Last Updated: 2022-11-14
This Policy supplements other online Gelfand privacy policies and notices. If there is a conflict between any other Gelfand policy, statement, or notice and this Policy, this Policy will prevail as to residents of the European Economic Area (‘EEA’) and United Kingdom (‘UK’) and their respective rights under the European Union’s General Data Protection Regulation and the United Kingdom’s General Data Protection Regulation (collectively, the ‘GDPR’). Gelfand is the data controller for your personal data collected through the website. We may process your personal data ourselves or through others acting as data processors on our behalf.
For the purposes of this policy, ‘controller’ means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing of personal data. Gelfand is the data controller for your personal data collected through the Website. ‘Data subject’ means the natural person about whom a controller holds personal data and who can be identified, directly or indirectly, by reference to that personal data. You are the data subject of the personal data collected about you.
We may provide supplemental privacy notices when we collect personal data about you for specific purposes, such as when you become a client, so that you are fully aware of how and why we are using your personal data. These supplemental notices should be read together with this Policy.
If you have any questions about this Policy, you can contact us at firstname.lastname@example.org.
Personal Data Collection
The personal data we collect about you may include:
- Contact Data. You may provide your contact details, such as your name, address, phone number, email address or other similar information.
- Other Information You Provide. This includes emails and other communications that you send us or otherwise contribute, such as answers to surveys or polls.
We do not collect personal data through cookies, trackers, or other automated tracking means.
Personal Data Processing
We may process your personal data to:
- Contact you, transact with you, or respond to your comments, questions or requests;
- Make recommendations of services to you;
- Provide you with information that you request or which we feel may interest you related to our services and our events and activities;
- Seek your thoughts and opinions on our services;
- Prevent and address fraud, breach of policies or terms of business, and threats or harm;
- Ensure the security and integrity of the personal data we process; and
- Comply with legal requirements.
These processing activities are carried out according to the following legal bases:
- The processing is necessary for us to provide you with services you have requested.
- We have a legal obligation to process your personal data or we reasonably believe that it is necessary to protect our rights or to comply with judicial or regulatory proceedings, a court order, or other legal process.
- We have a legitimate interest in using your personal data. For example, we have a legitimate interest in the following cases:
- To make recommendations of other service providers to you.
- For statistical and management purposes.
- To evaluate and improve our services.
- If you have consented to the processing of your personal data. If you consent, you have the right to withdraw your consent at any time.
Disclosure of Personal Data
We may share your personal data:
- With those you have requested us to share information with.
- With our affiliates, including Gelfand, Rennert & Feldman, LLC, when it is reasonably necessary or desirable, such as to provide services to you.
- With third parties, including vendors and professional advisers, to whom we disclose information in the course of providing services to you or to the entity that has engaged us to provide the services.
- To abide by applicable law or protect rights and interests. For example, we may disclose personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights or interests, or to prevent fraud or abuse.
- If we are involved in a business transaction, such as a reorganisation, merger, acquisition or sale of some or all of our assets, including negotiations of such transaction.
Personal Data Transfers out of the European Economic Area (‘EEA’) and United Kingdom (‘UK’)
Certain of our subsidiaries, affiliates, advisers, and vendors are located outside the EEA and the UK, including in the United States. We transfer your personal data to Gelfand, Rennert & Feldman, LLC, our affiliate in the United States, for their provision of services to you and as part of our business relationship with them. When we transfer personal data to countries outside the EEA and the UK, we will ensure there are measures in place that provide appropriate safeguards for your personal data using approved and valid personal data transfer mechanisms, such as the European Union’s Standard Contractual Clauses or the UK’s International Data Transfer Agreement. For further information on the mechanism(s) used to transfer your personal data, please contact us at email@example.com.
We maintain appropriate administrative, technical, physical, and organisational safeguards designed to help protect personal data from unauthorised disclosure or access and accidental or unlawful destruction, loss, or alteration. Although we use reasonable efforts to safeguard personal data, we cannot guarantee the security of personal data obtained or stored electronically.
We will retain your personal data for as long as necessary for the performance of our obligations or to fulfil the purposes for which the information was collected, or as may be permitted under applicable law, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To determine the appropriate retention period, we consider:
- the requirements of our business and the services provided;
- any statutory or legal obligations;
- the purposes for which we originally collected the personal data and whether we can achieve those purposes through other means;
- the lawful basis for the processing;
- the amount, nature and sensitivity of the personal data; and
- the potential risk of harm from unauthorised use or disclosure of the data.
According to our terms of engagement, we keep records for a minimum of six years after we provide our services or for a minimum of six years after the end of the accounting/tax year to which the data relates. In other cases, we retain data a minimum period of six years after our relationship with the data subject ceases to be active or relevant.
Unless subject to the considerations listed above or otherwise required by applicable law, at the end of the retention period we will securely remove personal data from our systems and records.
Rights and Choices
You have the right to:
- request access to your personal data (commonly known as a data subject access request) and request certain information in relation to personal data processing;
- request correction of your personal data;
- request the deletion of your personal data;
- request that we restrict our processing of your personal data;
- object to our processing of your personal data; and
- request the transfer of your personal data to another party.
You can submit these requests by email at firstname.lastname@example.org. We may need to request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
We will provide you with appropriate opportunities to opt out of sharing your personal data as required by law, and will request opt-in consent prior to using personal data for a purpose other than the purpose for which it was originally collected.
If you provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us at email@example.com.
You also have the right to lodge a complaint with your supervisory authority. You can find information about your data protection regulator at https://edpb.europa.eu/about-edpb/board/members_en or make a complaint to the UK ICO at https://ico.org.uk/make-a-complaint/.
Our practices with respect to personal data may vary from time to time. We reserve the right to update this Policy at any time. Changes will be effective immediately upon posting of the revised Privacy Notice, as indicated by the ‘Last Updated’ date at the top of this page.
You may contact our Head of Privacy by email at firstname.lastname@example.org or by telephone on 020 7430 9777.
Gelfand Rennert and Feldman UK
Attn: Head of Privacy
2nd Floor Northumberland House
303-306 High Holborn
London, WC1V 7JZ.