Hindles Limited – Privacy Policy

Hindles Limited recognise the importance of data protection, including the protection and handling of personal data. We comply with the UK Data Protection Act and EU General Data Privacy Regulation. In this document we set out key information about the data which we process and your rights in relation to it.

Who Is Collecting Data?

We are Hindles Limited, company registration number SC 398144, of Clarence House, 131-135 George Street, Edinburgh, EH2 4JS (hereafter “Hindles” or “We”). Hindles is a firm of UK and European patent and trade mark attorneys and we collect data as part of our ongoing business. We are regulated by the Intellectual Property Regulator (www.ipreg.org.uk)

Hindles is a data controller, ICO registration no. Z3027648. In this document we set out our privacy policy, including how we protect personal information. Hindles have appointed a Data Protection Manager. You can contact the Data Protection Manager, and make subject access requests, using the contact details set out below.

What Data Is Being Collected and Processed?

Personal data is data which can be used to directly or indirectly identify a specific individual. We collect and process the following types of personal data.

We collect and process client identification and contact data on the bases of contract, legal obligation and legitimate interest. This is required for the purposes of taking on clients and managing our activities for and distributing information to clients.

We collect and process bibliographic information, including the name, address and nationality of applicants, inventors and designers, and ownership information, on the bases of contract, legal obligation and legitimate interest. This is required for the purpose of complying with legal requirements to name applicant, inventors and designers on patent, trade mark and registered design applications. As described further below this information will typically become published as part of the normal patent, trade mark or registered design application process.

We collect and process personal financial information in order to manage our accounts, payments and so forth. We process this on the basis of contract, legal obligation and legitimate interest.

We collect and process personal identification document data in order to enable us to carry out “know your client” checks required by law. We process this on the basis of contract, legal obligation and legitimate interest.

We collect and process miscellaneous personal data as part of our case work for our clients, for example data information about the parties to a matter, evidence relating to a case etc. We process this on the basis of contract, legitimate interest and legal obligation. Much of this data is covered by legal professional privilege.

We collect and process non-client identification and contact data required for the purpose of our client work on the basis of contract, legal obligation and legitimate interest.

We collect and process non-client identification and contact data for the purposes of carrying out our patent and trade mark attorney work on the basis of contract, legitimate interest and legal obligation and for marketing purposes on the basis of legitimate interest and/or consent.

We may occasionally collect and process special categories of personal data (data such as race, ethnicity, religion, health, sexuality or biometric data, or criminal records) when it is relevant to the subject matter of our work, e.g. patents for medical devices, enforcement of intellectual property offences. We limit the occasions where we collect and process such data. We process it, where required, on the basis of contract, legal obligation, legitimate interest and/or consent.

Who Is Data Shared With?

We share data with third parties for the purposes set out above, especially to: Patent Offices in the UK, EEA and around the world; other patent attorney firms in the UK, EEA and around the world; other lawyers and legal service providers in the UK, EEA and around the world; our regulators and insurers; patent and trade mark renewal companies; client identification service companies (for the purpose of carrying out identification checks on new clients); email hosts and email archive hosts. Where we transfer information outside of the EEA we do so only to countries which provide an adequate level of personal data protection, or using specific approved contracts or in the case of the United State of America, the US privacy shield.

It is important to be aware that the bibliographic information set out above, and some ownership information, will typically become published as part of the normal patent, trade mark or registered design application process. We cannot prevent this while complying with our legal obligations and contracts as patent and trade mark attorneys.

How Is Personal Data Protected?

Hindles takes its responsibility to protect personal data seriously and takes every effort to protect data from disclosure, unauthorised access or misuse. We employ appropriate IT security measures and staff training. Please do not be offended if we carefully evaluate to whom we may provide data and what data we may provide, or require proof of identity before disclosing data.

How Long Is Personal Data Kept For

We will only keep personal data in our standard records for the period of time for which it is required and in accordance with our document and data destruction policy. We maintain an email archive which securely retains emails for a minimum period of 7 years. Data in our patent case files may be retained for as much as the life of a patent (20 years) plus 6 years. A limited amount of data in our trade mark case files may be retained for the life of a trade mark registration, which can be indefinite if renewed, plus 6 years.

What Are Your Rights?

Under data protection legislation individuals have a number of rights, including a right to be informed; a right of access to data (including the right to make a data subject access request (SAR)); a right to rectification of data; a right to erasure of your personal data where there is no good reason for our continuing to process it; a right to object to the processing of data when we are relying on a legitimate interest and you have a specific reason to object; a right to data portability (which applies only to a limited type of data); a right to withdraw consent, where that is a basis on which we are relying to process your personal data, and rights in respect of automated decision making and profiling. Further information about your rights is specified by the ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to access any such rights you can contact the Data Protection Manager by email:

dataprotectionmanager@hindles.co.uk

You may also contact the Data Protection Manager by post:

Data Protection Manager
Hindles Limited
Clarence House
131-135 George Street
Edinburgh
EH2 4JS

We will send an acknowledgement shortly after receipt of a request. We aim to response substantively to fair and legitimate requests within one month where possible. We may require you to prove your identity before we consider a valid request to be received.

If you have any concerns about how we are processing your data we would be grateful if you would discuss them with us first. However, you have a right to complain to the Information Commissioner’s Office and this is explained here: https://ico.org.uk/concerns/