How we will use your personal data
Mills & Reeve LLP will process your personal data fairly and lawfully in accordance with professional standards and, from the date it comes into force in the UK, the General Data Protection Regulation (EU) 2016/679 and any other applicable laws relating to the protection of personal data and the privacy of individuals. This notice sets out how we use your personal data provided to us to register you for access to the extranet on your own behalf and on behalf of your institution / employer. Further information on how we use personal data provided by our clients is available on our website: www.mills-reeve.com/client-privacy-notice. We may amend our privacy information periodically to ensure that it is operating effectively and complies with relevant laws and regulations.
Our legal basis for processing your data for the purposes of facilitating access to the extranet is your consent. You may withdraw your consent at any time by emailing email@example.com; this will not affect the lawfulness of any processing based on your consent before you withdrew it. If you withdraw your consent, we will delete your personal data and you will no longer be able to access the extranet.
Where you provide any personal data to us (including that of third parties on behalf of your institution / employer), you are responsible for ensuring that disclosure by you, or on your behalf to us, for the use by us in the provision of our services complies with the requirements of data protection legislation. You have the sole responsibility for the accuracy quality and legality of the personal data you provide to us.
Your personal data may be seen or used by our staff or others working lawfully for us in the course of managing the secure access to our extranet. We may need to share your data with relevant third parties in order to fulfil our legal and professional obligations or where you ask us to share your data. We do not expect to share this data outside of the EEA but where this is essential to manage your access to the extranet and for the delivery of these terms, we will take steps to ensure that your data is adequately protected in accordance with UK legal requirements. Where we are in a contractual relationship with the recipient, such protection will normally consist at minimum of appropriate contractual protections agreed between us and the recipient.
On receipt of a request from you or on your behalf by an authorised member of your institution / employer to remove your access in accordance with these terms, we will delete your personal data or that of the third parties. We may be obliged to suspend any planned deletion where legal or regulatory proceedings require it or where proceedings are underway such as require the data to be retained until those proceedings have finished.
You have the right to request copies of the personal data we hold about you, to ask for inaccuracies in your personal data to be corrected, and in certain circumstances for us to stop processing your personal data or for your personal data to be erased. Please contact firstname.lastname@example.org. If you believe that we have not complied with any of our obligations under data protection laws in the UK, please let us know. You have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk).