1.PURPOSE OF THIS NOTICE

This notice describes how we collect and use personal data about you, in accordance with the data protection and privacy laws and regulations applicable to us or to our processing of your personal data.

This notice describes how we may collect, use, store and transfer information about data subjects. Due to the nature of our business, we process data which relates to a variety of categories of data subjects.

Depending on the nature of our relationship with you, we may collect, use, store and transfer different kinds of personal data about you as a data subject. We have grouped data subjects together into the following categories:

  • Our clients and other people who use our services, including the employees of any clients and people who are prospective clients or who make enquiries with us about engaging our services (referred to for convenience in this notice as ”Clients”);
  • Professional or business contacts including the employees of any such contacts (referred to for convenience in this notice as “Contacts”);
  • Our Partners, employees, consultants, workers, work experience students, and job applicants (referred to for convenience in this notice as ”Employees”);
  • Our suppliers and service providers, including professional advisers and experts, and their agents, employees and representatives (referred to for convenience in this notice as “Suppliers)”; and
  • Visitors to our websites (referred to for convenience in this notice as ”Visitors”).

Paragraphs 3, 4 and 5 of this notice contain specific information for different categories of data subjects. The other paragraphs of this notice contain information relevant to all categories of data subjects, including the data subject rights described in paragraph 9 of this notice.

Where we refer to our “websites”, this means this website and any other websites operated by any of the RBG Group of companies, including those which we operate under our brands “Memery Crystal” and “Rosenblatt”.

Our websites are not intended for children and we do not knowingly collect data relating to children from our websites. We may however process personal data relating to children where they are Clients or related to our Clients’ instructions.

We use cookies on our websites and this is explained in our cookies policy here.

Please read this notice carefully to learn about our practices regarding your personal data and how we will treat it.

2.ABOUT US

The RBG Group is made up of different legal entities, details of which are listed below:

Full nameTrading name(s)Company registration no.Registered officeUK ICO registration no.Data Protection Officer or Manager  
RBG Holdings PLC  none11189598165 Fleet Street, London, England, EC4A 2DY  ZA365637No DPO appointed.   Please contact our DPM: DPFW@rbgholdings.co.uk  
RBG Legal Services Limited  Memery Crystal, Rosenblatt, and RBGLS13287062165 Fleet Street London EC4A 2DY  ZB065504DPO: Ceri Hughes ceri.hughes@rbgls.co.uk Tel. +44 (0) 20 7242 5905
Rosenblatt Limited  none13601148  C/O Memery Crystal, 165 Fleet Street, London, England, EC4A 2DYZA357110DPO: Ceri Hughes ceri.hughes@rbgls.co.uk Tel. +44 (0) 20 7242 5905  

This privacy notice is issued on behalf of the RBG Group so when we mention “RBG Group”, “we“, “us” or “our” in this privacy notice, we are referring to the relevant entity in the RBG Group responsible for processing your data. We share your personal data between entities in the RBG Group from time to time; please refer to paragraph 6 (Data Sharing) below for more information.

A “data controller” is a person who is responsible for deciding how and the purposes for which they hold and use personal data about you. We will tell you which entity in the RBG Group is the controller for your personal data. We are required under the data protection legislation to notify you of the information contained in this privacy notice.

For example, RBG Legal Services Limited is the controller and is responsible for your personal data when you instruct us in a legal matter or purchase a service from us, or use the websites we operate under our brands “Memery Crystal” and “Rosenblatt”. RBG Holdings Plc may also process your personal data in connection with its management and administration of the RBG Group.

RBG Legal Services Limited is authorised and regulated by the Solicitors Regulation Authority with SRA ID 820215.

Some of the entities in the RBG Group have appointed a Data Protection Officer, or “DPO” who is responsible for assisting with enquiries in relation to this privacy notice and our treatment of your personal data. Where a DPO has been appointed, their name and contact details are listed in the table above. Where an entity has not appointed a DPO, the contact details of the Data Protection Manager, or “DPM” are listed in the table.

If you wish to contact our DPO or DPM, please see the contact details in paragraph 2 (About us) above.

3.HOW WE MAY COLLECT YOUR PERSONAL DATA

All Data Subjects

We will collect and process information about you: (i) when you contact us by email, telephone, post, social media or otherwise; and (ii) from third parties and/or publicly available resources (for example, from Companies House and other public registers; from LinkedIn or other business directories or professional listings; from your organisation or other business websites on which information about you is published). We may also use these third party and/or publicly available sources to keep the contact and other information we already hold for you up to date.

If you submit an enquiry to us then, depending on the nature of your enquiry, we may collect further details from you so as to understand the context in which you are making the enquiry and/or to understand the legal or other services that may be of interest to you, or which you may be offering to provide to us.

Clients

If you are or become a Client, or make enquiries with our with regard to potentially engaging us to provide our services to you, then we will collect and process information about you: (i) when you make an enquiry or request a proposal from us in relation to our services; (ii) when you or your employer or other relevant organisation engages us to provide our services; and (iii) during the course of the provision of those services.

Contacts

If you are a Contact and you provide us with your professional or business contact details (or other relevant personal data), we will use this in order to keep in touch with you and exchange information that we believe is, or may become, relevant to our and your business or profession.

Employees

If you are an Employee then we will collect and process additional personal data about you as described in your employment contract, our employee handbook and internal policies, and/or any other applicable separate documents provided to you in connection with your position or your application for a position with us.

Visitors

We will only collect personal data about you via our websites, apart from your IP address and cookie data, when you contact us to request further information about our legal or other services or if you apply for a position with us. On various occasions, including through forms on our websites, we may invite or request you to submit your contact details and other information about yourself or your organisation, or to send us emails, each of which will identify you.

4.THE KIND OF INFORMATION WE HOLD ABOUT YOU

All Data Subjects

The information we hold about you may include the following:

  • Your personal details (such as your name, address and other contact details), your organisation and position in that organisation;
  • Details of any contacts we have had with you in relation to the provision, or the proposed provision, of services to you or by you;
  • Details of any services you have received from us, or provided to us;
  • Our correspondence and communications with you;
  • Information about any complaints and enquiries you may have submitted to us;
  • Information from any research or surveys conducted by us in which you may have participated;
  • Information about how you use our websites, products or services;
  • Information from any marketing activities to which you may have responded or in which you may have participated; and
  • Information we receive from other sources, such as publicly available information, and information provided by third parties, such as your employer or other relevant organisation.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered “personal data” in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate data about how you use our websites to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Clients

If you are a Client then we may collect and process additional information about you relevant to (i) your enquiry or request for a proposal from us in relation to our services; (ii) your engagement of us to provide our services; (iii) the provision of our services; and/or (iv) the management and administration of the relationship between us; which will be as described in the engagement terms between us.

We may also collect financial and transactional information relating to payments made in relation legal or other services we may provide, which may include bank account, payment card, insurance and other financial details, and details of the services provided.

The information we collect may include information in order to satisfy our obligations under Anti-Money Laundering Regulations and other legislation applicable to the provision of our services. If you do not provide us with the information we need, we will not be able to provide our professional services for you or the company or other person you represent.

We may also collect special categories of personal data if it is relevant to the matter or claim (this could include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), or about criminal convictions and offences.

Employees

If you are an Employee then we will collect and process additional personal data about you as described in your employment contract, our employee policies, and/or any other applicable separate documents provided to you in connection with your position or your application for a position with us.

Suppliers

Financial and transactional information relating to payments we make in relation to goods or services you supply to us. This may include bank account, payment card, insurance and other financial details, and details of the goods or services provided.

5.HOW WE USE INFORMATION WE HOLD ABOUT YOU

Clients

If you are a Client then we will use your personal data for purposes additional to the purposes set out in this notice, including in relation to the management and administration of the relationship between us, which will be as described in the Engagement Letter between RBG Legal Services Ltd and you. As the Engagement Letter is a contract between you and RBG Legal Services Ltd and therefore the basis on which we process your data is usually in connection with the performance of this contract.

RBG Holdings Plc may also process your personal data as an independent data controller for its legitimate interests in the management and administration of the RBG Group. Please refer to paragraph 6 (Data Sharing) below for more information.

Employees

If you are an Employee then we will use your personal data for purposes additional to the purposes set out in this notice, as described in your employment contract, our employee handbook and internal policies, and/or any other applicable separate documents provided to you in connection with your position or your application for a position with us.

All Data Subjects

We may process your personal data for purposes necessary for the performance, management and administration of our contract with you, or for steps preparatory to entering into a contract with you, and to comply with our legal obligations.

We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of your personal data. This includes processing for our own marketing, business development, statistical and management purposes.

Generally we do not rely on consent as a legal basis for processing your personal data. However, if we do process your personal data for certain additional purposes with your consent, in these limited circumstances then (i) we will request such consent from you separately, and (ii) you have the right to withdraw your consent to processing for such specific purposes at any time by contacting us.

Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.

Situations in which we will use your personal data

We may use your information in order to:

  • Carry out our obligations arising from any agreements entered into between you or your employer or other relevant organisation and us (which will most usually be our engagement for the provision of our legal services);
  • If you are a Client, we may provide you with marketing communications related to our services and our events, unless you have unsubscribed or notified us that you do not wish to receive further marketing communications from us;
  • If you are a Contact or a Supplier and we have collected your personal data in your or your employer’s professional or “business to business” (B2B) capacity (rather than in your own personal capacity), then we may provide you with marketing communications related to our services and our events. Examples of this may include where you have provided us with your details at promotional event or similar networking occasion. However, if we have collected your personal data in your personal capacity, we will only provide you with marketing communications if you have expressly consented to be contacted for such purposes. In either case, we may continue to provide you with marketing communications unless you have unsubscribed or notified us that you do not wish to receive further marketing communications from us;  
  • Seek your thoughts and opinions on the services we provide;
  • Notify you about any changes to our services, our terms of business or this Privacy Notice; and
  • To comply with a legal and/or statutory obligation.

In some circumstances we may anonymise or pseudonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.

Data Retention

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our business and the services provided;
  • The purposes for which we originally collected the personal data;
  • The lawful grounds on which we based our processing;
  • The sensitivity of personal data we have collected;
  • The amount and categories of your personal data;
  • The potential risk of harm from unauthorised use or disclosure of your personal data; and
  • Whether the purpose of the processing could reasonably be fulfilled by other means.

If you are or become a Client (or the organisation or other person you represent is or becomes a Client ), we normally retain information related to our engagement (including personal data) for a minimum period after the end of the relevant engagement or client relationship, or for longer where it is necessary for us to do so for compliance with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with our Client to do so. In most cases, files held in our storage facility will normally be deleted after 6 years, but in some cases it may be necessary for us to retain records indefinitely.

In some circumstances you can ask us to delete your data: see the paragraph 9 “Rights Of Access, Correction, Erasure, And Restrictionand 10 “Right of Erasure below for further information.

Change of purpose

Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where we reasonably consider that reason is compatible with the original purpose.

Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing. Please note that we may be required to process your personal data without your knowledge or consent, where it is a legal obligation for us to do so.

6.DATA SHARING

Why might you share my personal data with third parties?

We will share your personal data with third parties where we are required to do so by law, where it is necessary to manage or administer the relationship between us, or where we have another legitimate interest in doing so.

Which RBG Group entity might you share my personal data with?

We may share your personal data with RBG Holdings Plc in connection with its administration and management of the RBG Group, and/or some or all of the other entities in the RBG Group from time to time. Details of these entities are set out in paragraph 2 (About us) above.

In certain situations we may not be able to share information with RBG Group entities due to our professional obligations of confidentiality or due to potential conflicts of interest.

These RBG Group entities are all based in the United Kingdom and may be acting as independent data controllers or processors, and provide centralised IT, HR, payroll, accounting and other system administration services and undertake management, administration and leadership reporting.

We have put in place data sharing agreements with the other RBG Group entities with which we share your personal data.

Which third-party service providers process my personal data?

Third parties” includes third-party service providers. The following activities are carried out by third-party service providers, who are acting as our data processors: IT and data storage services (including cloud-based technology services, such as data room providers or e-discovery service providers), professional advisory services, word-processing, photocopying, translation and other administration services, marketing and event organisation services, recruitment services (including referees and application screening services), and banking services.

RBG Legal Services Ltd has appointed the third party service providers, including the following:

  • The Justice Platform Ltd (trading as Legl), to process personal data of our Clients on our behalf using automated client due diligence (CDD) services when we create and/or open a new file on your behalf as our Client, to comply with our anti money laundering obligations. Legl may instruct sub-processors in connection with this processing for this purpose. Legl is incorporated in England and Wales with company number 09534141 and has its registered office at Office 7, 35-37 Ludgate Hill, London, EC4M 7JN. In some situations, such as if you are an Employee, Legl will process your personal data as a data controller. Legl is registered with the Information Commissioner’s Office as a data controller, with registration number ZA115706 and its Privacy Policy is available here.
  • The Data Business Limited, to update and maintain the accuracy of contact data of Contacts and Clients which we hold for our own marketing purposes. The Data Business Limited has appointed a sub-processor in India to assist with this exercise. The Data Business Limited is incorporated in England and Wales with company number 11777236 and has its registered office at Mill Studio, 17a Stour Street, Canterbury, England, CT1 2NR. It is registered with the Information Commissioner’s Office as a data controller, with registration number ZA820036 and its Privacy Policy is available here.

A full list of our third-party service providers is available on request. Please see the contact details in paragraph 2 (About us) above.

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may share your personal data with other third parties, who may be acting as independent controllers, for example in the context of the possible sale, transfer, merger or restructuring of our business, or the acquisition of another business by us. If such change happens to our business, then the new owners of our business may use your personal data in the same way as set out in this privacy policy.

We may share your personal data where external organisations are required to conduct audits or undertake quality checks for us, or where sharing with third parties such as counsel or other lawyers, accountants, investigators, insurers or experts is appropriate in order to provide our services to our Clients. These third parties may be acting as independent controllers or as data processors.

We may also need to share your personal data with regulators, HM Revenue & Customs or other authorities or to otherwise comply with the law. We may disclose your personal data in order to protect our rights or property or those of our Clients or others, and this includes exchanging information with other companies and organisations for the purposes of fraud prevention, compliance with anti-money laundering and ‘know your client’ requirements, and credit risk reduction. These third parties may be acting as independent controllers or as data processors.

We will get your express opt-in consent before we share your personal data with any company outside the RBG Group for their own marketing purposes.

7.TRANSFERRING INFORMATION OUTSIDE THE UNITED KINGDOM (UK)

We may on occasion transfer your personal data to third parties, including third party service providers, who are located outside of the UK for specific purposes, or where the relevant legal matter on which we are engaged is related to non-UK circumstances.

If any third parties by whom your personal data are to be processed are based outside the UK so that their processing of your personal data will involve a transfer of data outside the UK we will ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data through Adequacy Regulations made under Section 17A of the Data Protection Act 2018, such as other member states within the European Economic Area; or
  • we may use Standard Contractual Clauses or other specific contracts, which have been approved by the UK Information Commissioner’s Office, which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism to be used by us if we are to transfer your personal data outside of the UK. Please see paragraph 2 (About Us) above for our contact details.

8.DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties service providers who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

9.RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION  

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Should your personal data change, please notify us of any changes of which we need to be made aware by contacting us.

Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

  • Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to another party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

If you wish to exercise any of the above rights, please contact us. The contact details of our DPO or DPM are available at paragraph 2 (About us).

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

10.RIGHT TO WITHDRAW CONSENT  

In those circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. The contact details of our DPO or DPM are available at paragraph 2 (About us).

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdraw your consent.

11.CHANGES TO THIS NOTICE

Any changes we may make to our privacy notice in the future will be notified by publishing an updated version on our websites at: www.rbgholdings.co.uk, www.rosenblatt-law.co.uk, and www.memerycrystal.com.

12.CONTACT US

If you have any questions regarding this notice or if you would like to speak to us about the manner in which we process your personal data, please contact us. The contact details of our DPO or DPM are available at paragraph 2 (About us).

You also have the right to make a complaint to the Information Commissioner’s Office (ICO: www.ico.org.uk), the UK supervisory authority for data protection issues, at any time.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

This notice was last updated on December 2023.