Abstract of glass building

RPC (Hong Kong) personal information collection statement and client privacy notice

This personal information collection statement and privacy notice sets out how Reynolds Porter Chamberlain (herein referred to as “RPC”/”we”/”us”/”our”) is a data controller (or data user) responsible for processing the personal data you provide to us.

RPC is committed to managing personal data securely and effectively. We will only keep the personal data required to undertake our business processes and will only share or transfer the data you provide to us for the purposes outlined below.

Our Data Protection policy and procedures have been developed in line with the requirements of Hong Kong’s Personal Data (Privacy) Ordinance (Cap 486), the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation and applicable national law.

What information do we collect and from whom?
 
We collect and process personal data about you when you interact with us, including when you seek legal advice from us, use our website, sign up to our newsletters or attend seminars and events, when you enter into an employment contract with us and when you purchase services from us or agree to provide services to us.  We may also collect personal data about you in the course of advising and representing our clients. The personal data we process may include:
  • your name;
  • your home or work address, email address and/or phone number;
  • your job title;
  • your payment details, including billing addresses;
  • information about you relevant to our instructions and/or matters, which could include information about your conduct, your beliefs, your medical information etc.;
  • your IP address and information related to the browser or device you use to access our website and other analytics data;
  • your username and password when accessing restricted website content; and
  • any other information you may provide, whether directly or via your legal representatives.

 We will store data we receive from you, your legal counsel or other advisors, data that is publicly available and data from third parties such as CDD agencies

The provision of personal data is generally voluntary unless otherwise specified. A failure to provide the requested personal data, or the provision of inaccurate or incomplete information may result in us not being able to accept your instruction, request or enquiry (as the case may be).

How do we use this information and what is the legal basis for this use?

We process the personal data listed in the above section for the following purposes:

  • as required to establish and fulfil a contract with you, for example, if you enter into an agreement to provide or receive services, or if you seek to be employed or engaged by us.This may include verifying your identity, undertaking conflict and due diligence checks, billing and payments, communicating with you and arranging the delivery or other provision of products or services.We require this information in order to enter into a contract with you and are unable to do so without it;
  • to comply with applicable law and regulation;
  • in accordance with our legitimate interests in managing and protecting RPC’s business interests and legal rights including but not limited to use in connection with legal claims, compliance, regulatory, conflict and due diligence checks and investigative purposes (including disclosure of such information in connection with legal process or litigation);
  • for the provision of legal advice to our clients and for the establishment, exercise or defence of legal rights or claims, which may include alternative dispute resolution processes on behalf of our clients in accordance with the legitimate interests of our clients and RPC;
  • to manage our relationship with you, in accordance with our legitimate interests;
  • to manage risk for RPC;
  • to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our services;
  • to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
  • to monitor use of our websites and online servicesincluding using your information to help us check, improve, promote and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests;
  • to instruct or use third partiesto assist us in carrying out customer due diligence checks in accordance with our requirements under any applicable anti-money laundering and know-your-client regulations.These third party companies provide us with online due diligence tools to assist us in completing the appropriate checks required, with the purpose of establishing who our client is;
  • the content of telephone calls which may be recorded for quality, training and security purposes, in accordance with our legitimate interests; and
  • information provided to us from you to invite you to take part in market research or surveys, where you have consented to us receiving this.

    We may also send you direct marketing in relation to our relevant products and services or other products and services provided by us.  We will always provide the ability to opt-out of electronic direct marketing and to select your preferences for receiving news and information.  You will be able to continue to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.

With whom and where will we share your personal data?

RPC may share your personal data with other RPC Businesses[1] for the purposes of proper and effective management of their businesses.  Such purposes include conflict checking and compliance with applicable legal and regulatory requirements.  Further information about the RPC Businesses may be found on our website (www.rpc.co.uk) in the section headed “Legal and regulatory notices”.

We may also share the personal data you provide with the below third parties where this is necessary for legal or regulatory reasons and to facilitate us to provide our services to you or our clients and undertake our business processes.  These third parties may include:

  • our auditors and external legal and financial advisors;
  • barristers, solicitors, other legal representatives and experts engaged in a matter in which we are acting, which may include foreign law firms;
  • our suppliers, business partners and sub-contractors (including IT service suppliers and cloud platform service providers);
  • government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if necessary for the legal protection of our legitimate interests in compliance with applicable laws;
  • entities providing feedback and legal ranking services.

Personal data may also be shared with third party service providers who will process it on behalf of the RPC Businesses for the purposes above. These may include cloud platform service providers.

We may share your personal data in accordance with this privacy notice with third parties located in a place other than the RPC Business you customarily deal with.

In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.

How long will you keep my personal data?
 
We will not keep your personal information for any purpose(s) for longer than is necessary and we will only retain the relevant personal information that is necessary in relation to the purpose.  We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

We will retain client files for the period defined in the table below, unless we agree with you to retain these for a longer period.

Record type

Description

Trigger

Retention

General Matter files

All files not covered in the exceptions below

Date of file closure

10 years

Employment

Any files dealing with employment advice or settlement of an employment dispute

Date of file closure

12 years

Real Estate

Any files dealing with real estate or conveyancing

Date of file closure

15 years

RPC ongoing role

RPC has an ongoing role eg as company secretary or trustee

Date of file closure

100 years

Trademarks and intellectual property

Material evidencing the use of trademarks, including brand bibles and intellectual property title documents

Date of file closure

100 years

Wills

Including testamentary disposition and powers of attorney etc

Date of file closure

100 years

Matter files where the claimant is a minor  Any matter file where a potential claimant against RPC is a minor Date of birth of youngest potential claimant  22 years

 

We may retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any disposal to take place. 

Where is my data stored?
 
The personal data that we collect from you may be stored on a mix of RPC and various cloud provider platforms and may be transferred and stored both within and outside the European Economic Area (EEA).  It may also be processed by staff operating within or outside of the EEA who work for us, one of the RPC Businesses or for one of our suppliers.  Where we do so, the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safe guards will be in place.  
 
Where such transfers occur, we ensure the confidentiality and protection of all data is preserved through compliance with legal requirements and the current Data Protection legislation.  This is managed by all RPC Businesses, including those outside of the EEA, by entering into Data Transfer Agreements with each other, which all contain the model clause agreements approved by the relevant regulatory authority.  Data encryption, integrity and confidentiality are enforced by following best practice.  RPC also ensures that cryptographic controls are implemented following industry best practice, through the use of VPN tunnels, TLS and by conducting regular testing.
 
What are my rights in relation to my personal data?
 
You have the right to ask us not to process personal data you provide for direct marketing purposes.  You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, by clicking the unsubscribe button on any communication we have sent to you or by contacting us.

Where you have consented to us using your personal data, you can withdraw that consent at any time.  If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.

You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you.

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved.  In some circumstances you can ask us to erase your personal data if you withdraw your consent, it is no longer necessary for us to use your personal data, you object to the use of your personal data and we don’t have a good reason to continue to use it, or we haven’t handled your personal data in accordance with our obligations.

Where can I find more information about how RPC businesses handle my data?
 
If you have any queries please email us at data-enquiries@rpc.co.uk or write to us at the following address: 
 
Data Protection Point of Contact
RPC 
3802-06, 38/F One Taikoo Place 
979 King's Road 
Quarry Bay 
Hong Kong
 
 If you are not happy with our response, you can contact the Privacy Commissioner in Hong Kong at https://www.pcpd.org.hk/or the Information Commissioner’s Office in the UK: https://ico.org.uk/.

[1] The RPC Businesses are a network of affiliated firms, comprising Reynolds Porter Chamberlain LLP and Reynolds Porter Chamberlain Consulting LLP in England, Reynolds Porter Chamberlain in Hong Kong, RPC Premier Law Pte Ltd in Singapore and RPC France SAS in France.