The following terms set out the basis on how we treat data received during the provision of our services to our clients. In particular, these terms clarify the respective areas of responsibility between Haslocks Limited and any other party from or to whom personal data is provided.
1.1 In these terms the following definitions shall apply:
‘client personal data’ means any personal data provided to us by you (whomever you are and in whatever capacity you act) or on your behalf for the purpose of providing our services to our clients;
‘data protection legislation’ means all applicable privacy and data protection legislation and regulations including PECR (defined below), the GDPR (defined below) and any applicable national laws, regulations and secondary legislation in the UK relating to the processing of personal data and the privacy of electronic communications, as amended, replaced or updated from time to time;
‘controller’, ‘data subject’, ‘personal data’, and ‘process’ shall have the meanings given to them in the data protection legislation;
‘GDPR’ means the General Data Protection Regulation ((EU) 2016/679); and
‘PECR’ means the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003).
1.2 Both the data provider and the data recipient shall each be considered an independent data controller in relation to personal data. Each of us will comply with all requirements and obligations applicable to us under the data protection legislation in respect of the personal data.
1.3 You shall only disclose personal data to us where:
- you have provided the necessary information to the relevant data subjects regarding its use (with reference, where appropriate, to our privacy notice available at https://www.haslocks.co.uk/privacy-policy/); and/or
- you have a lawful basis upon which to do so, which, in the absence of any other lawful basis, shall be with the relevant data subject’s consent; and
- you have complied with the necessary requirements under the data protection legislation to enable you to do
1.4 Should you require any further details regarding our treatment of personal data, please contact our head of privacy.
1.5 We shall only process the personal data:
- in order to provide our services to our clients;
- in order to comply with our legal or regulatory obligations;
- where the lawful data processing basis of legitimate interest applies; and
- in accordance with the terms of business agreed with our clients but also our privacy notice available at https://www.haslocks.co.uk/privacy-policy/ which contains further details as to how we may process personal data.
1.6 For the purpose of providing our services to our clients, we may disclose personal data to:
- our regulatory body, the Institute of Chartered Accountants in England & Wales;
- the regulatory bodies which, from time to time, monitor and regulate the insolvency profession and/or insolvency practitioners;
- brokers with a current or prospective working relationship with our clients;
- insurance managers and those with delegated claims control;
- coverholders and those with delegated underwriting authority;
- insurance companies and syndicates with an interest in the notifications, claims or insurance matters being considered by us for our clients;
- relevant insolvency practitioners with an interest in the notifications, claims or other insurance matters being considered by us for our clients; and/or
- other third party service providers to include Milsted Langdon LLP and its affiliates.
1.7 The third parties to whom we disclose personal data may be located outside of the European Economic Area (EEA). We will only disclose personal data to third party (including a third party outside of the EEA) provided that the transfer is undertaken in compliance with the data protection legislation.
1.8 We may disclose the personal data to other third parties in the context of a possible sale, merger, restructuring or financing for investment in our business. In this event we will take appropriate measures to ensure that the security of the client personal data continues to be ensured in accordance with data protection legislation. If a change happens to our business, then the new owners may use our client personal data in the same way as set out in these terms.
1.9 We shall maintain commercially reasonable and appropriate security measures, including administrative, physical and technical safeguards, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
1.10 In respect of personal data, provided that we are legally permitted to do so, we shall promptly notify you in the event that:
- we receive a request, complaint or any adverse correspondence from or on behalf of a relevant data subject, to exercise their data subject rights under the data protection legislation or in respect of our processing of their personal data;
- we are served with an information, enforcement or assessment notice (or any similar notices), or receive any other material communication in respect of our processing of personal data from a supervisory authority as defined in the data protection legislation (for example in the UK, the Information Commissioner’s Office); or
- we reasonably believe that there has been any incident which resulted in the accidental or unauthorised access to, or destruction, loss, unauthorised disclosure or alteration of, personal d
1.11 Upon the reasonable request of the other, we shall each cooperate with the other and take such reasonable commercial steps or provide such information as is necessary to enable each of us to comply with the data protection legislation.