This privacy notice is intended to provide information about the way in which Moghadassi & Associates (“The Firm”) collects and processes “Personal Data”.
“Personal Data” includes any information about an individual from which that person can be identified. Special categories of Personal Data includes details about a person’s race, ethnicity, sex life, sexual orientation, religious or philosophical beliefs, political opinions, trade union membership, and health/genetic/biometric data. The Firm may, in limited circumstances, collect information about a person’s criminal convictions/offences, for example, when required for legal or regulatory purposes.
This privacy notice is issued by The Firm as “data controller”, in other words, as the organisation which determines the purposes for which, and the manner in which, any Personal Data is, or is likely to be, processed. This privacy notice covers The Firm’s processing the Personal Data:
of persons connected to legal proceedings involving The Firm’s actual or potential clients;
of persons who have applied for positions with The Firm or with The Firm’s actual or potential clients;
when providing facilities to visitors (“Visitor Services”);
when providing products and services to existing and prospective clients, including their staff (“Client Services”) and/or suppliers or service providers, including their staff (“Supplier Services); and
when providing the Personal Data of any legal entity or individual as a candidate for a position at The Firm or any of The Firm’s existing or prospective clients (“Recruitment Activity”).
The Firm collects Personal Data, by means of direct interaction such as telephone (including identity information provided to The Firm’s switchboard), email/postal/in-person contact (including meetings, conferences, social events etc), as well as by referring to publicly available sources such as registers and government authorities.
The Firm processes Personal Data for legal and regulatory purposes, to assess ways in which it can assist a client or potential client in a particular matter and in the course of assisting a client or potential client in a particular matter.
The Firm may use data in respect of a person’s identity, contact details, work, work history, finances and requested services where it is necessary for: the performance of a contract; compliance with a legal/regulatory obligation; the protection of The Firm’s or The Firm’s actual or potential clients’ legitimate interests (provided that the data subject’s basic rights do not override such interests); and where The Firm has been provided with consent in respect of processing Personal Data (although The Firm does not normally rely on consent as the legal basis for processing Personal Data).
Whilst The Firm will not share Personal Data with any organisations outside of The Firm for marketing purposes, it may share Personal Data with other parties under the following circumstances for the purposes for which the Personal Data was collected and at all times subject to our professional obligations and applicable terms of business:
• when required or requested by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
• when required or requested by any financial institutions providing finance to The Firm;
• when required or requested by external auditors;
• when required or requested by The Firm’s professional advisers or consultants; and
• when required or requested by service providers who provide information technology and system administration services to The Firm.
The Firm requires any person/entity to whom the Personal Data is disclosed to respect the confidentiality and security of such Personal Data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your Personal Data to use it for their own purposes, and we only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Where The Firm uses parties outside of the EEA to process Personal Data on its behalf, The Firm will ensure that such Personal Data is sent to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission; and where The Firm uses providers based in the US, it will transfer Personal Data to them only if they are certified under the EU-US Privacy Shield.
The Firm takes data security very seriously and will take every practicable measure to ensure its implementation.
The Firm will only retain Personal Data for as long as necessary (considering factors such as the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of the Personal Data, the purposes for which The Firm processes Personal Data and whether those purposes through other means) to fulfil the purposes for which it was collected including compliance with legal/regulatory/accounting/reporting requirements and to carry out the work for which The Firm has been engaged by a client.
The Firm respects each data subject’s right: to be informed about how Personal Data is used; to access Personal Data; to have inaccurate Personal Data rectified; to have Personal Data erased in some circumstances (“the right to be forgotten”); to restrict processing of Personal Data in some circumstances; to data portability; and not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect.
The Firm’s Sole Principal, Ramyar Moghadassi, oversees compliance with data protection within The Firm. Any questions (including those in respect of relevant rights) about the Personal Data held by The Firm, or complaints in respect of The Firm’s processing of Personal Data may be addressed by email to firstname.lastname@example.org, or by telephoning (+44) 207 667 6555. You may also address any complaints by contacting your local data protection authority.