Cookies & Privacy Policy

What is this Cookies & Privacy Policy for?

This cookies & privacy policy is for this website www.cyforlegal.co.uk and served by CYFOR Legal and governs the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website, and the website owners. Furthermore, the way this website processes, stores, and protects user data and information will also be detailed within this policy.

What are cookies?

Cookies are small text file which are issued to your computer or any similar device you use to access the Internet (e.g. smart phone, tablet or other mobile device) which store and sometimes track information about your use of the website. A number of cookies CYFOR uses last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the website and will last for longer.* Please note that cookies do not harm your computer or software installed on your computer.

CYFOR COOKIE USAGE

CYFOR does not store personally identifiable information such as credit card details in the cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. We use cookies to:

  • Recognise when a visitor to CYFOR’s website has visited before; this means we can identify the number of unique visitors we receive to the website and allows us to make sure we have enough capacity for the number of users that we get;
  • Customise elements of the promotional layout and/or content of the pages of the website;
  • Help us to identify and resolve errors, or to determine relevant related content to show you when you’re browsing.
  • Collect statistical information about how our visitors use the website(s) so that we can improve the website(s) and learn which parts are most popular to visitors.

FLASH COOKIES (OR LOCAL SHARED OBJECTS)

On CYFOR’s website, we display video content using Adobe Flash Player. Adobe uses Flash cookies (also known as Local Shared Objects) to help improve your experience as a user. Flash cookies are stored on your device in much the same way as usual cookies, but they’re managed differently by your browser.

If you wish to disable or delete a Flash cookie, see Adobe Flashplayer Security Settings (opens in a new window). Please bear in mind though, that if you disable Flash cookies for CYFOR’s website you’ll unable to access certain types of content on the site, such as videos.

cyfor 'share' tools

If you take the opportunity to ‘share’ content with friends through social networks – such as Facebook and Twitter – you may be sent cookies from these websites. We do not control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.

THIRD PARTY COOKIES

Certain cookies are either set by third parties on the website or these are set by us using the third parties cookie code. More information about cookies placed by third parties and how to restrict or block their cookies can be accessed by following the link to their website. In addition to cookies, tracking gifs may be set by us or third parties in respect of your use of the site. Tracking gifs are small image files within the content of our site or the body of our newsletters so we or third parties can understand which parts of the website are visited or whether particular content is of interest.

In addition to cookies, tracking gifs may be set by us or third parties in respect of your use of the site. Tracking gifs are small image files within the content of our site or the body of our newsletters so we or third parties can understand which parts of the website are visited or whether particular content is of interest. Types of cookies include:

  • Google Analytics _utma, _utmb, _utma, _utmx, _utmz – These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.In addition to Analytics, Google’s cookies allow us to integrate Google Maps and Google Plus one for content sharing. – Learn more.
  • Twitterk, guest_id, pid, twll, _twitter_sess, t1, twll, js – These cookies are used when integrating twitter feeds into our site’s pages and to allow the sharing of content. – More info.
  • Google DoubleClick – This is an interest-based advertising cookie. This cookie contains a randomly generated 18-digit ID number that uniquely identifies a web browser on a specific computer. This cookie is used to control how frequently people see individual ads and also helps Google provide advertisers with reporting statistics, such as how many people saw an ad. – More info. 

third party websites

When you visit CYFOR’s website you may notice some cookies that are not related to CYFOR. When you visit a page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. We don’t control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.

Please be aware that CYFOR does not control and is not responsible for websites that are referred to or linked from its own websites and that use of your personal information on these websites is not subject to this Privacy and Cookies Policy.

You can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note, however, that by blocking or deleting cookies used on CYFOR’s website(s) you may not be able to take full advantage of the website(s) if you do so.

Managing cookies

If cookies aren’t enabled on your computer, it will mean that your user experience on our website will be limited to browsing and researching;

To enable cookies:

If you’re not sure of the type and version of web browser you use to access the Internet:

  • For PCs: click on ‘Help’ at the top of your browser window and select the ‘About’ option
  • For Macs: with the browser window open, click on the Apple menu and select the ‘About’ option.
Google Chrome
  1. Click on ‘Tools’ at the top of your browser window and select Options
  2. Click the ‘Under the Hood’ tab, locate the ‘Privacy’ section, and select the ‘Content settings’ button
  3. Now select ‘Allow local data to be set’
Microsoft Internet Explorer 6.0, 7.0, 8.0
  1. Click on ‘Tools’ at the top of your browser window and select ‘Internet options’ , then click on the ‘Privacy’ tab
  2. Ensure that your Privacy level is set to Medium or below, which will enable cookies in your browser
  3. Settings above Medium will disable cookies
Mozilla Firefox
  1. Click on ‘Tools’ at the top of your browser window and select Options
  2. Then select the Privacy icon
  3. Click on Cookies, then select ‘allow sites to set cookies’
Safari
  1. Click on the Cog icon at the top of your browser window and select the ‘Preferences’ option
  2. Click on ‘Security’, check the option that says ‘Block third-party and advertising cookies’
  3. Click ‘Save’
 
How to check cookies are enabled for Macs
Microsoft Internet Explorer 5.0 on OSX
  1. Click on ‘Explorer’ at the top of your browser window and select ‘Preferences’ options
  2. Scroll down until you see ‘Cookies’ under Receiving Files
  3. Select the ‘Never Ask’ option
Safari on OSX
  1. Click on ‘Safari’ at the top of your browser window and select the ‘Preferences’ option
  2. Click on ‘Security’ then ‘Accept cookies’
  3. Select the ‘Only from site you navigate to’
Mozilla and Netscape on OSX
  1. Click on ‘Mozilla’ or ‘Netscape’ at the top of your browser window and select the ‘Preferences’ option
  2. Scroll down until you see cookies under ‘Privacy & Security’
  3. Select ‘Enable cookies for the originating web site only’
Opera
  1. Click on ‘Menu’ at the top of your browser window and select ‘Settings’
  2. Then select ‘Preferences’, select the ‘Advanced’ tab
  3. Then select ‘Accept cookies’ option

All other browsers

Please consult your documentation or online help files.

PRIVACY POLICY

CY4OR Legal Limited (“CYFOR”, “we”, “us” or “our” OR “CYFOR Legal“) is a digital forensics, eDiscovery, cyber security and corporate investigations service provider registered in England and Wales with company number 06295131 and registered office at Benjarron House, Greengate Industrial Estate, Greenside Way, Middleton, Manchester, M24 1SW.

CYFOR is a “data controller” registered with the Information Commissioner’s Office (“ICO“) with registration number Z7719845. This means that we collect, hold and are responsible for certain personal data. We are committed to protecting and respecting your privacy and personal data.

How to contact us

We have appointed a data protection officer (“DPO”) who is responsible for overseeing this Privacy Notice. Questions, comments and requests regarding this Privacy Notice (including any requests to exercise your legal rights) should be marked for the attention of our DPO, as follows:

By post at:       PO BOX 266, Manchester M24 0BY;

By email at:     dpo@cyfor.co.uk; or

By telephone:  0161 797 8123.

Please quote “data protection” in the subject line of any correspondence or when telephoning.

INDEX

HOW TO CONTACT US……………………………………………………………………………………………. 1

INTRODUCTION………………………………………………………………………………………………………. 1

1……… What is the purpose of this Privacy Notice?……………………………………………………….. 2

2……… Who does this Privacy Notice apply to?…………………………………………………………….. 2

3……… Third party links………………………………………………………………………………………………. 2

YOUR PERSONAL DATA…………………………………………………………………………………………. 2

4……… What types of personal data will we collect from you?………………………………………… 2

5……… How is your personal data collected?………………………………………………………………… 4

6……… On what basis do we process your data?………………………………………………………….. 5

7……… Sensitive Data and Criminal Data…………………………………………………………………….. 6

8……… Change of purpose…………………………………………………………………………………………. 6

9……… Marketing communications………………………………………………………………………………. 7

10……. Cookies…………………………………………………………………………………………………………. 7

DATA SHARING………………………………………………………………………………………………………. 7

11……. Who do we share your personal data with?……………………………………………………….. 7

12……. Information we collect about you from others…………………………………………………….. 8

13……. International transfers……………………………………………………………………………………… 9

14……. Information collected from you about others………………………………………………………. 9

DATA SECURITY……………………………………………………………………………………………………… 9

15……. What measures do we have in place to keep your data secure?………………………….. 9

DATA RETENTION…………………………………………………………………………………………………. 10

16……. How long will we use your personal data for?…………………………………………………… 10

YOUR DATA PROTECTION RIGHTS……………………………………………………………………….. 10

17……. What are your rights in connection with the data that we hold?………………………….. 10

18……. How can you exercise your rights?…………………………………………………………………. 11

19……. Are there any restrictions on exercising your rights?…………………………………………. 12

CHANGES TO OUR PRIVACY NOTICE……………………………………………………………………. 12

COMPLAINTS………………………………………………………………………………………………………… 12

Appendix – Data Processing…………………………………………………………………………………….. 1

INTRODUCTION

  1. What is the purpose of this Privacy Notice?
  • This Privacy Notice sets out the basis on which any personal data we collect about you, or that you provide to us, will be processed by us and informs you of your privacy rights and how the law protects you.
  • It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other policies and notices and is not intended to override them.
  1. Who does this Privacy Notice apply to?
  • This Privacy Notice applies to all data subjects whose personal information we collect and use to include users of our websites (namely, cyfor.co.uk and cyforsecure.co.uk), our clients, prospective clients, business contacts, other professionals, job candidates, suppliers and service providers.
  • This Privacy Notice does not apply to our employees or consultants, as the way we collect and use their personal information is governed by the privacy policy in our staff handbook.
  • Our websites and the services that we provide are not intended for children and we do not knowingly collect data relating to children.
  1. Third party links

      Our website(s) may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect        or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website(s), we encourage          you to read the privacy notice of every website that you visit.

  1. What types of personal data will we collect from you?
  • Personal data means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
  • We may collect personal data from you in the course of our business, including through your use of our website(s), when you contact or request information from us, subscribe to our newsletter/e-bulletins, and when you engage us to provide you with our services and/or enter into a contract with us.
  • The types of personal data we may collect from you will depend on the nature of our relationship with you, the work that we are carrying out for you and the context in which we obtain, use and/or process personal data. We have grouped together and summarised the types of personal data that we may collect from (or about) you (which is not exhaustive) as follows:

Identity Data

Data used to personally identify you such as your full name (including name prefix or title) or similar identifier, date of birth, title and maiden name.

Contact Data

Data required to communicate with you during the course of our relationship with you to include address(es), email address(es), telephone number(s) and mobile phone number(s) – this may include both your business/work and personal contact details.

Professional Data

Data that relates to your position and profession such as job title, professional qualifications and experience, regulatory body, the entity that you work for and details of your professional online presence (such as your LinkedIn profile and business website(s)).

Financial Data

Data necessary for processing payments (such as bank account details and billing address(es)), fraud prevention and other related billing information.

Case Data

Data provided to us by you or on your behalf, which will include details about your contract with us, information relating to the case(s) that we are dealing with including data extracted from devices and/or obtained from IT systems and/or the Cloud (which may include data in the form of text, images, videos, audio recordings.

The data under this category will vary depending on the nature of the services we provide and your specific instructions and requirements.

Sensitive Data

(Also known as “special category data”) may be obtained and/or processed depending on the services that we are providing and/or the relevant circumstances but may include information in relation to:

  • health and medical records;
  • genetic data;
  • biometric data for the purpose of uniquely identifying a natural person;
  • membership of a professional trade association or union;
  • racial and/or ethnic origin;
  • political opinions;
  • sex life and sexual orientation; and/or
  • information regarding religious and philosophical beliefs.

(Please see paragraph 7 for more information)

Usage Data

Information about how you use our websites and (if you are an existing client) our services, and/or your communication preferences.

 

Technical Data

Internet protocol (IP) address, your login data (if access is provided to our Cloud platform in relation to our e-discovery services), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.

 

Criminal Data

Such data may be processed within Case Data depending on the services that we are providing and the relevant client that we are instructed by and may include personal data relating to the alleged commission of offences by a data subject, proceedings for the offence and disposal of such proceedings including sentencing, criminal records and details of convictions, proceedings, allegations, investigations, offences and cautions.

 

(Please see paragraph 7 for more information).

hOW YOUR PERSONAL DATA IS COLLECTED

  • We collect personal data for a variety of reasons and through different media to include:
  • if you are our client, when you enter into a contract with us to enable us to carry out services for you or an entity that you are involved in;
  • if you are one of our suppliers, when we enter into a contract for the supply of your goods and/or services to ensure that the contractual arrangements between us can be properly implemented and performed;
  • if you apply for a job with us to assess your suitability for the role; and/or
  • if you make an enquiry about us or our services, to deal that enquiry and/or respond to that enquiry.
  • We collect personal data via a variety of different sources including:
  • through your use of our website(s), including when you contact us with an enquiry by completing and submitting your details via our “contact us” form and/or when you email us, if you submit comments to our blogs and/or you sign up to our newsletter. As you interact with our website(s), we may automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy https://cyfor.co.uk/cookie-policy/ for further details;
  • we collect personal data from our clients to enable us to carry out our services;
  • direct from a third party such as from your employees, colleagues or other parties involved in a case that we are dealing with;
  • publicly accessible sources such as social media platforms and/or Companies House; and/or
  • other third parties including law enforcement agencies and/or the criminal records office (on the specific instructions of our clients).

on what basis do we process your data?

  • We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
  • if it is necessary for our performance of a contract with you, or for us to take steps prior to entering into a contract with you;
  • if it is necessary for the purposes of our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. To determine this, we make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law); and/or
  • where we need to comply with a legal, accounting and/or statutory reporting requirement.
  • We may also issue you with a separate privacy notice giving more detail as to how the data you provide (and/or we obtain) may be processed.
  • Generally, we do not rely on consent as a legal basis for processing your personal data. If your consent is required, we will notify you separately and if you provide your consent, you will be able to withdraw it at any time by contacting us https://cyfor.co.uk/contact-us.
  • We may obtain personal data even if you are not our client in the course of providing services to our clients. We are permitted to use such information because it is in the legitimate interests of our client(s) to do so. We may also have to use your personal data to comply with our legal and/or reporting obligations.
  • We have set out in the Appendix to this Privacy Notice, a more detailed description of the ways we may use and process your personal data and which of the legal bases and condition(s) we rely on to do so, including any additional conditions we rely on when processing Criminal Data. We have also identified what our legitimate interests are, where appropriate.
  • Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
  • We do not use your information for automated decision making.

 

sensitive data & criminal data

  • We may collect and process Sensitive Data in the following circumstances:
  • From data provided to us from our client(s);
  • Where it is necessary when carrying out our services to meet our contractual obligations; and
  • When making arrangements for you to attend a meeting, training session and/or interview and ensuring accessibility and catering for your dietary requirements.
  • We only collect and process Criminal Data when instructed to lawfully do so on behalf of our duly authorised client(s) and on their specific instructions in accordance with our contract with them and, in doing so, we act as a data processor in relation to such Criminal Data. In such circumstances, our clients determine the purposes and means of processing and generally we are engaged to securely host Criminal Data and provide our clients with a secure platform to access such data. Our processing of Criminal Data is only carried out under the control of an official authority and/or as authorised by law.

change of purpose

  • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. It may not always be apparent at the outset what data we may require, who we may need to obtain it from and/or share it with as this will depend on the nature of the work and how the case progresses.
  • If you wish to have an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us https://cyfor.co.uk/contact-us.
  • If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
  • Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing Communications

  • As part of the services we provide to our clients, we may use personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you and/or your business.
  • We have a legitimate interest in processing your personal data and information for our business development. We will only send marketing communications to you if you have requested information from us and you have not opted out of receiving that marketing.
  • We will only share your personal data with third parties for marketing purposes with your express consent and you can withdraw that consent (if provided) at any time by contacting us https://cyfor.co.uk/contact-us.
  • You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you and/or by contacting us at any time https://cyfor.co.uk/contact-us.
  • Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of your use of our services and/or under a contract that you have entered into with us.
  • Any comments or information that you upload on any CYFOR blog is publicly available. If your information appears on our blog pages and you require it to be removed, you should contact our marketing department at contact@cyfor.co.uk.

DATA SHARING

  1. Who do we share your personal data with?
  • We may (depending on the nature of the services we are providing, and the work involved) have to share personal data with other third parties and they may also share the personal data they hold about you with us. This may include:
  • Solicitors, accountants, legal counsel, and other professionals when providing our services;
  • Courts, tribunals, arbitrators and/or mediators where we are asked to provide our expert witness and/or e-disclosure services;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, to protect the rights, property, or safety of CYFOR, our clients, or others;
  • Our IT and telecommunications system providers acting as data processors as a consequence of them providing support to us;
  • Our software providers to include Relativity;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our website(s);
  • Our third-party service providers to include external consultants, contractors, couriers and suppliers;
  • If in our reasonable opinion disclosure is required in relation to any criminal investigation or prosecution;
  • Disclosures to law enforcement agencies, tax authorities, the National Crime Agency or other public or government authorities or regulators where in our reasonable opinion the disclosure is required or permitted by law or applicable regulation; and/or
  • In the event that CYFOR sell or buy any business or assets, with the prospective seller or buyer of such business or assets. If a change happens to the ownership of our business, then the new owners may use your data in the same way as set out in this Privacy Notice.
  • We require all third parties with whom your data is shared to respect the security and integrity of your personal data and to treat it in accordance with the law. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.
  • We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
  • We will not share your information with third parties for marketing purposes (unless you expressly consent to this).
  1. Information we collect about you from others
  • Information about you may be passed to us by third parties and/or obtained from publicly available sources in the course of providing our services and/or complying with our legal obligations. Typically, these sources may include:
  • Professional advisors (such as accountants, legal counsel); and
  • Public sources where this relates to you or your organisation (for example, internet searches, your organisation’s website and public social media accounts).
  1. International transfers
  • We will hold your personal data on secure servers within the European Economic Area (“EEA“). CYFOR does not routinely transfer personal data outside of the EEA.
  • Some of the external parties in relation to a case may be based outside the EEA so their processing of personal data may involve a transfer of data outside the EEA.
  • Whenever we transfer your personal data out of the EEA, we will seek to ensure a similar degree of protection is afforded to it by ensuring that appropriate safeguards are implemented. In some circumstances (particularly where data is to be transferred outside of the EU where data protection laws are not as strict), we may need your express consent to the transfer unless there is an overriding legal requirement to transfer the information.
  1. Information collected from you about others
  • In the course of providing our services to you, we may need you to provide us with personal data about others (such as directors and employees in your organisation and/or persons to which your case relates).
  • When you provide personal information to us relating to others, you must ensure that you are legally permitted to share this with us and all data disclosed should be complete, accurate and up to date. You should ensure that those individuals understand how their data may be shared and used by us.

DATA SECURITY

  1. What measures do we have in place to keep your data secure?
  • We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those members of staff and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  • We will hold your personal data on secure servers with all reasonable technological and operational measures to safeguard unauthorised access to include firewalls, gateways, security configuration and malware protection.
  • We have gained several accreditations for managing information security effectively (particularly against cyber-attacks) to include IASME Governance, Cyber Essentials Plus, ISO 27001 and ISO 9001 (frameworks for best practice in information security management).
  • If we provide you with a username and password which enables you to access certain parts of our systems (e.g. our eDiscovery platform), you are responsible for keeping such log-in details confidential. You must not share such information with anyone.
  • We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

  1. How long will we use your personal data for?
  • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including:
  • For the purposes of satisfying any legal, accounting and/or reporting requirements;
  • To investigate and defend any complaints and/or legal claims alleged and/or made against us (such as professional negligence claims);
  • To carry out our services under our contract with you; and
  • To comply with our legal and/or reporting obligations.
  • In some circumstances you can ask us to delete your data. See your rights below for further information.
  • If we are hosting and/or holding data on your behalf, we will contact you and obtain your instructions before destroying any such data.

YOUR DATA PROTECTION RIGHTS

  1. What are your rights in connection with the data that we hold?
  • Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to request:
  • Access to your personal data (commonly known as a “data subject access request”). This enables you to receive details of the personal data we hold about you and to check that we are lawfully processing it;
  • Correction of the personal data that we hold about you. This enables you to have any incomplete, inaccurate or out-of-date data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data that you provide to us;
  • Erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons (as explained above in relation to data retention) which will be notified to you, if applicable, at the time of your request;
  • Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
  • Restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
  1.  If you want us to establish the data’s accuracy;
  2. Where our use of the data is unlawful, but you do not want us to erase it;
  3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  4.  You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it; and
  • Transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a retainer with you.
  1. How can you exercise your rights?
  • If you wish to exercise any of the rights set out above, please contact our DPO https://cyfor.co.uk/contact-us.
  • You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise your rights). This is a security measure to ensure that personal data is not disclosed to any person who may not have a right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  • We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Please note that if you:

  1. Want us to restrict or stop processing your data;
  2. Fail to provide data that we have reasonably requested from you; or
  3. Withdraw consent at any time where we are relying on consent to process your personal data, this may impact on our ability to provide our services to you and/or contract with you. Depending on the extent of your request and/or the importance of any information we request from you that you do not provide, we may be unable to continue providing our services to you. We will notify you if this is the case at the time. This will not affect the lawfulness of any processing carried out before your withdrawal of consent. In these situations you would remain liable for the cost of our services up until the date of your request and/or refusal to provide information.

 

  1. Are there any restrictions on exercising your rights?
  • You should be aware that when providing our services to law enforcement agencies, regulatory authorities and/or legal representatives in the context of litigation and/or potential litigation (both civil and criminal), there may be restrictions on the rights of data subjects (where appropriate and necessary) as follows:
  • Where such data is subject to legal privilege;
  • To avoid obstructing an investigation or enquiry;
  • To avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
  • To protect public security;
  • To protect national security; and/or
  • To protect the rights and freedoms of others.
  • In addition, it may be that we are not the data controller of your personal data (particularly in relation to Case Data, Sensitive Data and/or Criminal Data) and so requests to exercise your rights should be made to the relevant data controller.
  • In the event that any of the above restrictions apply to your rights, we will confirm this to you (to the extent that we are able to without breaching our legal obligations).

CHANGES TO OUR PRIVACY NOTICE

Any changes we make to our Privacy Notice in the future will be posted on our websites and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

COMPLAINTS

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by writing to or emailing our DPO https://www.cyforlegal.co.uk/contact-us/

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the ICO, the UK supervisory authority for data protection issues.  Further details can be found at www.ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance https://www.cyforlegal.co.uk/contact-us/

APPENDIX - DATA PROCESSING

Identifying potential clients and subscribers:

  • In contemplation of performance of a contract with our client(s)
  • For our legitimate interests (this includes business development, generating new business and pursuing our general business interests)

New client and case inception procedures:

  • Performance of a contract with our client(s)
  • To comply with our legal obligations.

Taking instructions from our clients, managing client relationships, corresponding and communicating with you to provide updates on your case and responding to your enquiries:

  • Performance of a contract with our client(s)
  • For our legitimate interests (this includes carrying out the business of providing our services and pursuing our general business interests).

When you use our e-discovery platform to include, de-duplicating data, providing an early case assessment and to provide our clients with a secure data hosting platform:

  • Performance of a contract with our client(s)
  • Necessary to comply with our legal obligations
  • Criminal Data will only be processed strictly in accordance with our clients’ instructions. The legal basis for processing Criminal Data will usually be for one or more of the following: (i) the prevention and detection of unlawful acts; (ii) to protect the public against dishonesty; (iii) to provide assistance in legal proceedings; (iv) to act on the suspicion of terrorism or money laundering; or (v) to protect the vital interests of an individual.

When you use our digital forensic services to include analysing and reporting on digital evidence, recovering, imaging and analysing data from devices (computers, mobile phones and audio visuals that you provide to us) and converting into user readable forms:

  • Performance of a contract with our client(s)
  • Necessary to comply with our legal obligations
  • Criminal Data will only be processed strictly in accordance with our clients’ instructions. The legal basis for processing Criminal Data will usually be for one or more of the following: (i) the prevention and detection of unlawful acts; (ii) to protect the public against dishonesty; (iii) to provide assistance in legal proceedings; (iv) to act on the suspicion of terrorism or money laundering; or (v) to protect the vital interests of an individual.

To provide data storage facilities and/or hosting services:

  • Performance of a contract with our client(s)
  • For our legitimate interests (this includes carrying out the business of providing our services and pursuing our general business interests).

Assisting criminal investigations to include matters relating to fraud and/or terrorism:

  • Performance of a contract with our client(s)
  • Necessary to comply with our legal obligations (for example, when presenting data to the court)
  • Criminal Data will only be processed strictly in accordance with our clients’ instructions. The legal basis for processing Criminal Data will usually be for one or more of the following: (i) the prevention and detection of unlawful acts; (ii) to protect the public against dishonesty; (iii) to provide assistance in legal proceedings; (iv) to act on the suspicion of terrorism or money laundering; or (v) to protect the vital interests of an individual.

Assisting corporate investigations to include data analysis relating to theft, fraudulent activity and business disputes:

  • Performance of a contract with our client(s)
  • Necessary to comply with our legal obligations
  • Criminal Data will only be processed strictly in accordance with our clients’ instructions. The legal basis for processing Criminal Data will usually be for one or more of the following: (i) the prevention and detection of unlawful acts; (ii) to protect the public against dishonesty; (iii) to provide assistance in legal proceedings; (iv) to act on the suspicion of terrorism or money laundering; or (v) to protect the vital interests of an individual.

Arranging meetings, training sessions and ensuring that the needs of attendees are catered for (to include any adjustments that we need to make to accommodate attendees and their dietary requirements):

  • Performance of a contract with our client(s)
  • Necessary to comply with our legal obligations (including compliance with health and safety laws).

Raising invoices and processing payments:

  • Performance of a contract with our client(s) and/or suppliers
  • Necessary to comply with our legal obligations (accounting).

Process and respond to requests, enquiries or complaints received by you:

  • Performance of a contract with our client(s) and/or suppliers
  • Necessary to comply with our legal obligations (accounting).

To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data):

  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud)
  • Necessary to comply with our legal obligations.

To use data analytics to improve our websites, services, client relationships and experiences:

  • Necessary for our legitimate interests (to define types of clients for our services, to keep our websites updated and relevant, and to develop our business).

To provide access to our systems for audit, review or other quality assurance checks:

  • Necessary to comply with our legal obligations.

Ensuring that our policies, procedures and standards are adhered to (to include equal opportunities monitoring):

  • For our legitimate interests (this includes carrying out the business of providing our services and pursuing our general business interests)
  • Necessary to comply with our legal obligations (such as under employment law and health and safety).

Preserving the confidentiality of commercially sensitive information:

  • For our legitimate interests (or those of our clients or a third party)
  • Necessary to comply with our legal obligations.

Updating and maintaining client(s) records:

  • Performance of a contract with our client(s) or to take steps at a potential client’s request before entering into our retainer
  • Necessary to comply with our legal obligations.

For the day to day operations of our business to include the use of third party service providers (including recruitment consultants, general office services and IT support):

  • For our legitimate interests (this includes carrying out the business of providing our services and pursuing our general business interests).

Debt recovery – collecting and recovering sums owed to us:

  • Performance of a contract with our client(s)
  • For our legitimate interests (this includes carrying out the business of providing our services and pursuing our general business interests).

To make suggestions and recommendations to you about services that may be of interest to you and advising you on ways we can assist you:

  • Performance of a contract with our client(s)
  • Necessary for our legitimate interests (to develop our services and grow our business).

Making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted by law:

  • Necessary to comply with our legal obligations.

For recruitment purposes to enable us to assess the skills, qualifications and suitability of potential candidates for a particular role, carry out background and reference checks (where applicable) and communicate with the candidates about the recruitment process:

  • It is in our legitimate interests to decide whether to appoint an individual to a particular role since it would be beneficial to our business to appoint someone to that role
  • We also need to process personal information to decide whether to enter into a contract of employment with a candidate.

To carry out customer and market research and to provide you with information about the products and services we offer at CYFOR:

  • Necessary for our legitimate interests (to develop our services and grow our business).

To register our clients, potential clients and business associates for events, conferences, training services, newsletters, e-bulletins, announcements and promotions to promote our services:

  • Necessary for our legitimate interests (to develop our services and grow our business).

To notify our clients about changes to our services, policies, procedures and terms of business:

  • Performance of a contract with our client(s)
  • Necessary for our legitimate interests (to develop our services and grow our business).

Learn more about our privacy notice here. 

Accreditations & partners

CYFOR Legal | eDiscovery