Privacy
Policy
Springbird is the name for the intellectual property practice carried on by Springbird IP Limited.
We’re a limited company registered in England and Wales under company number 13347797 and are registered as a ‘controller’ with the Information Commissioner’s Office under number ZB471748 in relation to the personal data we hold as a business.
As a company located in the UK, we’re required to handle personal data in accordance with UK data protection laws. We must ensure that the personal data we hold is:
· used lawfully, fairly and in a transparent way
· collected only for valid purposes that we’ve clearly told you about and not used for any purposes that aren’t compatible with those purposes
· relevant and limited to what’s necessary for the purposes we’ve told you about
· accurate and kept up to date
· kept only for as long as necessary for the purposes we’ve told you about
· kept confidential and secure
The core systems we use to provide our services are hosted on servers in the United Kingdom and the European Economic Area. In relation to client matters, we won’t transfer any personal data outside the UnitedKingdom or European Economic Area unless:
- you’re based outside the EEA
- you use an email provider or other communications service which is hosted (or co-located) on servers outside the EEA
- we need to communicate with someone outside the EEA
- the transfer is necessary to form or perform a contract with you or someone else where the contract is in your interest
- the transfer is necessary to establish, exercise or defend legal claims against us
- the transfer is occasional and necessary for the purposes of our compelling legitimate interests
- you give your consent to the transfer
In relation to marketing, we use Hubspot which is hosted on servers in the USA. Our agreements with them include a set of clauses approved by the European Commission and UK Secretary of State to ensure an adequate level of protection for personal data. We have also conducted a risk assessment as part of our due diligence process.
We take information security very seriously and have implemented several technical and organisational measures to protect the information and personal data we hold. These include:
- Dedicated intellectual property case management system: we use Equinox IPMS to securely manage our workload. Equinox IPMS encrypts all data in transit and at rest using 256 bit SSL encryption, and our agreement with them includes robust confidentiality and data protection obligations.
- Computers and other devices: All computers use BitLocker full-disk encryption and all mobile devices are owned and managed by us. We use Webroot Business Endpoint Protection to protect against malware and viruses.
- Email: We can enable email encryption on request, however by default, all emails are sent using ‘opportunistic TLS’ which encrypts the connection to your email provider, but not the message itself. We use software to protect against malware and phishing attacks (and you should too!)
- Cloud services: All cloud services that we use, including Microsoft Office 365, our document management system and data room tools, are hosted on secure infrastructure which uses encryption in transit and, in most cases, encryption at rest
- Communications tools: We tend to use whatever communications tools are preferred by our clients. Our preferred tool is Microsoft Teams which encrypts data at rest and in transit (but not end-to-end, which few commercial video conferencing tools do).Where we record any calls or videos using Microsoft Teams, recordings will been crypted at rest. Phone calls made to or from our mobiles are not encrypted(and if you dial into any conference call which uses encryption, your connection won’t be encrypted)
- Training: All our staff are trained on data protection and good information security practices
We don’t routinely record telephone or video calls.However sometimes it may be useful for us to do so, for example, to ensure that we’ve got a detailed record of your instructions or to help us make a detailed note of a discussion we’ve had with a barrister or expert witness. If you’re present on such calls, we’ll notify you in advance and give you an opportunity to object to a recording being made.
There may be circumstances where inboxes are shared between members of our team (for example, if someone is on holiday or long-term sick leave). We may also monitor inboxes for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies on electronic communications.
You may subscribe to receive our newsletter or, if you’re using an email address provided by your employer and you’re a ‘corporate subscriber’, we may add your details to our mailing list. You can unsubscribe from our newsletter at any time by clicking the ‘Unsubscribe’ link at the bottom of each email or by emailing hello@springbirdip.com.
We use HubSpot to manage our email marketingcampaigns. HubSpot uses tiny invisible images called ‘pixels’ that arecontained within emails to enable us to see:
- whether you opened an email
- where in the world the device used to open the email was located (based on your device’s IP address)
- whether you shared the email on any social media platforms
- whether you marked the email as spam
- your overall level of engagement with our email marketing campaigns
We don’t use this information any purposes except if it appears that you’re not opening our emails, we’ll automatically unsubscribe you from our mailing list.
Our website uses small text files, called cookies, which are stored on your device when you access certain features of our website. You can find out more about the cookies used on our website and how you can control them below.
You’ve got several important rights in relation to the personal data we hold about you. The most relevant are
- Access: You’ve the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that we’re holding it lawfully and processing it fairly
- Correction: You’ve the right to ask us to correct any inaccurate or incomplete personal data held about you
- Deletion: You’ve the right to ask us to delete or remove any personal data held about you where there’s no good reason for us to continue holding it or where you’ve exercised your right to object
- Restriction: You’ve the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it
- Objection: You’ve the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your circumstances. You also have the right to object to our holding your personal data for direct marketing purposes.
Some of the above rights only apply in certain circumstances and may be subject to certain exemptions. For example:
- If we obtain your personal data from someone else in the course of seeking legal advice from us, this will be subject to legal professional privilege and, as we have a professional obligation to maintain the confidentiality of such personal data, you’re not entitled to be informed about our processing of your personal data or request a copy of it
- You don’t have any of the above rights where the disclosure of your personal data is required by law or an order of a court of tribunal
- You don’t have any of the above rights where disclosure of your personal data is necessary for the purpose of, or relates to, any current or prospective legal proceedings, is necessary for someone to obtain legal advice from us or is necessary for the purposes of establishing, exercising or defending our legal rights or those of our clients
You’ll not have to pay any fee to exercise any of the above rights, though we may charge a reasonable fee or refuse to comply with your request where permitted to do so by law. Where this is the case, we’ll let you know. To protect the confidentiality of your personal data we may ask you to verify your identity before fulfilling any request in relation to your personal data.
If you’ve got any questions, or want toexercise any of your rights, please email hello@springbirdip.com or call us on 0203747 7702.
- Biographical details (name, job title and other information about you or your role)
- Contact details (both private and work, where appropriate)
- Identity documents and supporting records (such as driving licence, passport, and proof of address)
- Business information (which may or may not include your personal data)
- Financial details (such as personal bank account details and records of transactions with us including invoices and credit notes)
- Records of communications with us (including emails, call history and audio/video recordings, where agreed with you in advance)
- Feedback and survey results
- If you’re our client, we’ll usually get your personal data directly from you
- If you work for our client, we may get your personal data from your colleagues, other professional advisers or other parties involved in a matter
- Onboarding you, or the organisation you work for, as a client, including verifying your identity where required
- Performing our obligations and exercising our rights in line with our instructions and our terms of business
- Complying with our legal and professional obligations
- Telling you more about the services we provide by email
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll use your contact details and identity documents to verify your identity in accordance with our legal obligation to do so under the Money Laundering, Terrorist Financing andTransfer of Funds (Information on the Payer) Regulations 2017 (however, where you agree to us verifying your identity for our third party provider, we will do this based on your consent)
- If you’re our client, we’ll use your personal data to provide our services in line with your instructions and to manage the relationship between us, including invoicing and payment, under our contract with you (which includes our engagement letters, instruction forms and terms of business)
- If you work for our client, we’ll use your personal data to provide our services to the person or company that has employed or engaged you in line with our legitimate interests in providing our services
- In any case, we’ll use your personal data for our legitimate interests in complying with our legal and professional obligations, reviewing and improving the quality of the services we provide and how we provide them, sharing know-how internally and training our team and ensuring the security and stability of our systems
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Computer Geeks who provides our IT infrastructure and support services to allow us to conduct our business
- IP databases and bodies such as WIPO and the UK IPO so we can fulfil our services to you
- Our third-party identity verification provider (where you’ve agreed that we may check your identity with them)
- Overseas attorneys who, on your instruction, we engage to work on your behalf
- Other parties and professional advisers involved in a matter, as necessary
- Government agencies such as HMRC, courts, tribunals, and law enforcement agencies, as appropriate
- Our regulator, the Intellectual Property Regulation Board
- Our outsourced regulatory compliance consultant
- Debt collection agencies, where necessary
- Legal directories such as Chambers or Legal 500, where you’ve agreed to be a referee
We retain invoices, credit notes and supporting records for 7 years from the relevant invoice or credit note date.
We retain client files for 7 years from the date we close them (or 7 years from the date of initial contact if a matter is aborted). We may retain files for longer periods if requested by you or where we’ve a good reason to retain them for longer.
We retain identity documents for 7 years from the date on which our relationship ends or5-10 years from the date that any related transaction completed, unless we’ve a good reason to retain them for longer.
- Biographical details (name, job title and other information about you or your role, professional and personal interests)
- Contact details (both private and work, where appropriate)
- Business information (which may or may not include your personal data)
- Records of communications with us (including emails, call history and audio/video recordings, where agreed with you in advance)
- Other personal data which is provided to or inferred by us, for example, from access or dietary requirements
- ·We’ll usually get your personal data directly from you, although we may also be provided with it from your colleagues, other professional advisers or referrers
- Communicating with you about our services in relation to your needs or those of someone else
- Inviting you to events we think may be of interest to you
- Telling you more about the services we provide by email
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll communicate with you about our services in response to a request directly from you or made on your behalf by another person on the basis of our legitimate interests in responding to enquiries and developing our business
- If we obtained your email address in the course of discussions about providing our services to you and you are a business, we will email you based on our legitimate interests in marketing and promoting our services and events (see the Marketing section of our main Privacy Policy)
- In any case, we’ll use your personal data for our legitimate interests in complying with our legal and professional obligations, reviewing and improving the quality of the services we provide and how we provide them, sharing know-how internally and training our team and ensuring the security and stability of our systems
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Computer Geeks who provides our IT infrastructure and support services to allow us to conduct our business
- External marketing agencies engaged by us, where necessary
- Legal directories such as Chambers or Legal 500, where you’ve agreed to be a referee
Where we have recorded any information about you or your enquiry in our CRM system, we will retain this information for 2 years from the date it was entered (although if you subsequently become a client, this information may be added to your client file and retained for a further 7 years from the date such file is closed).
We retain marketing contact details until you unsubscribe or object to receiving direct marketing from us, or we believe you’re no longer interested in receiving any marketing communications from us.
You’re involved in a contract, dispute or transaction that we’re handling
If you’re involved in a contract, dispute or transaction that we’re handling (either because you’re on the ‘other side’, you’re an interested party or you’re employed or engaged by an organisation which is involved in a contract, dispute or transaction) you can find out more about the purposes for which we will collect and use your personal data, and other important information, here.
- Biographical details (name, job title and other information about you or your role)
- Contact details (both private and work, where appropriate)
- Business information (which may or may not include your personal data)
- Financial details (such as personal bank account details and records of transactions with us including invoices and credit notes)
- Records of communications with us (including emails, call history and audio/video recordings, where agreed with you in advance)
- Other personal data which is provided to or obtained by us, for example, by reviewing documents received from our clients, counterparties, overseas associates and other third party information sources
- You may provide us with your personal data where we’re acting for someone else but have a need to liaise with you
- We may get your personal data from your colleagues, other professional advisers or other parties involved in a matter
- Carrying out our client’s instructions and managing client matters, for example, negotiating contracts, advising on disputes (whether or not involving a court or tribunal) or facilitating transactions
- Complying with our legal and professional obligations
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll use your personal data to provide our services to our client based on our legitimate interests in complying with our instructions (subject to our legal and professional obligations) and also the legitimate interests of our client in instructing us to advise them
- We’ll also use your personal data to comply with our legal obligations as a regulated law firm
- In any case, we’ll use your personal data for our legitimate interests in complying with our legal and professional obligations, reviewing and improving the quality of the services we provide and how we provide them, sharing know-how internally and training our team and ensuring the security and stability of our systems
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Our client and its staff, as appropriate
- Computer Geeks, who provides our IT infrastructure and support services to allow us to conduct our business
- Overseas attorneys who, on your instruction, we engage to work on your behalf
- Other professional advisers involved in a matter, as necessary
- Enquiry agents, private investigators and process servers, as necessary
- Government agencies such as HMRC, courts, tribunals, and law enforcement agencies, as appropriate
- Our regulator, the Intellectual Property Regulation Board
- Our outsourced regulatory compliance consultant
We retain client files for 7 years from the date we close them (or 7 years from the date of initial contact if a matter is aborted). We may retain files for longer periods if requested by you or where we’ve a good reason to retain them for longer.
- Biographical details (name, job title and other information about you or your role)
- Contact details (both private and work, where appropriate)
- Financial details (such as personal bank account details and records of transactions with us including invoices and credit notes)
- Records of communications with us (including emails, call history and audio/video recordings, where agreed with you in advance)
- If you’re supplying to us personally, we’ll usually get your personal data directly from you
- If you work for a supplier, we may get your personal data from your colleagues
- Managing the supplier relationship
- Processing payments
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- If you’re supplying to us personally, we’ll use your personal data to perform our obligations and exercise our rights under our contract with you
- If you work for a supplier, we’ll use your personal data to manage our relationship with the supplier and obtain their services in line with our legitimate interests in doing so
- In any case, we’ll use your personal data for our legitimate interests in ensuring the security and stability of our systems (if you are given access to them for any reason)
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Computer Geeks who provides our IT infrastructure and support services to allow us to conduct our business
- Our regulator, the Intellectual Property Regulation Board
- Our outsourced regulatory compliance consultant
We retain personal data relating to our suppliers and those working for them for the duration the contract under which any goods or services are supplied and for a period of 7 years thereafter.
We retain invoices, remittance notes and supporting records for 7 years from the relevant invoice or credit note date.
- Biographical details (name, job title and other information about you or your role)
- Contact details (both private and work, where appropriate)
- Access or dietary requirements
- Photographs or video containing images of you (we’ll always tell you if we’re doing this in advance.If you’re part of a large group of people, this won’t represent your personal data; however if you’re part of a small group of people or you’re photographed or recorded individually, then it will)
- Feedback forms (which may be completed anonymously)
- We’ll usually get your personal data directly from you, although we may get your personal data from your colleagues if they register you to attend an event on your behalf
- Managing and running events
- Ensuring access and dietary requirements are met
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll use your personal data in line with our legitimate interests in managing and running our events
- Where necessary, we may need to your personal data to protect your vital interests, for example, if you suffer an allergic reaction, take ill or are injured at any of our events
- We may ask for your consent to use your name in connection with any photographs, video or testimonials relating to an event
- We’ll also use your personal data to comply with our legal obligations, for example, under equality, health and safety laws
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Computer Geeks, who provides our IT infrastructure and support services to allow us to conduct our business
- Any person or organisation that we’re co-hosting an event with (where they will be a joint controller with us)
- Any event venue or catering provider
- External marketing agencies engaged by us, where necessary
We retain personal data about event attendees for a period of 6 months from the date of the event. If you’ve subscribed for our newsletter, then we will retain until you unsubscribe or object to receiving direct marketing from us, or we believe you’re no longer interested in receiving any marketing communications from us.
- Your name, job title and email address if you subscribe to our newsletter
- Technical data about the device used by you to access our website which we obtain through server logs and the use of cookies and similar technologies (see below), including the internet protocol (IP) address of the device and characteristics of such device
- Usage data about your visit, which we obtain through server logs and the use of cookies and similar technologies (see below), including the pages viewed by you, how you moved about our website and how you interacted with particular pages
We also collect and use aggregated data such as statistical or demographic data for any purpose. This aggregated data could be derived from your personal data but isn’t considered personal data as this data won’t directly or indirectly reveal your identity. We don’t combine aggregated data with other data in order to identify you.
- We’ll get your personal data directly from you when you access our website
- Sending you our email newsletter, where you’ve subscribed to receive it
- Administering and protecting our website through security monitoring, reporting and testing
- Where you’ve accepted advertising cookies, delivering relevant content and advertisements throughLinkedIn and understanding the effectiveness of such adverts
- Improving and optimising our website and marketing
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll rely on the consent you give when accepting non-essential cookies on our website to use your personal data for analytical and advertising purposes
- We’ll access our server logs based on our legitimate interests in protecting the security and stability of our website and understanding how our website is used by visitors
Our website uses small text files, called cookies, which are stored on your device when you access and use certain features of our website. Apart from those cookies which are strictly necessary for us to provide you with access to our website or any features that you’ve requested, we’ll only store cookies on your device if you’ve consented to this when you first access our website and every 90 days thereafter. As cookies are unique, we can use them to distinguish you from other users for the purposes described above, however we’ve configured our analytical cookies so that your IP address is anonymised.
To find out more about cookies, how to refuse them and how to change your device’s cookie settings, you should visit the ICO Cookie Guidance.
Our website uses the following cookies (categorised based on guidance produced by the International Chamber of Commerce):
Cookie: Google Analytics (_ga, _gid, _gat_gtag_UA [string])
- Type: Analytics (non-essential)
- Duration: 2 years (_ga), 1 month (_gid and _gat),
- Domain: springbirdip.com
- Further info: See Google Analytics Cookie Usage and the Google Privacy Policy
Cookie: Google Ads (_Secure-APISID, _Secure-3PAPSIID, _Secure-3PSID,_Secure-SSID, _Secure-HSID, ANID, SID, NID, SSID, HSID, CONSENT, SAPSID,APISID)
- Type: Advertising (non-essential)
- Duration: All cookies are stored for between 6 months and 2 years, except for the CONSENT cookie which is stored for 18 months
- Domain: google.com
- Further info: See How AdSenses Uses Cookies and the Google Privacy Notice
Cookie: HubSpot (__hs_opt_out, __hs_do_not_track,__hs_initial_opt_in, __hs_cookie_cat_pref, _hs_ab_test, <id>_key, hs-messages-is-open,hs-messages-hide-welcome-message, __hsmem, hs-membership-csrf,hs_langswitcher_choice, __cfruid, __cf_bm,
- Type: Essential
- Duration: Cookies stored between 30 minutes and 2 years
- Domain: springbirdip.com
- Further info: See HubSpot cookie explanation page
Cookie: HubSpot (__hstc, hubspotuk, __hssc, __hssrc)
- Type: Analytics(non-essential)
- Duration: Cookies stored between 30 minutes and 60 months
- Domain: springbirdip.com
- Further info: See HubSpot cookie explanation page
We’re required by our regulator, the Intellectual Property Regulation Board, to include written confirmation on our website so you can verify that our website is operated by us as a regulated IP firm.
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Computer Geeks, who provides our IT infrastructure and support services to allow us to conduct our business(including content creation and management of our website)
- External marketing agencies engaged by us, where necessary
We retain marketing contact details until you unsubscribe or object to receiving direct marketing from us, or we believe you’re no longer interested in receiving any marketing communications from us.
You’re a subscriber to our newsletter or follower on social media
If you’ve subscribed to receive our newsletter or we’ve added you to our mailing list at your request, or you follow us on social media, you can find out more about the purposes for which we will collect and use your personal data, and other important information, here.
- Biographical details (name, job title and other information about you or your role)
- Contact details (both private and work, where appropriate)
- Comments on our posts or other content
- We’ll usually get your personal data directly from you
- Sending you our email newsletter to provide information about us, our services, and our events
- Engaging with you on social media
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll send you our email newsletter based on your consent where you’ve subscribed to receive it or our legitimate interests where you’re using an email address provided by your employer and you’re a ‘corporate subscriber’
- We’ll engage with you on social media based on our legitimate interests in marketing and promoting our services, responding to comments and questions made on social media and engaging with our network of clients, potential clients, referrers and partners
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Computer Geeks, who provides our IT infrastructure and support services to allow us to conduct our business (including marketing, content creation and social media campaigns)
- External marketing agencies engaged by us, where necessary
We retain marketing contact details until you unsubscribe or object to receiving direct marketing from us, or we believe you’re no longer interested in receiving any marketing communications from us.
We generally won’t retain copies of any exchanges between us on social media – instead, they’ll be stored by the relevant platform and retain in accordance with its policies. However, we may make a note of any exchanges between us on our CRM system and these will be stored for up to 2 years.
- Contact details (generally private only)
- Biographical details (name and any other information you choose to provide us with such as your date of birth, sex, gender or gender identity, marital status, dependants, disabilities, or medical conditions)
- Education and employment history (whether in your CV, job application or covering letter)
- Notes of your responses to questions raised at interview
- The results of any exercises or tests undertaken by you during the recruitment process
- References obtained from any previous employer(s)
- Receipts for travel expenses, where we have agreed to reimburse you for these
- Information we find about you online, such as public social media profiles
We may also collect, or you may choose to provide us with, the following “special categories of personal data” about you:
- Information about your race or ethnicity, religious beliefs or sexual orientation (whether or not indicated by your gender or gender identity)
- Information about your health, including any disability or medical condition
- Information about criminal convictions or offences
- We’ll usually get your personal data directly from you
- We may be provided with your personal data by a recruitment agency engaged by us to find candidates
- We’ll check the IPReg website for details of any disciplinary or regulatory decisions that have been published about you in line which its Decision Publication Policy
- We’ll undertake anti-money laundering and credit checks through our third-party AML and identity checking provider for any Attorneys, professional advisers or staff who will have access to our client systems
- We’ll undertake a standard Disclosure and Barring Service (DBS) check for any Attorneys and a basic DBS check for any other employees through an approved third-party DBS checking provider
- We may obtain personal data about you through social media platforms (to the extent your privacy settings enable us to view your profile or content that you’ve shared on them)
- Undertaking and communicating with you about our recruitment and selection process
- Monitoring the effectiveness of our recruitment and selection policies and procedures for internal purposes
- Evaluating whether we need to provide appropriate adjustments during the recruitment and selection process
- Ensuring meaningful equal opportunity monitoring and reporting to IPReg (you will not be identified in any reports)
- Complying with our legal and professional obligations, to include checking your eligibility to work in the UK as required by immigration law
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll review and consider your CV or application, take notes of any interviews, and communicate with you by any means in line with our legitimate interests in employing or engaging suitable staff aspart of our recruitment and selection process
- We may take up references as part of the steps we need to take to enter into an employment or consultancy contract with you
- We’ll check theIPReg website and undertake AML, identity and criminal records checks in line with our legal obligation to ensure that anyone working for us is entitled to work in the UK and is of good character and suitability to work within a regulated IP firm
- If we review your social media profile, this will be based on our legitimate interests in ensuring the character and suitability of those working for us and protecting our reputation
In addition to our staff (which may include self-employed consultants) and those providing technical services to us (such as cloud service providers that host our business systems), we may share your personal data with:
- Any recruitment agency engaged by us to find candidates
- Our regulator, the Intellectual Property Regulation Board
- Our outsourced regulatory compliance consultant
If you’ve been successful, the personal data relating to your application will be transferred to your employment record and will be retained for a period of 7 years from the commencement of your employment, in the event that we have to review the basis on which you were employed.
If you’ve not been successful, we’ll immediately delete any information obtained for verification and vetting purposes and retain the personal data relating to your application for a period of 12 months after such decision has been made.
With your permission, we may retain your CV for a period of 12 months from the date the recruitment outcome is confirmed to you in the event that there are any future vacancies.