Introduction and purpose
Wilson Gunn (‘we’, ‘our’, ‘us’, ‘the Firm’) is committed to protecting the privacy and security of personal information. This policy describes how we collect and use personal information about you.
Wilson Gunn is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information. We are required under data protection laws to notify you of the information contained in this policy.
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, our clients, inventors, designers and subscribers, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
This notice applies to current and former clients, inventors, designers and subscribers, and to those third parties intending to become clients and subscribers.
For the purposes of this policy:
• ‘Clients’ includes natural persons who have engaged us to provide patent, trade mark or other intellectual property advice to them in their personal capacity; and natural persons who have instructed us on behalf of a Firm, partnership, corporate body or any other group or organisation;
• ‘Inventors and Designers’ include natural persons who have engaged us directly or who are or have been employed by one of our clients or who are contracting with or have contracted with one of our clients, and for whom we are required to process personal data in relation to their status as an inventor, designer or other intellectual property rights creator, in particular in processing data on behalf of intellectual property offices in the UK and around the world; and
• ‘Subscribers’ includes natural persons that have signed up to one of our newsletters or bulletins, have attended or registered to attend one of our events or follow us on social media.
This policy does not form part of any contract that you may have with the Firm. It is provided for information purposes only.
Data Protection Contact
We have appointed a Compliance Officer for Data Protection (CODP) to oversee compliance with this policy. If you have any questions about this policy or how we handle personal information, please contact the CODP in writing using the details below.
Email address: email@example.com
5th Floor, Blackfriars House,
Our ICO registration number is: ZA084288
Changes to this policy
We reserve the right to update this policy at any time and we will provide you with a new policy when we make substantial updates.
1. The Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
a) processing is fair, lawful and transparent
b) data is collected for specific, explicit, and legitimate purposes
c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
e) data is not kept for longer than is necessary for its given purpose
f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
g) we comply with the relevant GDPR procedures for international transferring of personal data
2. The type of data that we hold about clients and subscribers
Personal data, means any information about an individual from which that person can be identified.
We collect, store and use some or all of the following categories of personal information about clients and subscribers. Please note that not all of the categories will apply to you.
(1) Client, inventor and designer information: name, title, job title, address, telephone number, email address, credit check, bank account details, employment status
(2) Relationship information: name, title, job title, address, telephone number, email address, client relationship details (length of relationship, Firm contacts engaged with, meetings, calls and other engagement with the Firm).
(3) Marketing information: name, title, job title, address, telephone number, email address, company, event attendance history, payment details and marketing preferences.
(4) Social media information: username, company details and engagement details (likes, retweets, shares, reactions, comments).
(5) Monitoring: CCTV footage, use of our IT and communications systems.
3. How we collect our clients’, inventors’, designers’ and subscribers’ personal data
We collect personal information in categories (1) and (2) directly from clients, inventors and designers as part of our file opening process, in relation to specific matters and through publicly available registers or sources.
We collect personal information in categories (3) directly from clients, inventors, designers and subscribers over the course of our relationship and through publicly available sources.
We collect personal information in category (4) either from clients, inventors, designers and subscribers directly or from social media platforms when clients or subscribers engage with our social media accounts on Twitter and Linkedin.
We collect personal information falling within category (5) when clients visit our premises or use our IT or communications systems.
Personal data is kept in files or within the Firm’s IT systems.
We do not collect, store and use any ‘special categories’ of more sensitive personal information about clients, inventors, designers and subscribers.
4. How we use your personal data
We will only use personal information when the law allows us to. The law says that we must identify a lawful basis for each use of personal data. We rely on a number of lawful bases, including:
1. Where we have obtained freely given, specific, informed and unambiguous consent from you to use your personal information in certain ways, for example in marketing communications or delivery of newsletters, bulletins and law updates.
2. Where we need to perform a contract that we have entered into.
3. Where we need to comply with a legal obligation.
4. Where we need to use personal information to pursue our legitimate interests (or those of a third party) and we believe that using personal information in that way is not overridden by the interests or fundamental rights of the person to whom the information relates.
Below, we have set out why we use your personal data and the lawful bases which are relevant to those purposes.
We use your personal data to:
Activity requiring your data
Conducting compliance checks that we are required to carry out by law, these include conflict of interest.
A legal obligation to conduct these checks.
Communicating with you in the course of our engagement. This includes taking your instructions, providing legal advice and invoicing our fees and disbursements.
To perform our contract for services with you.
Managing our relationship with you.
To pursue our legitimate interests in creating and maintaining relationships with you.
Marketing purposes. This includes contacting you with relevant newsletters, bulletins and other information about our services, and inviting you to events.
Consent and our legitimate interest in ensuring that our clients are informed of important changes to IP law and practice.
We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. You will be given clear instructions on the desired processing activity, informed of the consequences of your consent and of your clear right to withdraw consent at any time.
You have the right to withdraw this consent or amend your marketing preferences at any time by contacting firstname.lastname@example.org.
Operating our social media accounts on Twitter and LinkedIn.
To pursue our legitimate interest in maintaining a social media presence.
IT security and to ensure compliance with our IT and communications policies.
Our legitimate interests in securing our information and systems.
Providing Intellectual Property Offices and firms of patent and trade mark attorneys within and outside the EU with information legally required for processing of patent, trade mark and other IP applications.
It is legally necessary to provide this information to such third parties in the course of applying for intellectual property protection.
5. If you fail to provide personal information
Failure to provide certain personal information when we request it may result in the Firm not being able to perform our contract with you (such as providing you with legal advice) or we may be prevented from achieving our legitimate interests (such as engaging with you on social media).
If you choose not to provide that information, we may not be able to engage you as a client of the Firm.
6. Data sharing
We share your data with third parties, including Intellectual Property Offices and firms of patent and trade mark attorneys or lawyers within and outside the EU.
Where we engage third-party patent and trade mark attorneys or lawyers to process data on our behalf, we will ensure, whenever possible, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Firm’s commitment to protecting data.
All third parties are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third parties to use your personal data for their own purposes and only permit them to access your personal data for specific purposes of intellectual property protection and advice, and always in accordance with our instructions.
We may also need to share your personal information with a regulator to comply with the law.
Some of our third-party service providers are law firms based in the United States of America and also the US Patent and Trade Mark Office. Your data may be transferred to the US as part of an application for an intellectual property right. The European Commission has issued an adequacy decision in relation to transfers to the US made under the EU-US Privacy Shield framework. You can find more information about the Privacy Shield here.
7. Data security
We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those people who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.
8. Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for.
Since your personal data may be held on Intellectual Property Registers for long periods of time (such as: indefinitely for trade marks; 25 years for registered designs; and 20 years for patents) we will retain your data for at least as long as the data is part of a live or in force Intellectual Property right bearing your data and/or for a maximum period of 7 years after our relationship ends.
Where you have chosen to unsubscribe from marketing communications, we will retain your contact details to ensure that you are not sent any further communications. This information will be held indefinitely.
9. Automated decision making
Automated decision-making means making a decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
10. Changes to your data
It is important that the personal information is accurate and up to date. Please keep us informed if your personal information changes during your relationship with us. If your personal information changes, please let us know by emailing email@example.com.
11. Your rights
By law you may have the right to:
a) be informed about the data we hold on you and what we do with it;
b) access to the data we hold on you. You can request access to the data we hold on you at any time, by emailing firstname.lastname@example.org.
c) any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) have data deleted in certain circumstances. This is also known as ‘erasure’;
e) restrict the processing of the data;
f) transfer the data we hold on you to another party. This is also known as ‘portability’;
g) object to the inclusion of any information;
h) regulate any automated decision-making and profiling of personal data.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer a copy of your personal information to another party or request the reconsideration of an automated decision, please contact our CODP by emailing: email@example.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our CODP at firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to.
12. Making a complaint
If you have any concerns over how we use your data, please contact our CODP in the first instance at email@example.com in order to discuss the concern.
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at:
Information Commissioner's Office,
or by telephone on 0303 123 1113 (local rate) or 01625 545 745.