Privacy Policy

Last Updated: 25 February 2025

Introduction

This privacy policy explains how JPP Legal Ltd ("we," "us," or "our") collects, stores, uses, and shares your personal data (i.e., information relating to an identified or identifiable natural person) when:

·       Engaging with our services.

·       Visiting our website at www.jpp-legal.com.

As a small consultancy, using basic tools to provide our services, our processing of personal data is limited. Nevertheless, we are fully committed to ensuring that your personal data is kept safe and secure, and that all processing is compliant with relevant laws and regulations. Accordingly, we have put together this comprehensive policy to ensure that you have a clear understanding of our data processing practices and how you can respond to them.

If anything is unclear or you need more information, please contact us at jpp@jpp-legal.com.

The table of contents below provides an overview of the different topics covered by this policy.

1. What information do we collect?

2. How do we process your personal data?

3. On what legal bases do we rely to process your personal data?

4. When and with whom do we share your personal data?

5. Do we use cookies and other tracking technologies?

6. Is your personal data transferred internationally?

7. How long do we keep your personal data?

8. How do we keep your personal data safe?

9. Do we collect information from minors?

10. What are your privacy rights?

11. Controls for Do Not Track (DNT) features

12. How to exercise your rights

13. Changes to this policy

1. What information do we collect?

a) Personal data you disclose to us

We collect personal data that you voluntarily provide when you a) express interest in obtaining information about our services, b) use our website, or c) otherwise contact us.

Types of personal data: The personal data we collect depends on the context of your interaction with us and the choices you make. This may include:

·       Name

·       Email address

·       Job title

·       Phone number

Sensitive personal data: We do not collect this type of data.

We assume that any personal data you provide is true, complete, and accurate. Please notify us of any changes to it.

b) Information automatically collected

We automatically collect certain information when you visit, use, or navigate our website. This information does not reveal your specific identity (such as your name or contact details) but may include device and usage data, such as:

·       IP address

·       Browser and device characteristics

·       Operating system

·       Language preferences

·       Referring URLs

·       Device name and country

·       Location data (depending on your device settings)

This information is primarily needed to maintain the security and operation of our website and for our internal analytics and reporting.

c) Other personal data

We also collect information through cookies and similar technologies. You can learn more about these in our Cookies Policy.

Finally, we may collect personal data from social media platforms like LinkedIn, but we do not collect personal data from any other source (like data brokers or services of that nature).

2. How do we process your personal data?

We process your personal data for various reasons, depending on how you interact with us, including:

·       To deliver and facilitate the provision of our services

·       To respond to your enquiries

·       To share our marketing and promotional information

·       To operate our website

·       To comply with applicable laws and regulations

·       Legitimate purposes as permitted by applicable laws and regulations  

3. On what legal bases do we rely to process your personal data?

We only process your personal data when we believe it is necessary and have a valid legal basis to do so under applicable law. This may include:

·       Your consent – Where you have explicitly given us your consent to use your personal data, which you can withdraw at any time.

·       Performance of a contract – Processing is necessary to fulfill our contractual obligations to you, including providing our services or taking steps before entering into a contract.

·       Legitimate Interest - We may need to process your personal data where we have a legitimate interest to do so, including (i) to communicate with you in response to your requests, questions, enquiries, or submissions; (ii) to conduct advertising, marketing and promotional activities in connection with operating our business; and (iii) for research and development, security and optimisation of our services and website.

·       Legal obligations – Where we are required to comply with laws and regulations.

4. When and with whom do we share your personal data?

Our sharing of your personal data with third party service providers is entirely limited to our use of certain tools and the running of our website.

More specifically, we use:

·       Tools like Word and Google Sheets, provided by Microsoft and Google respectively. Our data is also backed up by these service providers.

·       Intuit Quickbooks for bookkeeping.

·       Squarespace as a hosting provider.

In each case, our use of the services is subject to terms and conditions which include suitable protections to ensure that your personal data is protected in accordance with this policy and applicable laws and regulations.

5. Do we use cookies and other tracking technologies?

We may use cookies and other tracking technologies to collect and store your personal data. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.

6. Is your personal data transferred internationally?

Our business is located in the UK and, by using the tools identified in section 4 above, we may transfer your personal data outside of the UK.

Before permitting any such transfers, we will ensure that appropriate safeguards are in place. These may include the International Data Transfer Agreement issued by the UK ICO or transfers to countries covered by adequacy decisions.

7. How long do we keep your personal data?

We will keep your personal data for as long as we have an ongoing legitimate business need to process it. Once this has ceased, we will either delete or anonymise it, or, if this is not possible (because your personal data has been stored in backup archives, for example), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

8. How do we keep your personal data safe?

We have implemented appropriate technical and organisational measures to protect your personal data, taking into account the nature of the processing. However, despite our safeguards and efforts to secure your personal data, no electronic transmission over the Internet or information storage technology is 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your personal data.

9. Do we collect information from minors?

No, we do not collect data from or market to children under 18 years of age.

10. What are your privacy rights?

Under this policy, we want to ensure that you are fully aware of your rights as they relate to our processing of your personal data. While the following rights may not fully align with the laws and regulations which apply in your region, we will extend these protections to you regardless of your location.

·       Request access and obtain a copy of your personal data

·       Request rectification or erasure

·       Restrict the processing of your personal data

·       If applicable, data portability

·       Not to be subject to automated decision-making in certain circumstances

·       Right to obtain a list of the categories of personal data we process

You may also have the right to object to the processing of your personal data, which you can exercise by contacting us at jp@jpp-legal.com.

We will consider and act upon any request in accordance with applicable data protection laws and regulations.

Complaints

If you are located in the European Economic Area or UK and you believe we are unlawfully processing your personal data, you also have the right to complain to your Member State data protection authority or UK data protection authority:

·       https://ec.europa.eu/newsroom/article29/items/612080/en

·       https://ico.org.uk/make-a-complaint/data-protection-complaints/

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner:

• https://www.edoeb.admin.ch/en

For other jurisdictions, please check with your local competent authority.

Before making any official complaint, we would kindly ask you to contact us so that we may be given the opportunity to rectify the issue at stake.

Withdrawing your consent

If we are relying on your consent to process your personal data (which may be expressed and/or implied consent depending on the applicable law), you have the right to withdraw your consent at any time by contacting us at jp@jpp-legal.com. Please note that withdrawing consent will not affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

11. Controls for Do Not Track (DNT) features

Most web browsers, some mobile operating systems, and mobile applications include a DNT feature or setting that you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If a standard for online tracking is adopted that we are required to follow in the future, we will inform you about that practice in a revised version of this privacy policy.

California Law Compliance

California law requires us to disclose how we respond to web browser DNT signals. Because there is currently no industry or legal standard for recognising or honouring DNT signals, we do not respond to them at this time.

12. How to exercise your rights

To exercise your rights, you can contact us by emailing us at jp@jpp-legal.com.

Upon receiving your request, we will need to verify your identity to confirm that you are the same person about whom we hold information in our system.

·       We will only use the personal data provided in your request to verify your identity or authorise the request.

·       If we cannot verify your identity with the information we already maintain, we may request additional information for verification, security, or fraud prevention purposes.

If you are in California, under California Civil Code Section 1798.83 (also known as the Shine the Light Law), California residents may request, once per year and free of charge, the following information:

·       The categories of personal data, if any, that we disclosed to third parties for direct marketing purposes in the immediately preceding calendar year.

·       The names and addresses of the third parties with whom we shared personal data.

If you are a California resident and would like to make such a request, please submit your request in writing at jp@jpp-legal.com.

13. Changes to this policy

We may update this policy periodically. If we make changes that impact how we use your personal data, we will inform you by posting an updated version on our website. When necessary, we may also provide additional notifications through other channels.