Wilson Gunn (‘we’, ‘our’, ‘us’, ‘the Firm’) is committed to protecting the privacy and security of personal information. This policy describes how we collect and use personal information about you.
Wilson Gunn is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information. We are required under data protection laws to notify you of the information contained in this policy.
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, our clients, inventors, designers and subscribers, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
This notice applies to current and former clients, inventors, designers and subscribers, and to those third parties intending to become clients and subscribers.
For the purposes of this policy:
This policy does not form part of any contract that you may have with the Firm. It is provided for information purposes only.
We have appointed a Compliance Officer for Data Protection (CODP) to oversee compliance with this policy. If you have any questions about this policy or how we handle personal information, please contact the CODP in writing using the details below.
Email address: firstname.lastname@example.org
5th Floor, Blackfriars House
Our ICO registration number is: ZA084288
We reserve the right to update this policy at any time and we will provide you with a new policy when we make substantial updates.
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
Personal data, means any information about an individual from which that person can be identified.
We collect, store and use some or all of the following categories of personal information about clients and subscribers. Please note that not all of the categories will apply to you.
We collect personal information in categories (1) and (2) directly from clients, inventors and designers as part of our file opening process, in relation to specific matters and through publicly available registers or sources.
We collect personal information in categories (3) directly from clients, inventors, designers and subscribers over the course of our relationship and through publicly available sources.
We collect personal information in category (4) either from clients, inventors, designers and subscribers directly or from social media platforms when clients or subscribers engage with our social media accounts on Twitter and Linkedin.
We collect personal information falling within category (5) when clients visit our premises or use our IT or communications systems.
Personal data is kept in files or within the Firm’s IT systems.
We do not collect, store and use any ‘special categories’ of more sensitive personal information about clients, inventors, designers and subscribers.
We will only use personal information when the law allows us to. The law says that we must identify a lawful basis for each use of personal data. We rely on a number of lawful bases, including:
Below, we have set out why we use your personal data and the lawful bases which are relevant to those purposes.
We use your personal data to:
|Activity requiring your data||Lawful basis|
|Conducting compliance checks that we are required to carry out by law, these include conflict of interest.||A legal obligation to conduct these checks.|
|Communicating with you in the course of our engagement. This includes taking your instructions, providing legal advice and invoicing our fees and disbursements.||To perform our contract for services with you.|
|Managing our relationship with you.||To pursue our legitimate interests in creating and maintaining relationships with you.|
|Marketing purposes. This includes contacting you with relevant newsletters, bulletins and other information about our services, and inviting you to events.||Consent and our legitimate interest in ensuring that our clients are informed of important changes to IP law and practice.
We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. You will be given clear instructions on the desired processing activity, informed of the consequences of your consent and of your clear right to withdraw consent at any time.
You have the right to withdraw this consent or amend your marketing preferences at any time by contacting email@example.com.
|Operating our social media accounts on Twitter and LinkedIn.||To pursue our legitimate interest in maintaining a social media presence.|
|IT security and to ensure compliance with our IT and communications policies.||Our legitimate interests in securing our information and systems.|
|Providing Intellectual Property Offices and firms of patent and trade mark attorneys within and outside the EU with information legally required for processing of patent, trade mark and other IP applications.||It is legally necessary to provide this information to such third parties in the course of applying for intellectual property protection.|
Failure to provide certain personal information when we request it may result in the Firm not being able to perform our contract with you (such as providing you with legal advice) or we may be prevented from achieving our legitimate interests (such as engaging with you on social media).
If you choose not to provide that information, we may not be able to engage you as a client of the Firm.
We share your data with third parties, including Intellectual Property Offices and firms of patent and trade mark attorneys or lawyers within and outside the EU.
Where we engage third-party patent and trade mark attorneys or lawyers to process data on our behalf, we will ensure, whenever possible, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Firm’s commitment to protecting data.
All third parties are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third parties to use your personal data for their own purposes and only permit them to access your personal data for specific purposes of intellectual property protection and advice, and always in accordance with our instructions.
We may also need to share your personal information with a regulator to comply with the law.
Some of our third-party service providers are law firms based in the United States of America and also the US Patent and Trade Mark Office. Your data may be transferred to the US as part of an application for an intellectual property right. The European Commission has issued an adequacy decision in relation to transfers to the US made under the EU-US Privacy Shield framework. You can find more information about the Privacy Shield here.
We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those people who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for.
Since your personal data may be held on Intellectual Property Registers for long periods of time (such as: indefinitely for trade marks; 25 years for registered designs; and 20 years for patents) we will retain your data for at least as long as the data is part of a live or in force Intellectual Property right bearing your data and/or for a maximum period of 7 years after our relationship ends.
Where you have chosen to unsubscribe from marketing communications, we will retain your contact details to ensure that you are not sent any further communications. This information will be held indefinitely.
Automated decision-making means making a decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
It is important that the personal information is accurate and up to date. Please keep us informed if your personal information changes during your relationship with us. If your personal information changes, please let us know by emailing firstname.lastname@example.org.
By law you may have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer a copy of your personal information to another party or request the reconsideration of an automated decision, please contact our CODP by emailing: email@example.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our CODP at firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to.
If you have any concerns over how we use your data, please contact our CODP in the first instance at email@example.com in order to discuss the concern.
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at:
Information Commissioner’s Office
or by telephone on 0303 123 1113 (local rate) or 01625 545 745.