Who we are and what the purpose of this document is

MR&T Advisory Limited (“MR&T Advisory”) is committed to protecting the privacy and security of your personal information. MR&T Advisory is a legal consultancy whose status is a private limited liability company registered in England and Wales with company number 13506723 and with registered office address at 3rd Floor 86 – 90 Paul Street, London, United Kingdom, EC2A 4NE.

This policy describes how we collect and use personal information about you when you visit our website https://mrtadvisory.co.uk/ and also during and after your business relationship with us (as is applicable), in accordance with the applicable data protection legislation including, for the avoidance of doubt, the Data Protection Act 2018 and the General Data Protection Regulations (the “GDPR”).

MR&T Advisory is a “data controller” (Information Commissioner’s Office registration reference ZB135156). This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this policy.

This policy applies to people who visit our website, people who enquire about our services, our current clients, prospective clients and former clients. We may update this policy at any time.

It is important that you read this policy, so that you are aware of how and why we are using such information.

Data protection principles

We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, store, and use the following categories of personal information about you:

• • Identity Data: your name, copies of your passport, driving licence, national identity card, utility bills and/or other identifying information required to be provided to us for anti-money laundering purposes.

• • Contact Data: Personal contact details such as addresses, telephone numbers, and personal email addresses.

• • Enquiry Data: your enquiries about potentially engaging us to provide services to you.

• • Financial Data: such as source of and net wealth, assets held, source of funds, bank account details and other billing data.

• • Services Data: Details of services provided by us to you or how you use our services that may include personal data e.g. personal data about you connected with your instructions to us, including correspondence between us, notes of our calls and meetings, and third party information about your matter.

• • Marketing and Communications Data: such as your communications preferences and how you have responded to our marketing communications.

The data protection legislation recognises “special categories” of more sensitive personal data which require a higher level of protection. We do not collect any special categories of personal data about you (these include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How is your personal information collected?

We use the following methods to collect personal data from and about you:

• • Via direct interactions with you via post, via email, via video conferences, via telephone or in person. In such cases you provide personal data to us.

• • Via third parties or publicly available sources. We may obtain personal data about you from public sources such as social media or your organisation’s website. We may also receive personal data about you from someone who has recommended us to you and given us your contact details.

• • Via data analytics. Our website uses cookies to help with analytics.  This generates reports on visits to our website, which do not include identity or contact data.

How we will use information about you and the legal basis for processing your data under the GDPR

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. • Where we need to perform the contract we have entered into with you or in order to take steps at your request prior to the entry into a contract.
   • Where we need to comply with a legal obligation.
   • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
   • Where it is necessary in order to protect your vital interests or someone else’s vital interests.
   • Where you have consented to the processing.

Situations in which we will use your personal information

We need the categories of information in the list above (see The kind of information we hold about you) primarily to allow us to perform our contract with you and to enable us to comply with our legal and compliance obligations. In some cases we may use your personal information to pursue legitimate interests of our own, provided your interests and fundamental rights do not override those interests. The table below sets out in more detail the lawful basis we rely on to process personal data and the reason we are processing it. Some of the below grounds for processing will overlap and there may be several grounds which justify our use of your personal data.

Purpose/ Activity	Type of Data	Lawful basis for processing including basis of legitimate interest
To respond to your enquiry	Identity Data Contact Data Enquiry Data	Legitimate interests, including pursuing an opportunity to win you as a new client   Performance of a contract with you
To register you as a new client	Identity Data Contact Data Financial Data	Performance of a contract with you   Necessary to comply with a legal obligation
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy and cookie policy Asking you to leave a review or take a survey	Identity Data Contact Data Services Data Marketing and Communications Data	Performance of a contract with you   Necessary to comply with a legal obligation   Necessary for our legitimate interests (to keep our records up to date, to ensure we provide our services on our most recently updated terms and to understand what clients think about our services so that we can make improvements)
To process and deliver our services including: Managing payment of fees and charges Collecting and recovering money owed to us	Identity Data Contact Data Financial Data Services Data Marketing and Communications Data	Performance of a contract with you   Necessary for our legitimate interests (to recover debts due to us)
To target potential new clients	Identity Data	Necessary for our legitimate interests (to engage with the new clients via email and/or social media (such as LinkedIn))
To provide our website content to you and understand and improve its effectiveness	Identity Data Contact Data Services Data Marketing and Communications Data Data analytics from our website which do not contain identity or contact data	Necessary for our legitimate interests (to promote our services, to understand better how clients use our services and to improve our services, to ensure the content on our website is presented in the most effective manner for you and your computer or mobile device)

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you and/or we may be prevented from complying with our legal obligations which (among other things) means that we will not be able to continue to work with you.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Automated decision-making

We do not engage in automated decision-making.

Marketing

We may use your personal information to contact you to inform you of any development of our services.

You can ask us to stop sending you any marketing messages at any time by emailing us using the contact details below.

We do not share your personal data with any third party for marketing purposes.

Data sharing

We comply with the SRA Code of Conduct for Solicitors, RELs and RFLs and are therefore required to keep the affairs of current and former clients confidential unless disclosure is required or permitted by law or the client consents.

We may share your personal information with trusted third parties both within and outside the European Economic Area (EEA) pursuant to contractual arrangements or regulatory obligations we have with or owe to them, including:

• • the Solicitors Regulation Authority, HM Revenue & Customs, the Information Commissioner’s Office or other regulators and authorities who require reporting or disclosure of processing activities or personal data in certain circumstances;

• • service providers who provide IT, business or system administration services;

• • professional advisers including our lawyers, auditors and insurers (and their lawyers) who provide consultancy, legal, insurance and accounting services to us;

• • assistants so far as is necessary to fulfil their contractual and legal obligations to us.

We may also share data with third parties to whom we may choose to sell, transfer, or merge our business. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy.

The level of information protection in countries outside the EEA may be lower than that offered within the EEA. Where third parties with whom we share your personal information process it outside the EEA, our written agreement with them will include appropriate contractual clauses to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.

We may use social media sites such as LinkedIn and you are directed to such sites’ own privacy policies in relation to how they may process your personal information.

Where we store your information

In the course of our business, including where we share information as set out above and when our personnel are working overseas, we may need to transfer your personal information to locations outside the United Kingdom, including to countries outside the EEA.

Data security

We have put in place appropriate technical and organisational measures to protect the security of your information. In the event of a breach, we will notify you and any applicable regulator where we are legally required to do so.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Accordingly, we retain client matter files for 7 years from the matter conclusion. However, we may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a dispute in respect to our business relationship with you.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use such information without further notice to you.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your business relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

• • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;

• • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

• • request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);

• • object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;

• • request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;

• • request the transfer of your personal information to another party.

If you want to exercise any of these rights, then please contact us at m.radoycheva@mrtadvisory.co.uk. The above rights are not absolute and each is subject to exceptions and qualifications. We will respond to your request within one month of its receipt. In some cases we may not be able to fulfil your request before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request.

If your provision of your personal information to us is a legal or contractual requirement or necessary for us to fulfil a contract with you and you choose not to provide it, we may not be able to provide legal or other services to you.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at m.radoycheva@mrtadvisory.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Cookies

Our website https://mrtadvisory.co.uk/ uses cookies.

A “cookie” is a small file of letters and numbers that is sent to your computer by a website and automatically saved on your computer by your web browser. Each time you request a page from the website, your web browser sends this cookie back to the website server. As a rule, cookies cannot be used to reveal your identity or personally identifying information.

When you visit a website that uses cookies for the first time, a cookie is downloaded onto your computer. The next time you visit that website, your computer checks to see if it has a cookie that is relevant and sends the information contained in that cookie back to the website. The website then notes that you have been there before, and in some cases, tailors what pops up on screen to take account of that fact. They also might record how long you spend on each page on a site, what links you click, even your preferences for page layouts and colour schemes.

Generally, the role of cookies is beneficial, making your interaction with frequently-visited sites smoother with no extra effort on your part.

Most common cookies

• • Session cookies

These cookies expire when you close your web browser.

• • Persistent cookies

These cookies are still stored on your computer after you have closed your web browser which allows your preferences on websites to be remembered. These cookies are used for a variety of purposes, for example, remembering your preferences on a website.

• • First and Third Party cookies

This refers to the website placing the cookie. First party cookies are cookies set by the website you are visiting. Third party cookies are set by another website; the website you are visiting may have advertising on the page and this other website will be able to set a cookie on your computer. Third party cookies on the main web browsers allow third party cookies by default. Changing the settings on your browsers can prevent this.

Some cookies are simply beneficial to your user experience but there are some cases where it is essential for a website to store information on your computer, for example, to provide a service to you that you have requested.

Our website uses cookies to understand how the website is used i.e. to help with website analytics. By using our website without disabling cookies you are consenting to our use of cookies as described in this policy.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Contact and right to complain

If you have any questions about this policy or how we handle your personal information, please contact Milena Radoycheva at m.radoycheva@mrtadvisory.co.uk.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues at  https://ico.org.uk/global/contact-us/  or on telephone 0303 123 1113.

Changes to this policy

We may update this policy at any time without notice; any changes will be notified to you using the email address you have given us and/or by an announcement on this website.  Your continued use of this website, following the posting of changes to these terms, will mean you accept these changes.

Last reviewed and updated: 26 April 2024