GDPR Compliance

Our Commitment to GDPR Compliance

Segno Corporate Law is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a law firm, we understand the critical importance of protecting personal data and maintaining the trust of our clients and website visitors.

Data Controller Information

Segno Corporate Law acts as the data controller for personal data collected through our website and in the course of providing legal services. Our details are:

• Company: Segno Corporate Law
• Address: 47 Chancery Lane, London WC2A 1PL, United Kingdom
• Email: [email protected]

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The legal bases we rely upon include:

Contract Performance

We process data necessary to provide legal services you have requested or to take steps at your request prior to entering into a contract. This includes processing your contact details, case information, and any other data required to fulfil our professional obligations.

Legal Obligations

As a regulated law firm, we are required to process certain data to comply with our obligations under the Solicitors Regulation Authority Code of Conduct, anti-money laundering regulations, and other applicable laws.

Legitimate Interests

We may process data based on our legitimate business interests, provided these do not override your fundamental rights. Examples include improving our services, website security, and business development activities.

Consent

Where required, we obtain your explicit consent before processing your data. This applies particularly to marketing communications. You may withdraw consent at any time.

Your Rights Under GDPR

The UK GDPR provides you with the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with information about how it is processed.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to have incomplete data completed.

Right to Erasure (Article 17)

In certain circumstances, you have the right to request deletion of your personal data. This right is not absolute and may be subject to legal retention requirements.

Right to Restriction (Article 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected]
Subject line: "Data Protection Request"

We will respond to your request within one month. In complex cases, we may extend this period by up to two additional months, but we will inform you of any extension within the initial one-month period.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and penetration testing
• Access controls limiting data access to authorised personnel
• Staff training on data protection and security
• Incident response procedures for potential data breaches
• Regular backups and disaster recovery planning

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk, we will also notify affected individuals directly without undue delay.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Transfers to countries with adequacy decisions
• Standard contractual clauses approved by the ICO
• Binding corporate rules where applicable

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to individuals' rights and freedoms, as required by Article 35 of the UK GDPR.

Supervisory Authority

The supervisory authority for data protection in the United Kingdom is the Information Commissioner's Office (ICO). You have the right to lodge a complaint with the ICO if you believe your data protection rights have been violated.

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Statement

We review our GDPR compliance measures regularly and may update this statement to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us at [email protected].