Privacy Policy

1. THE PURPOSE OF THIS POLICY

This Privacy Policy (“Privacy Policy”) explains how we collect and process personal data.

We may collect and process personal data in various circumstances. This includes (but is not limited to) when you (i) visit our site, www.genrlaw.com or associated sites or pages (our “website“), (ii) engage, or seek to engage, with us, to use the products or services that Gen-R Law provides (our “Services“), (iii) apply to work at Gen-R Law, or (iv) for other legitimate purposes connected with our business.

This Privacy Policy explains the nature of the personal information that we process and our approach to processing and managing that personal information. It also sets out your rights in respect of any personal information that we might hold about you, including how you can request that we delete, update, transfer and/or provide you with access to it. Please take a moment to read and understand it.

2. WHO ARE WE AND WHAT DO WE DO

Gen-R Law is a law firm which provides legal and other client services in accordance with the laws of
England & Wales.

Gen-R Law UK LLP is a data controller for the purposes of the UK GDPR.

3. WHAT PERSONAL INFORMATION DO WE COLLECT

We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage, or seek to engage us to provide Services, or as a result of your relationship with one or more of our staff or clients.

This may involve collecting and processing the following, non-exhaustive list, of personal information:

• name and job title;
• contact information including the company you work for, email address and social media account where appropriate;
• demographic information such as your address and professional interests;
• payment or other financial and transactional information;
• information that you provide to us as part of us providing the Services to you;
• relevant information required by Know Your Client and/or Anti-Money Laundering regulations, other relevant laws or regulations, or otherwise as part of our client intake procedures;
• information you provide to us for the purposes of attending meetings and events, including dietary requirements which may reveal information about your health or religious beliefs;
• and other information relevant to provision of Services.

Please note that our website use certain Tags, log files and other technologies to collect personal data. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies.

4. HOW DO WE USE YOUR PERSONAL INFORMATION

We may use and analyse your information for a range of purposes.

This can include:

• to provide the Services to our clients;
• to provide information about the Services to prospective clients, and for marketing purposes more generally;
• to comply with our legal and regulatory obligations;
• to comply with our insurance and audit obligations;
• to enforce our legal rights or protect the rights of third parties;
• and for recruitment purposes.

5. WHAT IS OUR LEGAL BASIS TO USE OR PROCESS YOUR PERSONAL INFORMATION

We will only use your personal information where it is lawful for us to do so. Most commonly, where we are processing personal data, it will be on the basis of one, or more, of the following permitted
categories.

• Where you have given us consent, for example where you have signed up to receive marketing communications.
• To perform our obligations in accordance with any contract that we may have with you, including provision of the Services.
• As part of pre-contractual measures, including when we are considering prospective clients or as part of recruitment processes.
• Where it is necessary to comply with our legal or regulatory obligations.
• Where it is in our legitimate interest or a third party’s legitimate interest (such as one of our clients), except where these interests are overridden by the interests or fundamental rights and freedoms of the person whose data we intend to process, in which case we will refrain from doing so.

6. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH

We may share personal information with the following non-exhaustive categories of third parties, as
necessary.

• Our professional advisers such as lawyers and accountants.
• Government or regulatory authorities.
• Professional indemnity or other relevant insurers. Regulators/tax authorities/corporate registries.
• Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers and document and information storage providers.
• Third parties engaged in the course of providing the Services to our clients.
• Third party service providers to assist us with client insight analytics, such as Google Analytics.

7. THIRD PARTY CONTRACTORS AND OTHER CONTROLLERS

We may appoint sub-contractor data processors as required to deliver the Services, who will process
personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.

Further, we may appoint external data controllers where necessary to deliver the Services (for example, but without limitation, accountants, barristers or other third party experts). When doing so we will comply with our legal and regulatory obligations in relation to personal information, including but without limitation, putting appropriate safeguards in place.

Where we do this, it will be in accordance with one or more of the proper legal bases, noted in section 5 above.

8. WHERE DO WE TRANSFER YOUR DATA TO

In order to provide the Services, we may need to transfer your personal information to locations outside the jurisdiction in which you provide it.

If you are based within the European Economic Area (EEA), please note that, where necessary to deliver the Services, we may transfer personal information to countries outside the EEA. We take appropriate steps to ensure that this is done in accordance with relevant legal requirements, where it is necessary.

9. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR

We will keep personal information in accordance with our data retention practices, which apply
appropriate retention periods for each category of personal information. In setting retention periods, we take account of the purposes for which the personal information was collected, legal and regulatory
obligations on us to retain information, limitation periods for legal action and our business purposes.

10. CONFIDENTIALITY AND THE SECURITY OF YOUR PERSONAL INFORMATION

We are committed to keeping the personal information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.

11. HOW TO ACCESS YOUR INFORMATION AND YOUR OTHER RIGHTS

You have the following rights in relation to the personal information we hold about you:
Access If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.

Rectification
If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we’ve shared your personal information with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

Erasure
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we’ve shared your personal information with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

Restrict processing
You can ask us to ‘block’ or suppress the processing of your personal information in certain
circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

Data portability
You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Object
You can ask us to stop processing your personal information. We will do so if we are:

• relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing;
• or processing your personal information for direct marketing purposes.

Withdraw consent
If we rely on your consent as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. Lodge a complaint with the supervisory authority
Individuals have a right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.co.uk). We would, however, appreciate the chance to deal with any concerns before the ICO is approached so
please do contact us, using the contact details below, in the first instance.

12. COLLECTION OF INFORMATION BY THIRD-PARTY SITES AND SPONSORS

The website contains links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy notices as Gen-R Law has no control over information that is submitted to, or collected by, these third parties.

13. HOW TO CONTACT US

If you have any questions about this Privacy Policy, are concerned about how we might be using your
personal data, or want to exercise your rights set out in this Privacy Policy, please contact us by:

• sending an email to: fortomorrow@genrlaw.com;
• or calling us on: +44 (0)20 3608 9908.

Changes to this Privacy Policy
We keep this Privacy Policy under regular review. It was last updated in December 2023.