or supplier, if you are an individual. Where you are not an individual, this personal data may concern your representatives e.g. your employees or your own agents or suppliers who deal with our affairs.
- What information we collect, how we obtain it and how we store it
The personal data we collect will be the name of the individual concerned, their relationship to our agent/supplier and, where we will need to be in contact with them directly, their contact details (including postal address, email address and telephone number). Where you, our supplier, are an individual, we will collect information concerning your business bank account so that we can make electronic payment to you of your invoices.
We will usually obtain this information from you, our agent/supplier, or your representatives. In certain situations, we may obtain the information from our client where they are instructing us to use your services or from an existing record in the public domain e.g. from details concerning a particular intellectual property right as published by various public intellectual property organisations around the world.
The personal data will be entered, where applicable, into the databases within our specialised case management system, our accounting and bank payment systems, in records held within our document management system and within written records held for specific cases. Data may also be held in communication systems and software.
- Why we process personal data and the legal basis for doing so
Where you, our agent/supplier, are an individual, we process your personal data under the legal basis that it is necessary for the performance of our contract with you.
In respect of data collected in respect of your representatives or the other individuals referred to above, we process this data under the basis that we have a legitimate interest to do so because such data is also necessary for the performance of our contract with you.
We also have a legitimate interest to use the information we hold about you or your representatives to contact you from time to time to advise you of information such as developments in the law or other news or to bring to your attention services which may be of benefit to you. You have the right to object to direct mailing in this way.
- Who has access to this data and the third parties we share it with
The personal data will be entered into our databases and /or written records and the details will then be accessible by all of our partners, staff and consultants located in our offices within the UK and in Germany unless we specifically agree with you that certain details are restricted to selected personnel.
Details may also be made available to:
- Our client, where you have been engaged to perform work for them on our behalf as an agent or subcontractor.
- Specialist organisations to whom we sub-contract certain work such as payment of renewal/annuity fees, validation of European patents in various European countries, preparation of technical drawings etc.
Where, as part of the above, we transfer personal data outside of the EEA, we do this because it is necessary for the performance of a contract between the relevant individual and us or for the performance of a contract, concluded for interests which include those of the relevant individual, between us and our client or a third party.
- How we keep the data secure
We take the security of personal data seriously. We have internal policies, controls and technical processes in place to try to ensure that such data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised personnel. Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
- How long we store the data
(a) Where the data held is related to a particular case we are undertaking for a client, we will store the data for a period of up to 10 years after the completion of our work or, if later, 2 years after the expiry of the IP right involved. However, the data will continue to be stored where, at the relevant time, paragraph (b) also applies to the data.
(b) Where the data held has general application to the services you provide to us (for example, the contact details of you or your representatives), we will store this data throughout the period you provide such services to us. Should you cease to act for us, we will continue to hold this data for a period of up to 7 years after we cease to act for you in order to be able to deal with any queries or issues that arise during that period concerning your previous work.
Paragraphs (a) and (b) above are subject to any specific alternative agreement concerning data retention that we have with our client.
- The rights of a data subject
A data subject has a number of rights. In certain circumstances, they can:
- request access to, and obtain a copy of, their data;
- request rectification of their data that is incorrect or incomplete;
- request deletion of their data;
- request restriction of the processing of their data;
- object to the processing of their data; and
- request the transfer of their data.
If a data subject believes that we have not complied with their data protection rights, they can complain to the Information Commissioner.
- Where you do not provide us with the personal data
An individual is not obliged to provide personal data to us. However, it is possible that you will then be unable to properly perform the services you are being engaged to provide without providing this information.
- Automated decision-making
Personal data is not processed based on automated decision-making.
- Your responsibilities
By you accepting engagement as our agent or supplier, you are accepting responsibility for bringing the information in this privacy notice to the attention of any individual whose personal data may be stored, processed, supplied and published in the manner set out in this notice.