Privacy Policy

1.    Introduction

Tiong & Partners ("we","our", "us") is committed to protecting and respecting your privacy. This policy outlines how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2.    Data Controller

Tiong & Partners is a trading name of Merali Beedle Limited.

Merali Beedle is the data controller of the personal data you provide to us. Our contact details are as follows:

Merali Beedle Limited
Vicarage House, 58-60 Kensington Church Street, London W8 4DB

Email: info@meralibeedle.com
Phone: +44 (0) 207 368 3325

3.    Personal Data We Collect

We may collect and process the following data about you:

  • Contact Information: Name, address, email address, phone number.
  • Identity Data: Date of birth, passport details, national insurance number.
  • Financial Data: Bank account details, payment card details, details about your financial situation.
  • Case Data: Information relevant to the legal services you have requested, which may include sensitive personal data such as health information, criminal records, or any other data relevant to your case.
  • Technical Data: IP address, browser type, and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

4.    How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To provide legal services: Processing necessary for the performance of our contract with you.
  • To manage our relationship with you: Including notifying you about changes to our terms or privacy policy.
  • To comply with legal or regulatory obligations: Processing necessary for compliance with a legal obligation.
  • To improve our services: Analysing your data to improve our services and client experience.
  • Marketing: With your explicit consent, we may use your contact details to provide you with information about services we think may be of interest to you.
5.    Data Sharing

We may share your personal data with:

  • Service Providers: External third parties who provide IT and system administration services.
  • Professional Advisors: Including lawyers, bankers, auditors, and insurers.
  • HM Revenue & Customs, regulators, and other authorities: Who require reporting of processing activities in certain     circumstances.
  • Third Parties: To whom we may choose to sell, transfer, or merge parts of our business or assets.
6.    Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

7.    Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The law requires us to retain your personal data for up to five years before destroying the records. However, we will hold your personal data for as long as necessary, unless you specifically ask us to destroy your records after five years.

8.    Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including:

  • Request access to your personal data (Data Subject Access Requests (DSAR)).
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of these rights, please contact us at info@meralibeedle.com.

9.    DSARs

You have the right to request access to the personal data we hold about you. If you make a DSAR, we will:

  • Provide a copy of the personal data we hold about you, free of charge.
  • Respond within one month of receiving your request.
  • Extend the response time by a further two months if your request is complex or numerous, in which case we will inform you within the initial one-month period.
10. Data Protection Impact Assessments (DPIAs)

We have a documented procedure for undertaking DPIAs. This procedure includes:

  • Identifying the need for a DPIA.
  • Describing the processing activity.
  • Assessing the necessity and proportionality of the processing.
  • Identifying and assessing risks to individuals.
  • Identifying measures to mitigate those risks.
  • Consulting with relevant stakeholders.
  • Documenting the assessment and outcomes.
  • Reviewing and updating the DPIA as necessary.

This procedure is applied whenever we undertake new processing activities that are likely to result in a high risk to individuals’ rights and freedoms.

11. Technical and Organisational Measures for Subject Access Requests (SAR) and Data Rights

We have in place technical and organisational measures to assist our clients with their obligations as data controllers in respect of SARs and other data subject rights under the GDPR. These measures include:

  • Secure systems to track and manage SARs.
  • Training for staff on handling SARs and data subject rights.
  • Processes to verify the identity of data subjects.
  • Timely response mechanisms to ensure compliance with statutory deadlines.
11. Complaints

In the last 12 months, we have not received any complaints from data subjects regarding our treatment of their personal data. Should any complaints arise, they will be documented, investigated, and addressed in accordance with our internal complaint handling procedures.

12. Privacy Regulator Action

In the last 12 months, we have not been subject to any actions from the relevant privacy regulator. Any future regulatory actions will be documented and addressed in accordance with legal and regulatory requirements.

13. Confidentiality Obligations

All staff, agents, and key subcontractors involved in delivering our services are subject to obligations of confidentiality that comply with GDPR. These obligations are enforced through:

  • Employment contracts containing confidentiality clauses.
  • Non-disclosure agreements with third parties.
  • Regular training and awareness programs on data protection and confidentiality.
  • Internal policies and procedures that emphasize the importance of maintaining confidentiality.
14. Processing Locations

All personal data we process on behalf of our clients is kept within the UK or the European Economic Area (EEA). If personal data needs to be transferred outside the UK or EEA, we will ensure adequate protection by:

  • Implementing standard contractual clauses approved by the European Commission.
  • Ensuring transfers are to countries that have been deemed to provide an adequate level of data protection by the European Commission.
  • Using binding corporate rules or other appropriate safeguards.
15. Changes to This Privacy Policy

We may update this policy from time to time. Any changes we make will be posted on this page, and, where appropriate, notified to you by email.

16. Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact us at:

Merali Beedle
Vicarage House, 58-60 Kensington Church Street, London W8 4DB

Email: info@meralibeedle.com
Phone: +44(0) 207 368 3325

This policy was last updated in June 2024