Privacy Policy

Contents

Preface. 1

Who is responsible for the processing of personal data?. 1

What personal data do we collect and how?. 1

Data Types 2

Sensitive Data and Criminal Data. 3

Change of Purpose. 4

Marketing Communications 4

Who do we share personal data with?. 5

International Transfers 5

What security measures do we have in place?. 6

Data Retention. 6

Data Protection Rights. 7

How to exercise your rights 8

Changes to our privacy policy. 8

Preface

N2S cares about your privacy and data protection.

To contact us, please contact our appointed Data Protection Officer at:

Pridatect, S.L., Barcelona, 08003

dataprotection@n2s.co.uk

+44 20 80 59 39 99 (Please quote ‘Data Protection Assistance’ on the line when phoning.)

We are committed to offering the highest standards of products and services. Thus, we value each of our existing or prospective client and aim at maintaining the best protection for your personal data.

The N2S Online Privacy Policy explains how N2S collects, processes, and protects your personal data when you use our website, engage in a contract with us, or when you apply for a job at N2S online as required by the data protection laws in the countries in which we do business and in particular with the EU General Data Protection Regulation (Regulation 2016/679 – “GDPR”). This Policy applies to those websites and apps which provide for a link to it.

We have implemented a robust data protection compliance program, which includes the adoption of the high-standard data protection principles of the GDPR at a global level and includes the:

  1. engagement with data protection advisors and a network of local data protection contacts;
  2. adoption of internal policies and procedures to ensure compliance with applicable data protection laws and regulations;
  3. implementation of appropriate technical and organisational measures to implement the data protection principles.

Who is responsible for the processing of personal data?

The N2S website is operated by N2S Limited in the United Kingdom (“N2S” or “we”). N2S may further share information with its affiliates in accordance with the safeguards foreseen in this policy.

Information on a job applicant is directed to the local Human Resources team in charge of the open position.

If you want to contact N2S or its Data Protection Office, please see under “How to contact N2S for privacy queries” below.

What personal data do we collect and how?

Information provided directly by you.

  • Information collected online on our website or other digital platforms, for example by filling in the “contact” section when you subscribe to the Newsletter proposed by N2S;
  • Data provided by customers as part of the contracted data deletion / erasure service, though note N2s does not actively view this data for any reason outside of the contracted nature of the service;
  • Information collected through online applications.

Important Notice: When submitting any personal data, including multimedia contents (photographs, videos …) please ensure it is accurate and do not transmit any content which is not expressly requested through a questionnaire or any other collection method (such as commercial information, advertising, personal creations, ideas, or concepts).

Information we obtain indirectly about you.

Some additional information is collected indirectly about you while you are browsing the N2S website. This information is technically needed for the proper functioning of the N2S website, to improve your browsing experience or in order for N2S to perform analytics that will enable us to serve you better by personalising our online offering for you.

  • Technical information, such as IP address and cookies, linked to your browsing on our websites, for logging purposes and identification of your country/city via geolocation;
  • Information relative to your online profile and website usage data (e.g. behavioural analysis via cookies and similar technologies, your navigation trail of the website);

Our website does not specifically focus on minors. If we should nevertheless inadvertently collect such information, the minor’s legal representative can exercise the minor’s rights on his/her behalf and on his/her name at any time (see below).

Data Types

Identity Data

Data used to personally identify you such as your full name (including name prefix or title) or similar identifier, date of birth, title and maiden name.

Contact Data

Data required to communicate with you during the course of our relationship with you to include address(es), email address(es), telephone number(s) and mobile phone number(s) – this may include both your business/work and personal contact details.

Professional Data

Data that relates to your position and profession such as job title, professional qualifications and experience, regulatory body, the entity that you work for and details of your professional online presence (such as your LinkedIn profile and business website(s)).

Financial Data

Data necessary for processing payments (such as bank account details and billing address(es)), fraud prevention and other related billing information.

Case Data

Data provided to us by you or on your behalf, which will include details about your contract with us, information relating to the case(s) that we are dealing with including data extracted from devices and/or obtained from IT systems and/or the Cloud (which may include data in the form of text, images, videos, audio recordings.

The data under this category will vary depending on the nature of the services we provide and your specific instructions and requirements.

Sensitive Data

(Also known as “special category data”) may be obtained and/or processed depending on the services that we are providing and/or the relevant circumstances but may include information in relation to:

  1. health and medical records;
  2. genetic data;
  3. biometric data for the purpose of uniquely identifying a natural person;
  4. membership of a professional trade association or union;
  5. racial and/or ethnic origin;
  6. political opinions;
  7. sex life and sexual orientation; and/or
  8. information regarding religious and philosophical beliefs.

Usage Data

Information about how you use our websites and (if you are an existing client) our services, and/or your communication preferences.

Technical Data

Internet protocol (IP) address, your login data (if access is provided to our Cloud platform in relation to our e-discovery services), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.

Criminal Data

Such data may be processed within Case Data depending on the services that we are providing and the relevant client that we are instructed by and may include personal data relating to the alleged commission of offences by a data subject, proceedings for the offence and disposal of such proceedings including sentencing, criminal records and details of convictions, proceedings, allegations, investigations, offences and cautions.

 

Sensitive Data and Criminal Data

We may collect and process Sensitive Data in the following circumstances:

  1. from data provided to us from our client(s);
  2. where it is necessary when carrying out our services to meet our contractual obligations; and
  3. when making arrangements for you to attend a meeting, training session and/or interview and ensuring accessibility and catering for your dietary requirements.
  4. We only collect and process Criminal Data when instructed to lawfully do so on behalf of our duly authorised client(s) and on their specific instructions in accordance with our contract with them and, in doing so, we act as a data processor in relation to such Criminal Data. In such circumstances, our clients determine the purposes and means of processing and generally we are engaged to securely host Criminal Data and provide our clients with a secure platform to access such data. Our processing of Criminal Data is only carried out under the control of an official authority and/or as authorised by law.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. It may not always be apparent at the outset what data we may require, who we may need to obtain it from and/or share it with as this will depend on the nature of the work and how the case progresses.

If you wish to have an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing Communications

As part of the services we provide to our clients, we may use personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you and/or your business.

We have a legitimate interest in processing your personal data and information for our business development. We will only send marketing communications to you if you have requested information from us and you have not opted out of receiving that marketing.

We will only share your personal data with third parties for marketing purposes with your express consent and you can withdraw that consent (if provided) at any time by contacting us.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you and/or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of your use of our services and/or under a contract that you have entered into with us.

Who do we share personal data with?

We may (depending on the nature of the services we are providing, and the work involved) have to share personal data with other third parties and they may also share the personal data they hold about you with us. This may include:

  1. solicitors, accountants, legal counsel, and other professionals when providing our services;
  2. courts, tribunals, arbitrators and/or mediators where we are asked to provide our expert witness and/or e-disclosure services;
  3. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, to protect the rights, property, or safety of, our clients, or others;
  4. our IT and telecommunications system providers acting as data processors as a consequence of them providing support to us;
  5. our software providers to include Relativity;
  6. analytics and search engine providers that assist us in the improvement and optimisation of our website(s);
  7. our third-party service providers to include external consultants, contractors, couriers and suppliers;
  8. if in our reasonable opinion disclosure is required in relation to any criminal investigation or prosecution;
  9. disclosures to law enforcement agencies, tax authorities, the National Crime Agency or other public or government authorities or regulators where in our reasonable opinion the disclosure is required or permitted by law or applicable regulation; and/or
  10. in the event that N2S sells or buys any business or assets, with the prospective seller or buyer of such business or assets. If a change happens to the ownership of our business, then the new owners may use your data in the same way as set out in this Privacy Notice.

We require all third parties with whom your data is shared to respect the security and integrity of your personal data and to treat it in accordance with the law. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We will not share your information with third parties for marketing purposes (unless you expressly consent to this).

International Transfers

We will hold your personal data on secure servers within the European Economic Area (“EEA“). N2s does not routinely transfer personal data outside of the EEA.

Some of the external parties in relation to a case may be based outside the EEA so their processing of personal data may involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we will seek to ensure a similar degree of protection is afforded to it by ensuring that appropriate safeguards are implemented. In some circumstances (particularly where data is to be transferred outside of the EU where data protection laws are not as strict), we may need your express consent to the transfer unless there is an overriding legal requirement to transfer the information.

What security measures do we have in place?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those members of staff and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We will hold your personal data on secure servers with all reasonable technological and operational measures to safeguard unauthorised access to include firewalls, gateways, security configuration and malware protection.

We have gained several accreditations for managing information security effectively (particularly against cyber-attacks), and these reach beyond ISO 27001 and frameworks for best practice in information security management. For further information, don’t hesitate to reach out.

If we provide you with a username and password which enables you to access certain parts of our systems, you are responsible for keeping such log-in details confidential. You must not share such information with anyone.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

How long will we use your personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including:

  1. for the purposes of satisfying any legal, accounting and/or reporting requirements;
  2. to investigate and defend any complaints and/or legal claims alleged and/or made against us (such as professional negligence claims);
  3. to carry out our services under our contract with you; and
  4. to comply with our legal and/or reporting obligations.
  5. In some circumstances you can ask us to delete your data. See your rights below for further information.

If we are hosting and/or holding data on your behalf, we will contact you and obtain your instructions before destroying any such data.

 

Data Protection Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to request:

  1. access to your personal data (commonly known as a “data subject access request”). This enables you to receive details of the personal data we hold about you and to check that we are lawfully processing it;
  2. correction of the personal data that we hold about you. This enables you to have any incomplete, inaccurate or out-of-date data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data that you provide to us;
  3. erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons (as explained above in relation to data retention) which will be notified to you, if applicable, at the time of your request;
  4. object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
  5. restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
  6. if you want us to establish the data’s accuracy;
  7. where our use of the data is unlawful, but you do not want us to erase it;
  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  1. you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it; and
  2. transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a retainer with you.

How to exercise your rights

Please contact our DPO at dataprotection@n2s.co.uk. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the ICO, the UK supervisory authority for data protection issues.  Further details can be found at www.ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to our privacy policy

Any changes we make to our Privacy Notice in the future will be posted on our websites and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Follow us
Email us
Call us
01284 761111