The KorumLegal Group of companies (KorumLegal Group) are committed to protecting and respecting your privacy. This policy provides information as to what personal data we collect about you and how we use it.
These principles apply to personal data we collect from you, or that you provide to us when using our website www.korumlegal.com (site). This policy also applies to personal data we process as a result of operating our business and/or providing our services – this may include processing personal data of potential and existing customers, consultants, suppliers or other people interested in engaging with the KorumLegal Group.
- The KorumLegal Group
The KorumLegal Group is made up of different legal entities, details of which can be found here.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- The personal data we collect, how we collect and why we collect it
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (i.e. anonymous data).
The personal data we collect, how we collect it and the use of such data differs depending upon your interactions and relationship with KorumLegal.
Customers: including where you are inquiring about our business, products and services or you are receiving our products or services.
- Personal data we may collect - name, contact details (including email addresses, job titles), work history, business relationships and networks, data contained in written records of our discussions, comments and information you choose to submit via our site.
- How we collect your personal data – you may provide this to us, via email, post, telephone, in virtual and physical meetings or through our site (via “Contact Us”, Submit a Query” or “Find out More”). We may also collect your personal data through our networks, through contacts of yours, social media searches e.g. LinkedIn, publicly available information, internet searches, market research.
- Purpose for processing – to respond to your enquiry, as part of our engagement processes including undertaking KYC checks, delivering our products and services to you and communicating with you during the course of your relationship with us. We also process personal data for the purposes of business development, marketing and sales activities. This may include inviting you to events, providing content which we think is relevant or interesting to you via our newsletter and blogs. You can unsubscribe from these communications at any time via the “unsubscribe” links in each email.
Consultants: including existing consultants, and those submitting an application to become part of, or enquiring into, the KorumLegal consultant community:
- Personal data we may collect - name, contact details (including residential address), information contained in your CV; business relationships and networks, data contained in written records of our discussions with you, or with others and comments and information you choose to submit via our site.
- How we collect your personal data – you may provide this to us, via email, post telephone, in virtual and physical meetings or through our site (via “Contact Us”). We may also collect your personal data via our networks (including through conversations with our customers), through contacts of yours, social media searches e.g. LinkedIn, publicly available information, internet searches.
- Purpose for processing – to respond to your enquiry, evaluate your suitability for joining the KorumLegal consultant community (including for the purposes of background and reference checks), communicate with you during the course of your relationship with us, including assessing your suitability for and notifying you of assignments, introducing and proposing you to customers, business development opportunities, and providing you with content which we think is relevant or interesting to you via our newsletter and blogs. You can unsubscribe from these communications at any time via the “unsubscribe” links in each email.
We do not collect Special Categories of Personal Data, unless we have obtained prior explicit and written consent; we are required to by law; or as required to carry out criminal or other background checks as part of our engagement processes.
Others: including suppliers, industry or partner contacts
- Personal data we may collect – name and contact details of individuals within your organisation and data contained in written records of our discussions or interactions with you or members of your organisation. If you are a supplier, we may also collect identity and background information.
- How we collect your personal data – you may provide this to us, via email, post telephone, in virtual and physical meetings or through our site (via “Contact Us”). We may also collect your personal data via our networks or contacts of yours, event delegate lists, publicly available information and market research.
- Purpose for processing – to communicate with relevant people in your organisation in connection with our business activities. For the purposes of business development which may include inviting you to events, providing content which we think is relevant or interesting to you via our newsletter and blogs. You can unsubscribe from these communications at any time via the “unsubscribe” links in each email. If you are supplying services to us we need certain information so that we can receive and pay for services. We may also need to undertake KYC checks, and require personal data for our engagement processes.
Where we need to collect personal data by law, or as required to enter into or perform a contract, and you fail to provide that data, we may not be able to perform the contract or continue our relationship with you. This may include considering your request for services, or a request to be part of the KorumLegal community, as a consultant or industry / partner contact.
Website Users: cookies and similar technologies
Legal basis for processing your data
Our use of your personal data will fall within one or more of the following legal basis’ for processing personal data:
where we have obtained your consent;
where we need to perform a contract with you or a relevant party;
where we need to comply with our legal obligations;
where it is necessary for the purposes of our legitimate interests - including responding to requests by you or a third party, providing our services, informing you of our products and services, business development (including development of new offerings, or to improve, enhance and modify our offerings), efficient operation of our internal functions, optimising our customer and consultant experience and maintaining our business relationships, inviting you to events, providing you with content which is relevant and of interest, conducting research and market / industry analysis, recording and monitoring your usage of our site as per our Cookies Notice.
We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need your personal data for another unrelated purpose, we will notify you and explain the legal basis which allows us to do so. We may process your personal data without your knowledge or consent, where this is required or permitted by law.
Disclosure of your personal data
We may share your information with selected third parties including:
Other KorumLegal Group entities; including for the purposes of sales and marketing, IT, HR, finance and providing operational / administrative services.
Customers and consultants for the performance of any contract we enter into with them or you; including for business development and to improve service quality.
IT service providers acting as data processors who provide services or cloud-based software to enable us to operate our business – including – email and online office tools, website data hosting, CRM, accounting and billing providers and document/contract management systems.
Professional advisors such as lawyers, bankers, accountants or auditors in order to provide legal, finance, accounting or auditing services to us.
Regulators or law enforcement authorities.
Third parties who provide services to us in relation to our onboarding and engagement processes, including reference checks and criminal record checking.
Analytics and search engine providers that assist us in the improvement and optimisation of our site.
Third parties to whom we choose to sell, transfer or merge parts of our business or our assets, or where we may seek to acquire or merge with. If this occurs we will require the relevant third parties to provide comparable levels of protection that we provide to you with respect to the information we share.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit then to process your personal data for specified purposes, in accordance with our instructions, our contract with them and the law.
International transfers of Data
Where we transfer your data outside the country of origin, we will take measures to comply with legal requirements under applicable data protection laws and to protect your information. These include –
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires similar protection to personal data shared between Europe and the US.
Specific contractual clauses which give protection to personal data in accordance with the laws in the country in which the data was collected.
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
We only retain personal data for so long as it is necessary to fulfil the purposes we collected it for, including to satisfy any legal, regulatory, tax accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data and the applicable legal, regulatory, tax, accounting or other requirements.
Under applicable privacy laws, you may have the right to:
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important we have up to date and accurate information, please contact us if we need to update any of the personal data we hold about you.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and it impacts on your fundamental rights and freedoms. You may be able to object when we process your personal data for marketing purposes; the easiest way to object is by unsubscribing via the links in these email communications or by contacting us at firstname.lastname@example.org
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
If you want us to establish the data's accuracy.
Where our use of the data is unlawful but you do not want us to erase it.
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in certain circumstances.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
Our site may, from time to time, contain links to and from websites, plug ins and applications of third parties, including our partner networks and affiliates. We do not control these links or connections. Clicking these links or following these connections may involve the sharing, collection and use of your personal data. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You should check the privacy policies of any such third parties.
Access to information
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within a timely manner and in accordance with applicable laws. We will notify you and keep you updated of timing or our response.
If you have any queries or concerns as to how we process your personal data please contact us at firstname.lastname@example.org so we can discuss and deal with your concerns. While we hope we can resolve any concerns you may have, at all times you have the right to report a concern or lodge a complaint with any relevant regulator. In the EU this will be the UK Information Commissioner’s Office.
Updated April 2020
We use the following types of cookies:
Strictly necessary cookies - enable us to operate our site.
Analytical performance cookies - allow us to recognise and count the number of visitors and to see how visitors move around our site when using it.
For more information about the individual cookies we use and the purposes for which we use them see below.
Our site is hosted via HubSpot, our sales and CRM platform. HubSpot sets a number of cookies when a visitor visits our site.
(Expires: 13 months).
The cookie is set by CloudFare (Hubspot’s CDN provider). The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. It is necessary for supporting CloudFare’s security features. Further information can be found about this cookie by going to: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies
(Expires: 4 weeks)
The cookie is set by CloudFare because of their rate limiting policies.
(expires end of session).
Analytical/performance – consent banner cookies
The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
(Expires: 13 months)
This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
(Expires: 13 months)
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
(Expires: 30 min)
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
(Expires: end of session)
Our site also uses Google analytics, a web traffic analysis service provided by Google Inc.
This cookie is used to distinguish users by calculating visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
(Expires: 2 years)
This cookie is used to distinguish users by storing information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
(Expires: 24 hours)
Please refer to www.google.com/policies/privacy/partners to find out more about how data is used via our google analytics when you use our site and how to control the information sent to Google. You can also prevent Google’s collection and processing of data by using the Google Ad Settings page or downloading and installing their browser plug-in.
You can block cookies by activating the relevant settings on your browser that allows you to refuse the setting of all or some cookies. However, please note that this may affect your browsing experience on our site (i.e., some information may not be viewable).