Sign in Subscribe

Privacy Notice

Privacy Notice
Photo by Glen Carrie / Unsplash

Version Control

Version: 1.0

Last Updated: January 2, 2025

Effective Date: January 2, 2025

Next Review Date: January 2, 2026

Introduction

T3PS Legal Dynamics Ltd is committed to protecting the privacy and security of the personal data we handle in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This privacy policy outlines how we collect, use, and protect information provided to us by our business clients. As a business-to-business (B2B) service provider, we act as a data processor, handling data on behalf of our clients who are the data controllers.

 

About T3PS Legal Dynamics Ltd

T3PS Legal Dynamics Ltd specialises in legal project management with a focus on three core areas: Projects, Pricing, and Process. Our services are designed to assist law firms and funders in efficiently managing legal projects and ensuring accurate pricing models. We provide comprehensive solutions that include auditing, process creation, and pricing strategies to optimise legal operations. We are committed to maintaining the highest standards of data protection in all our operations.

 

Information We Collect

In the course of providing our services, we may collect the following types of information:

1. Client Contact Information

Names, addresses, and contact details of the business entities we work with

2. Data Provided for Auditing

Data provided by our clients for the purpose of carrying out our specific instructions within a B2B environment

This data is handled in accordance with our client's instructions and applicable data protection laws

3. Project-related Data

 Information pertaining to legal projects, including project plans, timelines, and resources

4. Financial Information

Data necessary for developing and implementing pricing models

5. Employee Data (if applicable)

Information about client employees relevant to the services we provide

How We Use the Information

We use the information collected for the following purposes:

1. Service Provision

 To perform auditing services and Legal Project Management services

 To develop projects, pricing models and processes as instructed by our clients

2. Client Communication

 To communicate with our clients regarding our services and any updates

3. Record Keeping

To maintain accurate records of our client interactions and services provided

4. Compliance with Legal Obligations

To fulfil our legal and regulatory requirements

We do not engage in any automated decision-making or profiling using the data we process.

Legal Basis for Processing

As a data processor, we process personal data based on the instructions and lawful basis provided by our clients, who are the data controllers. The legal bases for processing under UK GDPR include:

Performance of a contract with our clients

Legitimate interests (where we have assessed that our interests do not override the rights and freedoms of data subjects)

Legal obligations under UK law

Consent (where specifically obtained and documented)

Where we rely on legitimate interests, we conduct and maintain documented legitimate interests assessments (LIAs).

Data Security

We implement robust security measures to protect personal data, including:

Use of Proton Business Suite for email and data storage, providing end-to-end encryption

Implementation of Proton VPN for secure network connectivity

Secure data storage in Switzerland under Swiss data protection laws

Use of Signal for secure communication

Implementation of access controls and regular staff training

Regular security audits and updates

Data Retention

We retain personal data for 7 years from the end of our business relationship or the completion of a project, whichever is later. This retention period is based on:

Legal and regulatory requirements

Business needs for record-keeping

Professional indemnity insurance requirements

Industry-standard practices

Data Transfers

We primarily process data within the UK. Our use of Proton Business Suite, based in Switzerland, complies with UK data protection requirements as Switzerland has been granted adequacy status by the UK. We do not transfer personal data to other countries outside the UK/EEA unless:

The transfer is to a country deemed adequate by the UK government

Appropriate safeguards are in place (such as UK Standard Contractual Clauses)

A specific derogation under Article 49 of the UK GDPR applies

Records of Processing

As required by Article 30 of the UK GDPR, we maintain detailed records of our processing activities, including:

Categories of processing carried out

Categories of data subjects and personal data

Recipients of personal data

Retention periods

Technical and organizational security measures

Data Subject Rights

As a data processor, we assist our clients in fulfilling their obligations regarding data subject rights, including:

Right to access

Right to rectification

Right to erasure (right to be forgotten)

Right to restrict processing

Right to data portability

Right to object to processing

Rights related to automated decision-making and profiling

Data subjects should contact the relevant data controller (our client) to exercise these rights.

Accountability and Governance

We maintain an active data protection compliance program that includes:

Regular data protection impact assessments (DPIAs) where required

Documented policies and procedures

Staff training records

Regular audits and reviews

Incident response procedures

Data Breach Notification

In the event of a personal data breach, we will notify the relevant data controller without undue delay and within 72 hours of becoming aware of the breach. We have procedures in place to detect, report, and investigate suspected personal data breaches.

 

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any material changes will be communicated to our clients via email and updated on our website.

Contact Information

For any questions or concerns regarding this privacy policy or our data protection practices, please contact:

T3PS Legal Dynamics Ltd Registered office 

The Old Waterloo Arms, Abermule, Montgomery Powys SY15 6ND

Registered Company No: 13500381

Email: info@t3ps.co.uk

Phone: 0161 327 4607

ICO Registration Number: ZB216805

We are committed to addressing any data protection concerns you may have. If you feel that we have not adequately addressed your concerns, you have the right to contact the Information Commissioner's Office (ICO) directly at https://ico.org.uk.