Why we collect data
- To maintain our contractual and/or other business relationship with you in order to provide our services
- To be able to contact you via email, post, fax, phone and other means
- To keep you informed about our activities and to update you on aspects of law in the field of intellectual property and other related changes and developments
Legal basis for processing
The legal basis for our processing of your data is compliance with the contractual or precontractual relationship established with you, as well as your consent, or the legitimate interest in sending information that we consider to be in your interest.
What information we collect
- Personal data, including name, postal address and contact details (email addresses, phone numbers, fax numbers, nationality etc) for the purpose of client engagement
- Name, postal address and other details of clients and employees of clients for handling matters on behalf of clients and prospective clients, and keeping clients and prospective clients informed
- Names, job positions and email addresses and telephone numbers for potential and prospective clients and employees of potential and prospective clients
- Financial details for invoicing clients
- Names, addresses and other contact details and CVs for job applicants
- Details of inventors and designers for the purpose of filing patent and design applications
How we collect information
We mainly collect data directly from clients and prospective clients while handling and processing matters on their behalf, or when we are approached by prospective clients. We create some data internally (for example when we assign a client a number in our database records). We also obtain data from receipt of business cards during meetings.
We may also collect some data from external sources, for example from publicly available databases and registers.
How we use information
We use information
- To provide services to clients and prospective clients
- To ensure we send you appropriate information and updates
- To maintain our records and accounts information
If you do not provide the information we request, we may not be able to provide services to you.
How long we keep information
We keep information for a period of at least 6 years from the period of last activity involving the data. Where information relates to prosecution of a patent application, we keep data for at least 20 years from the date of filing of the application. Where information relates to another registered right, we keep data for 6 years from the date on which the registered right expires.
Our Client Data Retention Policy is available upon request from MSK.
How we disclose information to third parties
MSK does not sell, provide or supply personal data to third parties for commercial purposes or for financial gain. However, in order to handle matters for clients and prospective clients appropriately, we may need to send client data to:
- Outsourced/overseas consultants and associates, especially firms of patent and trade mark attorneys in other countries
- Outsourced accounting services
- Barristers, lawyers, search companies, translators and private investigators
- Courts and Tribunals
- The European Patent Office, the UK Intellectual Property Office, the European Union Intellectual Property Office, the World Intellectual Property Organisation and other overseas national patent and trademark offices
- Domain name authorities
Where we store information
We store client data and prospective client data in paper files, electronic files including documents, emails, spreadsheets and databases. Paper files are kept in our main offices and in an archiving storage facility. Electronic documents are kept on proprietary servers, outsourced back up servers and outsourced storage in the cloud, which may be transferred to and stored at a destination outside the European Economic Area. If there is not an adequacy decision by the European Commission in respect of those countries, we will ensure that contractual terms guarantee that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal information to those employees, agents, contractors and other third parties who have a business need to know.
In the event that MSK becomes aware of a personal data breach, MSK will report the breach to the affected person(s) and to the Information Commissioner within 72 hours of discovery.
Client rights and complaints
Clients have the right to find out what data we hold about them. They can find out by making a written request for disclosure to:
Miller Sturt Kenyon
9 John Street London
or to firstname.lastname@example.org.
Clients can also ask us to transfer, erase or rectify their personal data in the circumstances set out in the GDPR by sending a request in writing to the address above.
We will deal with requests for disclosure, erasure and rectification free of charge within 30 days of receipt of the request. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. For disclosure requests, we will provide an electronic copy of the data we hold. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Clients can exercise their right not to receive services, information or product from MSK at any time by communicating their preferences to MSK.
Clients can also make a complaint about the data we are holding, how we are using the data and our response to a request above by contacting the Managing Director at the above address. Clients have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.