Compliance with GDPR – External Privacy policy
We respect the privacy of every person who visits or registers with https://parminc.com (the “Site”). We also respect the privacy of every person who uses the products and services that we make available from the Site or who engages with us to use the products or services that PARM – ProActive Risk Management provides (be it through the Site or not) (our “Services”) or whose personal information we may process as a result of providing the Services to others, or who applies to work at PARM.
PURPOSE OF THIS POLICY
This privacy policy (“Privacy Policy”) explains our approach to any personal information that we might collect from you or which we have obtained about you from a third party and the purposes for which we process your personal information.
This Privacy Policy will inform you of:
- your rights in respect of our processing of your personal information;
- the nature of the personal information about you that is processed by us; and
- how you can request that we delete, update, transfer and/or provide you with access to it.
This Privacy Policy is intended to assist you in making informed decisions when using the Site and our Services and/or to understand how your personal information may be processed by us as a result of providing the Services to others or when you apply to work at PARM. Please take a moment to read and understand it. Please note that when using the Site it should be read in conjunction with our terms.
Please also note that this Privacy Policy only applies to the use of your Personal Information obtained by us, it does not apply to your Personal Information collected during your communications with third parties.
WHO ARE WE AND WHAT DO WE DO?
The Site is operated by PARM in Canada and USA (the “Canadian and US offices”).
The data controller responsible for your personal information processed in relation to the Services provided from our UK office is MT Services Limited Partnership (“PARM – ProActive Risk Management”, “we”, “us” or “our”). PARM – ProActive Risk Management office in the USA is at 811 West 7th Street. 12th Floor, Los Angeles, CA 90017.
How to contact us
1.1 If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please contact us by sending an email to Benoit Grenier at info@parminc.com
You can also view and amend any preferences from any communications you receive from us.
WHAT PERSONAL INFORMATION DO WE COLLECT AND HOW DO WE USE IT?
Our primary goal in collecting personal information from you may be to (i) verify your identity; (ii) help us deliver our Services; (iii) improve, develop and market new Services; (iv) carry out requests made by you on the Site or in relation to our Services; (v) investigate or settle inquiries or disputes; (vi) comply with any applicable law, court order, other judicial processes, or the requirements of a regulator; (vii) enforce our agreements with you; (viii) protect the rights, property or safety of us or third parties, including our other clients and users of the Site or our Services; (ix) provide support for the provision of our Services; (x) recruitment purposes; and (xi) use as otherwise required or permitted by law.
To undertake these goals we may process the following personal information:
- If you are a visitor to the Site and registering to receive communications from us
- Name and job title.
- Contact information including email address.
- Demographic information such as postal code/zip code, preferences and interests.
- Other information is relevant to the provision of Services.
- If you are an individual client in receipt of our Services or a prospective individual client
- Name and job title.
- Contact information including email address.
- Payment information.
- Other information is relevant to the provision of Services.
- Information that you provide to us as part of our providing the Services to you, which depends on the nature of your instruction (e.g. if it is for a corporate transaction you might provide us with a significant volume of personal information (including personal information about other persons relevant to the matter in question)). Please note this list of potential matters for the instruction of PARM and the resultant processing of personal information is non-exhaustive.
- Relevant information as required by regulatory Know Your Client and or Anti Money Laundering regulations. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third-party sources. The sources for such verification may comprise documentation that we request from the prospective client or through the use of online sources or both.
Primarily PARM is engaged by corporate instructors (i.e. other corporate entities) and as such those instructors are not data subjects. However as part of such instructions, personal information about other persons may be provided to us (e.g. personal information relating to, without limitation, any of our corporate clients or prospective clients’ workers, any opponents or vendors or purchasers’ personal information including personal information relating to their legal advisors or workers as relevant or similar).
If you are an individual whose personal information may be processed by us as a result of providing the Services to others (including individual clients and corporate clients) we will process a variety of different personal information depending on the Services provided in question.
This may include personal information relating, without limitation, to any of our corporate clients’ or prospective clients’ workers, any opponent or vendor or purchaser personal information including personal information relating to their legal advisors or workers as relevant or similar.
This is a non-exhaustive list which is reflective of the varied nature of the personal information processed as part of a law firm providing legal services:
- For instance, if we are providing corporate advice to a corporate client who is targeting the purchase of another company, we may be provided with, and then process, personal information about the purchaser’s employees/workers as well as that of the target.
- We might also need to process personal information in relation to other third parties instructed either by our own clients or other persons or companies involved with us providing the Services to our client (for instance law firms, experts etc.).
Please also note that we do not have to provide information to you about how we process your personal information when we do so as a result of providing the Services to others. We do so, however, because PARM believes in being as transparent as possible about its data privacy practices and wants you to be able to understand how we may process your data (and about how you can exercise your resultant rights).
- If you are a potential recruit to a PARM office
- Name and job title.
- Contact information including email address.
- Curriculum vitae, your education, employment history and similar matters and similar information that you may provide to us.
- Other information is relevant to potential recruitment to PARM.
- If you are a visitor to a PARM office, whether as an employee, worker, contractor, potential recruit, client, or another service provider:
- Name and job title.
- Contact information.
- Certain health data including the status of your vaccination against Covid-19.
In particular, we may use your personal information for the following purposes:
- Fulfillment of Services
We collect and maintain personal information that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services.
What is our legal basis?
It is necessary for us to use your personal information to perform our obligations in accordance with any contract that we may have with you or where it is in our legitimate interests or a third party’s legitimate interests to use the personal information to ensure we provide the Services in the best way that we can.
- Client services
The Site uses various user interfaces to allow you to request information about our Services. Contact information may be requested in each case, together with details of other personal information that is relevant to your enquiry. This information is used in order to enable us to respond to your requests.
Who do we share your personal information with for this purpose?
We do not share your personal information for this purpose.
What is our legal basis?
It is in our legitimate interests or a third party’s legitimate interests to use your personal information in such a way to ensure that we provide the very best client service we can to you or others.
- Your feedback about our Services
From time to time we will contact you to invite you to provide feedback about our Services in the form of online or postal. We use this information to help us improve the quality of service provided by our staff. We also use your feedback to monitor the quality of our Services.
Who do we share your personal information with for these purposes?
We use a third-party service provider to assist us with client surveys and feedback requests.
What is our legal basis?
It is in our legitimate interests to use the information you provide to us in your feedback for the purposes described above.
Business administration and legal compliance
We may use your personal information for the following business administration and legal compliance purposes:
- to comply with our legal obligations (including any Solicitor’s Regulatory Authority or relevant legal services regulator, Know Your Client, Anti-Money Laundering, Anti-Bribery or similar obligations including but without limitation maintaining regulatory insurance);
- for internal training and administration purposes;
- to enforce our legal rights;
- protect rights of third parties; and
- in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.
Who do we share your personal information with for these purposes?
We will share your personal information with professional advisers such as lawyers and accountants and/or governmental or regulatory authorities.
What is our legal basis?
Where we use your personal information in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interests to do so. For all other purposes described in this section, it is our legal obligation to use your personal information to comply with any legal obligations imposed on us.
- Recruitment
We use your personal information for the following recruitment purposes:
- To assess your suitability for any position for which you may apply at PARM including partner, training contract or summer placements and also any business support or services role whether such application has been received by us online, via email or by hard copy or in person.
- To review PARM’s equal opportunities profile in accordance with applicable legislation, and PARM does not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.
Who do we share your personal information with for these purposes?
We will share your personal information with third parties who assist us in carrying out our recruitment activity.
What is our legal basis?
Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interests to use personal information in such a way to ensure that we can make the best recruitment decisions for PARM. We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent.
- Security of our premises We may use your personal information to ensure we are meeting our duty of care and health and safety responsibilities in relation to Covid-19. Where reasonable and necessary, we may do the following in relation to Covid-19:
- request information about whether you have had symptoms of the virus, close contact with confirmed cases or travelled to high-risk areas, whether you would be considered clinically vulnerable or clinically extremely vulnerable and whether you have been vaccinated;
- conduct temperature checks before allowing entrance to our premises;
- ask you to be PCR or Antibody tested before allowing entrance to our premises; and/or
- ask you to provide us with your proof of vaccination against Covid-19 (or ask for other similar information related to the NHS Covid Pass) before allowing entrance to our premises.
- This applies to anyone working at a PARM office, including employees, workers and contractors, as well as any visitors to an office.
Who do we share your personal data with for these purposes?
We will only share your personal data with those within PARM. We may have to share your data with third parties (including third-party service providers) or local health authorities (and similar) where required to do so by law and for legitimate interest reasons. Other than as set out here, your results will not be shared with any other third party.
What is our legal basis?
Where we use your personal information in connection with maintaining the health and safety of everyone on-site at a PARM office, it is in our (or a third party’s) legitimate interests to do so, and it is our legal obligation to use your personal information to comply with any legal obligations imposed on us under employment law or where it is in the public interest to do so. - Client insight and analysis
We analyze your contact details with other personal information that we observe about you from your interactions with the Site, our email communications to you and/or with our Services.
Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal information from the computer hardware and software you use to access the Site, or from your mobile device. This includes the following:
- an IP address to monitor Site traffic and volume;
- a session ID to track usage statistics on the Site;
- information regarding your professional interests, experiences with our Services and contact preferences.
Our web pages and emails contain “cookies” “web beacons” or “pixel tags”. (“Tags”). Tags allow us to track receipt of an email to you, to count users that have visited a web page or opened an email and collect other types of aggregate information. Once you click on an email that contains a Tag, your contact information may subsequently be cross-referenced to the source email and the relevant Tag. In some of our email messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf.
Please see our Cookie Policy for further information.
By using this information, we are able to measure the effectiveness of our content and how visitors use the Site and our Services. This allows us to learn what pages of the Site are most attractive to our visitors and which parts of the Site are the most interesting.
Who do we share your personal information with for these purposes?
We share your personal information with a variety of third-party service providers to assist us with client insight analytics.
What is our legal basis?
Where your personal information is completely anonymized, we do not require a legal basis to use it as the information will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymized personal information may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.
Where your personal information is not in an anonymous form, it is in our legitimate interests to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients.
- Marketing communications
Your contact details may be sent to our offices to be used by the marketing team there.
The marketing team at our offices carry out the following marketing activities using your personal information:
Postal marketing
They may use your name and address to send you marketing communications by post.
Such postal marketing will include personalized and non-personalized postal marketing. Personalized marketing is marketing that has been specifically tailored to you. For example, personalized postal marketing will feature those of our Services that we think are most likely to appeal to you. Non-personalized marketing is marketing about our Services generally and is not tailored to any particular individual.
Where our offices send you personalized postal marketing, it also uses information that it observes about you from your interactions with the Site, with our email communications to you and/or with our Services in order to decide what sort of personalized marketing communications to send you. Please see the “Client Insight and Analysis” section above for more details about the personal information collected and how it is collected.
Who do our offices share your personal information with for these purposes?
Our offices share your personal information with a variety of third party postal providers who assist them in delivering our postal marketing campaigns to you.
What is our offices’ legal basis?
Where your personal information is not in an anonymous form, such as your postal address, it is in our offices’ legitimate interest to use your personal information for postal marketing.
Email marketing
Our offices use your name and email address to send you marketing communications by email, where you have consented to receive such marketing communications or where they have another lawful basis to do so.
Such email marketing will include personalized and non-personalized email marketing. Personalized marketing is marketing that has been specifically tailored to you. For example, personalized email marketing will feature those of our Services that we think are most likely to appeal to you. Non-personalized marketing is marketing about our Services generally and is not tailored to any particular individual.
Where our offices send you personalized email marketing, they will also use information that we observe about you from your interactions with the Site, with email communications to you and/or with our Services in order to decide what sort of personalized marketing communications to send you. Please see the “Client Insight and Analysis” section above for more details about the personal information collected and how it is collected.
Who do our offices share your personal information with for these purposes?
Our offices share your personal information with our third-party email marketing providers who assist us in delivering our email marketing campaigns to you.
What is our offices’ legal basis?
Where your personal information is completely anonymized, we do not require a legal basis to use it as the personal information will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymized personal information may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.
Where your personal information is not in an anonymous form, it is in our offices’ legitimate interests to use your personal information for marketing purposes.
Our offices will only send you marketing communications via email where you have consented to receive such marketing communications, or where they have a lawful right to do so.
Any other purposes for which we wish to use your personal information that is not listed above or any other changes we propose to make to the existing purposes will be notified to you using your contact details.
How do we obtain your consent?
Where our use of your personal information requires your consent, you can provide such consent:
- at the time we collect your personal information following the instructions provided; or
- by informing us by email, post or phone using the contact details set out in this Privacy Policy; or
- by registration through our Website
Our use of cookies and similar technologies
The Site uses certain cookies, pixels, beacons, log files and other technologies of which you should be aware. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies.
Third-Party contractors and other controllers
As mentioned above, we may appoint sub-contractor data processors as required to help us to deliver the Services, such as but not limited to, a legal translation service. When we do so, they will process personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place necessary contractual documentation in relation to any subcontractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers in common with us where necessary to deliver the Services, such as but not limited to, barristers. When we do so, we will comply with our legal and regulatory obligations in relation to the personal information including but without limitation (where necessary) putting appropriate safeguards in place to ensure any personal information is processed according to our legal and regulatory obligations.
Extra-EEA (European Economic Area) Transfers
If you are based within the EEA, please note that where necessary to deliver the Services we will transfer personal information to countries outside the EEA (for instance, PARM’s IT systems are based in the Canadian offices). Not all countries provide the same level of protection in relation to personal information as within the EEA. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to personal information. This will include having a lawful basis for transferring personal information and putting appropriate safeguards in place to ensure an adequate level of protection for personal information.
How long do we keep your personal information for?
Regarding visitors to the Site, we will retain relevant personal information for at least 12 months from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world), or for longer where we are required to do so according to our regulatory obligations or professional indemnity obligations.
Regarding personal information we have processed as part of providing the Services to any client, we will retain relevant personal information for at least six years from the date of our last interaction with that client and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world) or for longer where we are required to do so according to our regulatory obligations or professional indemnity obligations.
If personal information is only useful for a short period e.g. for specific marketing campaigns being run by the Canadian offices, we may delete it.
Confidentiality and security of your personal information
We are committed to keeping the personal information provided to us secure and we will take reasonable precautions to protect personal information from loss, misuse or alteration.
We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from
- unauthorized access;
- improper use or disclosure;
- unauthorized modification; and
- unlawful destruction or accidental loss.
All of our members, employees, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with, the processing of personal information, are obliged to respect the confidentiality of the personal information of all visitors to the Site and all users of our Services.
How to access your information and your other rights?
You have the following rights in relation to the personal information we hold about you. Please note that these rights are subject to certain exemptions which may be applicable to any request you make.
Your right of access
If you ask us, we’ll confirm whether we’re processing your personal information and, subject to any applicable exemptions, provide you with a copy of that personal information (along with certain other details) within the timescales or extended timescales provided for by the GDPR for complex requests, or where applicable, provide you with an explanation as to why we will not be complying with your request. If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification
If the personal information we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If you are entitled to rectification and if we’ve shared your personal information with others, we’ll let them know about the rectification where possible and where this would not involve a disproportionate effort. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Your right to erasure
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable because that was the legal basis on which we were processing your personal information). If you are entitled to erasure and if we’ve shared your personal information with others, we’ll take reasonable steps to inform those others where possible and where this would not involve a disproportionate effort. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Your right to restrict processing
You can ask us to “block” or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Your right to data portability
With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object
You can ask us to stop processing your personal information, and we will do so, if we are:
- relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
- processing your personal information for direct marketing.
Your rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of PARM’s privacy practices, including the way we’ve handled your personal information, you can report it info@parminc.com. If you want to exercise any of these rights you can do so by contacting us.
Collection of information by third-party sites and sponsors
The Site contains links to other sites whose information practices may be different from ours. Visitors should consult the other sites’ privacy notices as PARM has no control over information that is submitted to, or collected by, these third parties.
Changes to this Privacy Policy
We may make changes to this Privacy Policy from time to time.
To ensure that you are always aware of how we use your personal information we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.