Benedek Lewin and the Omnium Group are committed to protecting your privacy. This notice describes how we collect and use your personal data. It also describes the rights you have and control you can exercise in relation to it.
This Privacy Notice was last updated on 15 September 2018.
- Who we are
- Data collection and usage
- Your communications with us
- How we use your personal data
- Our reasons for using your personal data
- Legitimate interests
- Our reasons for using special category data
- With whom do we share your data?
- Personal data about others
- Where your information will be held
- How long do we keep your data?
- Your rights
- Right to object
- Links to third party websites
- Changes to this notice
- How to contact us
Benedek Lewin is a professional company incorporated with limited liability in Bermuda. Our affiliated service companies Omnium Corporate Services and Omnium Trust Company are incorporated with limited liability in Bermuda and are regulated by the Bermuda Monetary Authority to conduct corporate and trust services respectively. Our registered offices are at S.E. Pearman Building, 9 Par la Ville Road, Hamilton HM11.
If you have any questions about Benedek Lewin’s use of your personal data, please contact Simon Benedek by email at firstname.lastname@example.org or by writing to Simon Benedek at our office.
- Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided) as well as email and postal address;
- Business information: data identifying you in relation to matters on which you instruct us or in which you are involved;
- Information from public sources: e.g. LinkedIn and similar professional networks, newspapers, blogs, directories or other internet publications;
- Information in connection with investigations or proceedings: where this is necessary to conduct the investigation or proceedings;
- Attendance records: to record your attendance at our offices for security purposes;
- Subscriptions/preferences: when you subscribe to receive legal briefings, updates or newsletters as well as consent preferences to help us identify which materials you are interested in receiving;
- Events data: attendance at and provision of feedback forms in relation to our events;
- Supplier data: contact details and other information about you or your company or organisation where you provide services to Benedek Lewin or Omnium;
- Social media: posts, Likes, tweets and other interactions via social media;
- Technical information: when you access this website and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari etc.), time zone setting, browser plug-in types and versions, operating system you are using (e.g. Vista, Windows XP, MacOS, etc), device type, hardware model, MAC address, unique identifiers and mobile network information];
- Online data: when you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails. Benedek Lewin and Omnium do not collect personal data about your online activities across third party websites or online services.
- Special categories of personal data: such as dietary, disability or similar requirements for events and meetings. If you do not provide this information, we may not be able to respond to your particular needs or preferences;
- Criminal record data: where permitted by national law and appropriate to do so, such as existence of prior criminal offences (or confirmation of clean criminal record).
The above data will be provided to us by you, your employer or the company or organisation who is our client. We may also collect the above data ourselves when we to conduct anti-money laundering, sanctions screening and regulatory checks.
Your communications with us
Benedek Lewin and Omnium may also collect information that you choose to provide in communications with us. Please do not send us confidential information until we have confirmed in writing that we represent or act for you or your company or organisation. Unsolicited emails from non-clients do not establish a lawyer-client relationship. They may not be privileged and, therefore, may be disclosed to others.
- Service provision: providing legal advice, corporate and trust services;
- Business relationship: managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customise our offering for you, develop our relationship and target our marketing and promotional campaigns;
- Communication: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services;
- Events: running legal briefings, roundtables and other events;
- Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
- Client legal compliance: client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime and we may not be able take instructions if you do not provide the information we need to do these checks;
- Website monitoring: to check the website and our other technology services are being used appropriately and to optimise their functionality;
- Site security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our offices);
- Online security: protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
- Regulatory: compliance with our legal and regulatory obligations including auditing and reporting requirements;
- Managing suppliers: who deliver services to us;
- Legitimate interest: to pursue the legitimate business interests listed in the “Legitimate Interests section of this policy below.
- you have given us consent: for example, where you share details for particular purposes;
- this is necessary to comply with legal or regulatory obligations: for example, anti-money laundering and mandatory client screening checks or disclosure to law enforcement.
- this is necessary to deal with legal claims
- processing is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual. Our legitimate interests are listed in the next section.
- providing legal, corporate and trust services;
- managing our business and relationship with you or your company or organisation;
- understanding and responding to inquiries and client feedback;
- understanding how our clients use our services and websites;
- identifying what our clients want and developing our relationship with you, your company or organisation;
- improving our services and offerings;
- enforcing our terms of engagement and website and other terms and conditions;
- ensuring our systems and premises are secure;
- managing our supply chain;
- developing relationships with business partners;
- ensuring debts are paid;
- operating suppressors to exclude you from direct marketing if you unsubscribe;
- sharing data in connection with acquisitions and transfers of our business.
Our reasons for using sensitive personal data
Sensitive personal data in Bermuda and certain other jurisdictions refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data. We may also collect data about criminal convictions. We will process this data where:
- we have your explicit consent: for the particular processing;
- this is necessary to protect your vital interests or those of another person: for example, in medical emergencies;
- you have manifestly made the data public: for example, where you have published it on social media;
- this is necessary to deal with legal claims: for example, involving court proceedings;
- this is necessary for substantial public interest: for example, to prevent or detect unlawful acts;
- Suppliers: who support our business including IT and communication suppliers and outsourced business support, marketing and advertising agencies; Our suppliers have to meet minimum standards as to information security and they will only be provided data in line with their function;
- Other law firms, corporate service providers and trust companies: including local law firms, barristers, expert witnesses and arbitrators/mediators;
- Law enforcement bodies and our regulators: or other competent authorities in accordance with legal requirements or good practice;
- Appropriate parties in the event of emergencies: in particular to protect health and safety of our clients, staff and organisations;
- Your company or organisation: in relation to us providing legal services;
- Screening service providers: so that we can comply with legal obligations in relation to the prevention or protection of crime, anti-money laundering, sanctions screening and other required checks;
- Advertising networks and analytics service providers:to support and display ads on our website, apps and other social media tools;
- Third parties: in the context of the acquisition or transfer of any part of our business or in connection with the business reorganisation.
Personal data about others
In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.
We will hold your information securely in line with physical, technical and administrative security measures. However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk.
Where will your information be held?
Your information may be transferred out of Bermuda. Data protection laws vary by country and those applicable in the USA and elsewhere are not equivalent to those applicable in Bermuda. Benedek Lewin will, take steps to protect your information in line with locally applicable data protection requirements.
How long do we keep your data?
We generally keep your information as needed to provide our legal services and to deal with claims. This will depend on a number of factors such as whether you or your company or organisation are an existing client or have interacted with recent client mailings or bulletins or attended recent events. We will retain your information as necessary to comply with legal, accounting or regulatory requirements. Typical retention periods will range from 6 to 10 years.
Under Bermuda law, you have certain rights in relation to your information. The availability of these rights and the ways in which you can use them are set out below in more detail. Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact Simon Benedek at email@example.com.
- Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
- Transfer: you may us to help you request the transfer certain of your personal data to another party;
- Objection: where we are processing your personal data based on a legitimate interest (or those of a third party) and you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Consent: where we are processing personal data with consent, you can withdraw your consent.
If you want to exercise any of these rights, please Simon Benedek by writing to firstname.lastname@example.org.
Right to object
Under Bermuda law, you have a right to object to us processing your information in certain circumstances. This applies where we are processing your personal information based on a legitimate interest (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.
Links to third party websites
Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal data that you provide through these websites is not subject to this privacy notice and the treatment of your personal data by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
If we change anything important about this notice (the information we collect, how we use it or why) we will highlight those changes at the top of the notice and provide a prominent link to it for a reasonable length of time following the change.