RPC LLP (England) Client and third-party privacy notice

Reynolds Porter Chamberlain LLP (RPC LLP/we/us/our) is committed to protecting the privacy and security of your personal information.

About this privacy notice 

Reynolds Porter Chamberlain LLP (RPC LLP/we/us/our) is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use your personal information in accordance with applicable data protection legislation, including the UK Data Protection Act 2018. We are required under data protection legislation to notify you of the information contained in this privacy notice.

We may update this privacy notice at any time. You may access and obtain the most up to date version of this privacy notice on our website, www.rpc.co.uk (Website), in the Privacy notices section. This privacy notice was last updated on 1 December 2021.

About us

RPC LLP is registered as a data controller with the Information Commissioner’s Office (ICO) under registration number Z6620421. As a data controller we are responsible for deciding how we hold and use the personal information we collect about you. 

RPC LLP is part of a network of associated businesses, comprising RPC LLP and RPC Coordinating Limited in England, Reynolds Porter Chamberlain in Hong Kong and Premier Law LLC and RPC Premier Law Pte Ltd in Singapore (the RPC Businesses). Further information about the RPC Businesses which offer legal services may be found in the Legal and regulatory notices section of our Website.

What and who does this privacy notice apply to? 

This privacy notice applies to the processing of personal information by RPC LLP when: (1) providing services to our clients and prospective clients (client services); and (2) suppliers or service providers work with us or provide their products or services to us (supplier services). 

References to you and your in this privacy notice are references to those individuals whose personal information we process in connection with client services or supplier services. 

For the avoidance of doubt, this privacy notice applies to:

• our clients', prospective clients', suppliers' and service providers' employees or other staff whose personal information we process, and
• individuals who could be (or could be the employees or staff of) transaction counterparties or rival bidders to, or litigants in legal proceedings involving our clients or prospective clients.

This privacy notice does not apply to the other RPC Businesses. If you have any queries about how the other RPC Businesses handle your personal information, you can look at their privacy notices, which can be found on our Website here: Privacy notices.

RPC LLP has a separate Website privacy policy which can be accessed here: Website privacy policy and a separate cookie policy which can be accessed here: Cookie policy. We also have a separate privacy notice for job applicants which can be accessed here: Recruitment privacy notice.

It is important that you read this privacy notice so that you are aware of how and why we are using your personal information and what your rights are under the data protection legislation.

What information do we collect and use about you?

We collect and use your personal information in the course of advising and representing our clients and/or when you interact with us, including when you: 

• seek legal advice from us 
• purchase services from us, such as our integrated data breach service, ReSecure, or our claims management system, ReCover 
• access information and legal updates from us through the RPC Reserve portal
• access education, coaching, mentoring or related career support services from The Centre for Legal Leadership (CLL) 
• market or provide your products or services to us
• use our Website or CLL's website, www.legalleadership.co.uk (CLL Website)
• telephone us 
• subscribe to our blogs and/or publications 
• attend a meeting with us 
• attend our seminars or other events, and
• give us feedback (for example, by completing a survey). 

The personal information we collect and use may include:

• your name and title
• your date of birth
• your gender
• your job title and the organisation for which you work
• your personal or work contact details, including your address, email address and/or telephone number
• copies of your identification documents, for example, your passport, national identification card or driving licence 
• copies of one or more of your utility bills, council tax bills or bank statements, so that we may verify your address
• your billing details, including your bank account and/or payment card details (we will not, however, store your payment card details)
• details of payments to or from you
• other details of services you have purchased from us or we have purchased from you
• other information about you that is relevant to a client matter on which we are engaged, which could include special category data such as information about your racial or ethnic origin, beliefs, trade union membership or health
• your IP address and information related to the browser or device you use to access our Website or the CLL Website, or to communicate with us
• your username when accessing restricted content on our Website 
• your marketing preferences
• information about whether you open our emails or click any of the links in the emails we send you
• your photograph or recorded image, including any photographs or recordings of you at an in person or online RPC event or meeting
• the times and dates you enter our office buildings 
• CCTV footage of you in our office buildings or as provided to us by one of our clients
• information about your dietary requirements when you attend one of our catered events
• your responses to any surveys we may send you if this information is not anonymised, and
• any other personal information that you may provide to us.

Where do we get your personal information from?

We may collect this information from you directly, or from other sources. These other sources may include: 

• your legal counsel or other advisors 
• your employer or colleagues
• third party providers conducting due diligence, credit checking or similar services on our behalf
• government departments 
• regulatory bodies 
• your insurer
• other third parties such as transaction counterparties, rival bidders, litigants in legal proceedings or the advisers to any such third parties. 

We may also process information about you that is publicly available, for example in public registers.

How do we use this information and what is the legal basis for this use?

We will use the personal information set out above for one or more of the following purposes: 

• in order to establish and fulfil our contract with you. For example:
  • we will use your contact details in order to communicate with you and, where you are a client, to provide our services to you
  • we will use your billing details, including your bank account and/or payment card details, in order to invoice you or, where you are providing supplier services to us, pay you

• where we need to do so in order to comply with applicable law or regulation. For example: 
  • where you are a client or prospective client we will use information including your date of birth, gender, identification documents and one or more of your utility bills, council tax bills or bank statements for the purposes of undertaking due diligence checks, in accordance with our legal obligation to prevent money laundering and terrorist financing. For example, we may conduct searches to establish whether you are a politically exposed person 
  • where you are a client or prospective client we may use your personal information in order to carry out a conflict check to see if we are able to act for you or others on a particular matter 
  • we may ask for your dietary information when you attend a catered event at one of our office buildings, in accordance with our legal obligations in the field of social protection law
  • we will record the times and dates you enter our office buildings, and may capture your image in CCTV footage, in accordance with our legal obligation to keep our staff and visitors safe

• where we need to do so in our legitimate interests to provide the very best client service we can. For example:
  • we may ask for information about you that is relevant to a client matter in order to provide legal advice or to establish, exercise or defend your or another client's legal rights or claims
  • we may ask for your name, job title, contact details and marketing preferences so that we can personalise our communications to you
  • we may keep details of the services you have purchased from us so that we can personalise our services for you
  • we may collect your IP address and information related to the browser or device you use to access our applications and online services, and other analytics data, so that we can personalise our applications and online services for you
  • we may record a meeting you attend, and this may include your recorded image or voice, so that we have an accurate record of the meeting which we can refer to at a future date
  • we may record RPC events, including training sessions, that you attend, and these may include your recorded image or voice, so that persons who were unable to attend can do so at a future date, or so that we can use the recording for future know-how purposes

• where we need to do so for the purpose of our legitimate interests to manage and protect our business interests and our legal, professional or regulatory rights. For example:
  • we will use your personal information to manage risk
  • we will use your personal information, including details of payments to or from you, in order to manage our finances 
  • we may use your personal information to investigate and respond to any comments or complaints we may receive from you or another person
  • we may use your personal information to defend a legal claim you have made or another person has made against us. We may also need to disclose your personal information in connection with the legal process or litigation
  • we may collect your IP address and information related to the browser or device you use to access our applications and online services, and other analytics data, so that we can monitor your use of our applications and online services
  • we may use your personal information to help us check, improve, promote and protect our products, content, services and websites, both online and offline. For example, where you contact us by telephone, or via a video conferencing service, calls may be recorded for quality, training and security purposes. Where this is the case, we will let you know in advance

• where we need to do so in accordance with our legitimate interests to promote our services and grow our business. For example:
  • we may use your personal information in order to send you marketing communications. We will not use your personal information to send you marketing communications if you have requested not to receive them and we will provide you with the opportunity, in every electronic marketing communication that we send to you, to opt out of future communications or to select your preferences for receiving news and information
  • we may use your open and click data to find out whether you are engaging with our emails 
  • we may use photographs or recordings of you at an RPC event in our promotional material.

Where we rely on our legitimate interests as the lawful basis for the processing of your personal information, we will ensure that we have balanced our interests against yours and are satisfied that our interests are not outweighed by any effect of our processing on your rights and interests.

With whom and where will we share your personal information?

RPC LLP may share your personal information with another RPC Business in order to act for you and/or, in our legitimate interests, for the purposes of the proper and effective management of our business. Such purposes include conflict checking and compliance with applicable legal and regulatory requirements concerning client identity and the prevention of crime. We have entered into data transfer agreements with the overseas RPC Businesses, which all incorporate the standard contractual clauses adopted by the European Commission.

We may also share your personal information with other third parties where this is necessary for legal or regulatory reasons, or where it is in our legitimate interests, in order to facilitate us to provide our services to our clients, manage our business, or undertake our business processes. These third parties may include:

• our clients
• our auditors or external financial or legal advisors
• any enquiry agents, private investigators, external barristers, solicitors, or other legal representatives or experts who we might collaborate with or engage or who are engaged in a client matter in which we are acting, which may include foreign law firms
• other third-party experts who we might engage to assist us with making certain business decisions
• any financial institutions providing finance to us
• regulatory authorities, government authorities and/or law enforcement officials, if mandated by law or if needed for the protection of our legitimate interests in compliance with applicable laws
• our suppliers, business partners, sub-contractors or business support service providers (including IT service providers, cloud platform service providers, third party providers conducting due diligence, credit checking or similar services on our behalf, our reception staff, couriers, and reprographic, secretarial and document storage service providers) 
• third-parties hosting events on our behalf to which you are invited, or co-hosting such events with us, and
• persons providing feedback and legal ranking services.

In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed on to the new owners of the business.

In the case of sensitive information such as health, racial or ethnic origin or criminal offences, your information will only be disclosed to third parties on a confidential and limited basis and where appropriate we will use safeguards such as encryption or pseudonymisation.

Where we transfer your personal information outside the EEA, we will ensure the confidentiality and protection of that information through compliance with our legal obligations and applicable data protection legislation. Either the third country’s data protection laws will have been approved as adequate by the European Commission, or we will ensure other appropriate safeguards are in place, such as the standard contractual clauses adopted by the European Commission.