HR privacy notice

Employee privacy notice

1. INTRODUCTION

Kennedys takes the protection of your personal data seriously.

Kennedys is an international legal practice carried on by Kennedys Law LLP and its affiliated firms. References to “Kennedys”, “we” or “us” in this HR Privacy Notice mean Kennedys Law LLP and other firms authorised to use the Kennedys name. A full list of these entities is available at www.kennedyslaw.com/regulatory.

This HR Privacy Notice describes how Kennedys processes personal data about partners, employees and individual contractors of Kennedys.

We may amend this HR Privacy Notice at any time and for any reason. The updated version will be available by following the “Privacy” link on the HR section of the Kennedys intranet. You should check the HR Privacy Notice regularly for changes.

2. DATA PROTECTION LAWS

Kennedys’ EU offices are bound by the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”). Kennedys UK offices are bound by the GDPR as incorporated into the law the United Kingdom by virtue of the European Union (Withdrawal) Act 2018 (the “UK GDPR”). Unless otherwise indicated, references in this Privacy Notice to the GDPR include the UK GDPR.

Kennedys’ other offices outside the EU are subject to their local data protection laws.

In this Privacy Notice, the terms personal data, controller, processor, data subject, consent, recipient, third party, processing and profiling have the meanings given to them in the GDPR.

3. CONTROLLER CONTACT DETAILS

The controller for the processing of personal data under this HR Privacy Notice is:

Kennedys
25 Fenchurch Avenue
London
EC3M 5AD
United Kingdom
Telephone: +44 20 7667 9667
Email: dataprotection@kennedyslaw.com
Website: www.kennedyslaw.com/en/

Contact details for each individual Kennedys Group entity are listed at www.kennedyslaw.com/regulatory.

Any Kennedys Group entity that is not established in the EU appoints as its EU representative:

Kennedys
Second Floor, Bloodstone Building
Sir John Rogerson’s Quay
Dublin 2
D02 KF24
Ireland
Telephone: +353 1 878 0055
Email: dataprotection@kennedyslaw.com
Website: www.kennedyslaw.com/en/

4. DATA PROTECTION OFFICER CONTACT DETAILS

If you have any questions about this HR Privacy Notice or about our personal data processing practices, or if you wish to exercise any of your rights as a data subject, you may contact Kennedys’ Data Protection Officer for your region at dataprotection@kennedyslaw.com or as follows:

United Kingdom & European Union

Andrew Coates
Regional Data Protection Officer
Kennedys
25 Fenchurch Avenue
London EC3M 5AD, United Kingdom
Telephone: +44 20 7667 9063
Email: andrew.coates@kennedyslaw.com

Asia-Pacific & Middle East

Nicholas Blackmore
Regional Data Protection Officer
Kennedys
Level 36, 140 William St
Melbourne VIC 3000, Australia
Telephone: +613 9498 6602
Email: nicholas.blackmore@kennedyslaw.com

North America

Matt Lodge
Regional Data Protection Officer
Kennedys
120 Mountain View Boulevard
Basking Ridge NJ 07920, USA
Telephone: +1 908 848 1225
Email: matthew.lodge@kennedyscmk.com

South America

Isadora Talamo
Regional Data Protection Officer
Kennedys
25 Fenchurch Avenue
London EC3M 5AD, United Kingdom
Telephone: +44 20 7667 9236
Email: isadora.talamo@kennedyslaw.com

5. LEAD SUPERVISORY AUTHORITY CONTACT DETAILS

If you have a complaint about our personal data processing practices, you should first contact Kennedys’ Data Protection Officer for your region. If you are not satisfied with our response, you have the right to lodge your complaint with the following supervisory authority:

United Kingdom (UK GDPR)
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom
Telephone: +44 (0) 303 123 1113
Email: casework@rco.org.uk
Website: https://ico.org.uk

European Union (GDPR)
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland
Telephone: +353 578 684 800
Website: https://www.dataprotection.ie/

If you are located outside the EU or the UK, you may also contact your local data protection authority. Kennedys’ Data Protection Officer for your region can provide contact details.

6. HOW WE MAY PROCESS YOUR PERSONAL DATA

Kennedys will collect certain personal data about partners, employees and individual contractors of Kennedys.

  • Types of personal data collected

We collect a range of personal data about partners, employees and contractors of Kennedys, including name, contact details, profile photos, date of birth, government–issued identifiers (e.g. ID numbers, passport numbers, national insurance numbers, tax numbers), marital status, educational records, qualifications/CV, languages, visa status, contract details, remuneration details, employment performance and development, use of and access to Firm-purchased resources, disciplinary record, sickness records, health and medical information, and contact details and date of birth for next of kin.

We may collect data about ethnicity, disability and sexual orientation for diversity policy purposes, but this data will be collected on an anonymous basis and stored so that no individual is identifiable from the information.

  • Purposes of processing

We may process your personal data for purposes related to your partnership, employment or contractor relationship. These may include paying your salary or fees, monitoring your performance and development, disciplinary action, making decisions about promotions, managing the firm’s resources, contacting you or your family in an emergency, and other similar purposes.

  • Legal basis for processing

Partners, employees and contractors of Kennedys all have a contract with Kennedys which requires and allows Kennedys to process their personal data in various ways for the purposes of the partnership, employment or contractor relationship. Kennedys will process partner, employee and contractor personal data as necessary for the performance of that contract and to take steps to enter into that contract.

For processing which is not required for the performance of that contract, Kennedys will generally rely on Kennedys’ legitimate interests in:

  • employing and managing its partners, employees and contractors;
  • providing legal services (such as advice and litigation), claims handling services (such as claims administration, management and processing) and other professional services (such as debtor and asset tracing) to its clients, ensuring those services are of high quality, and complying with all regulations which apply to the provision of those services; and
  • developing and growing its business and its relationships, understanding the needs of its clients and prospective clients, and providing insights and commentary on legal issues.

Kennedys will only rely on those legitimate interests to process personal data where:

  • the processing is necessary for the purposes of those for the purposes of those legitimate interests; and
  • those legitimate interests are not overridden by the data subject’s interests or fundamental rights and freedoms.

Kennedys may still ask for consent to process personal data in some situations, for example where processing is necessary to provide optional employee benefits, such as health insurance.

  • Recipients or categories of recipients

We may disclose your personal data to:

  • clients, barristers, court officials, experts and other third parties involved in a client matter, for purposes related to the matter;
  • business development targets, for business development purposes; and
  • third parties who provide human resources, payroll, administrative, storage, telecommunications, information technology and other services to us in support of our business (however, we will ensure that all such suppliers are subject to obligations not to use or disclose that data).

In most countries, we are required by law to provide certain personal data about you to government authorities. This may include reporting amounts we pay you to taxation authorities, arranging work permits and visas, and reporting your employment status to immigration authorities.

In exceptional circumstances, we may be required or permitted by law to disclose personal data, for example to law enforcement authorities or to prevent a serious threat to public safety.

  • Transfers

We may transfer your personal data overseas.

The information systems of Kennedys Group are hosted on central servers located in the United Kingdom and Singapore. Any personal data that we store on our systems will be transferred to one of those locations.

Many of Kennedys Group’s information systems, including electronic matter files, client information and finance systems are accessible by Kennedys offices around the world. This means your personal data may be accessed by Kennedys’ personnel overseas.

When a matter involves obtaining legal or other professional advice from another country, we may need to transfer details about the matter, including personal data, to a Kennedys office or third party in that country.

For the purposes of the GDPR, the European Commission issues adequacy decisions on the data privacy laws of non-EU countries. The majority of countries to which Kennedys may transfer personal data are not covered by an EC adequacy decision. However, many of them do have local data privacy laws which are similar to the GDPR.

All Kennedys Group entities worldwide will treat your personal data in accordance with this HR Privacy Notice and their local data privacy law. All Kennedys offices outside the EU have entered into an agreement which requires them to treat all personal data transferred to them from Kennedys’ EU offices in accordance with the GDPR.

In addition, Kennedys adopts following safeguards when transferring personal data overseas:

  • Kennedys will always make such transfers in accordance with the requirements of the data privacy laws of your home country;
  • Kennedys will require that any overseas third party to which it discloses your personal data to: (a) only use that personal data for the purposes for which it was disclosed; (b) use all technical and organisational measures which are reasonable in the circumstances to secure that personal data; (c) delete that personal data when it is no longer required; and (d) treat that personal data in accordance with this HR Privacy Notice and their local data privacy law; and
  • Kennedys technology and control mechanisms are designed and monitored by Kennedys in the UK and are internally assessed for compliance against our Security Policy and ISO27001 standards by an IT Security Manager. A six-monthly assessment of the processes and controls is also carried out by external auditors, who provide certification against ISO27001.

  • Retention period

Kennedys will only retain personal data for as long as it has a legitimate purpose to do so. Kennedys will need to retain personal data for commercial and legal purposes. How long it will need to retain personal data for these purposes will depend on the specific personal data.

Kennedys may retain your personal data for the duration of your partnership, employment or contractor relationship. After the end of that relationship, Kennedys may continue to retain your personal data:

  • which it is required to retain under any applicable law (for example, under employment or taxation laws); or
  • which it still needs for any purpose relating to the partnership, employment or contractor relationship (for example, to pay any remaining entitlements or to defend the firm in the event of a dispute).

This will generally mean that Kennedys will retain your personal data for at least six years after the end of your partnership, employment or contractor relationship.

Once Kennedys has no legal or commercial reasons to retain personal data, it will be securely deleted or destroyed.

  • Requirement to provide personal data

In most cases, it is mandatory to provide the above personal data to us. Without that personal data, we would be unable to manage your partnership, employment or contractor relationship. In most countries, we are required by law to collect certain personal data about you.

In some cases, it is optional to provide personal data. We will tell you where this is the case. Providing us with optional personal data may allow us to provide additional benefits to you or to improve our client services or workplace. For example, it is not mandatory to tell us what languages you speak, but doing so will help us offer a better service to clients.

7. AUTOMATED DECISION-MAKING INCLUDING PROFILING

Kennedys does not engage in any automated decision-making or profiling.

“Automated decision-making” means a decision based solely on automated processing of personal data (without human intervention) which produces legal effects concerning the person or otherwise significantly affects the person.

“Profiling” is a form of automated decision-making. It uses personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is generally associated with systems based on artificial intelligence and machine learning. A system will be provided with a set of personal data and trained to identify correlations, and to then use those correlations to predict future behaviour by individuals.

8. YOUR RIGHTS

If you are located in the European Union or the United Kingdom

If you are located in the EU or the UK, you have certain rights in relation to your personal data as follows:

  • Access: You have the right to obtain access to and a copy of any personal data we hold about you. You also have the right to find out whether your personal data has been transferred outside the EU and any safeguards relating to this transfer.
  • Rectification: If you consider that any personal data we hold about you is incorrect or incomplete, you have the right to ask us to correct or complete that personal data.
  • Erasure: In certain circumstances, you have the right to ask us to erase any personal data we hold about you.
  • Restriction of processing: In certain circumstances, you have the right to ask us not to process your personal data for certain purposes.
  • Objection to processing: In certain circumstances, you have the right to object to us processing your personal data for certain purposes.
  • Data portability: In certain circumstances, you have the right to request a copy of your personal data in a structured, commonly used and machine-readable format.
  • Withdrawing consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.

For more information about these rights, visit https://ico.org.uk/for-the-public/

To make a request pursuant to these rights, contact Kennedys’ Data Protection Officer for United Kingdom/Europe (see section 3 above).

If you are located outside the European Union and the United Kingdom

If you are not located in the EU or the UK, you may still have rights in relation to your personal data under your local data privacy law. Many countries provide data subjects with a right to seek access to any personal data we hold about you, and to request correction of that data if it is incorrect.

To make a request pursuant to these rights, contact Kennedys’ Data Protection Officer for your region (see section 3 above).

Candidate privacy notice

Kennedys takes the protection of your personal data seriously.

Kennedys is an global legal practice carried on by Kennedys Law LLP and its affiliated firms.  References to “Kennedys”, “we” or “us” in this Candidate Privacy Notice (“Privacy Notice”) mean Kennedys Law LLP and other firms authorised to use the Kennedys name. A full list of these entities is available on our website.

You are being sent a copy of this Privacy Notice because you are applying for work with us (whether as an employee, worker or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for.

We may amend this Privacy Notice at any time and for any reason. The updated version will be uploaded to our website.

DATA PROTECTION LAWS

Kennedys’ EU offices are bound by the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”). Kennedys UK offices are bound by the GDPR as incorporated into the law the United Kingdom by virtue of the European Union (Withdrawal) Act 2018 (the “UK GDPR”). Unless otherwise indicated, references in this Privacy Notice to the GDPR include the UK GDPR.

Kennedys’ other offices outside the EU are subject to their local data protection laws.

In this Privacy Notice, the terms personal data, controller, processor, data subject, consent, recipient, third party, processing and profiling have the meanings given to them in the GDPR.

CONTROLLER CONTACT DETAILS

The controller for the processing of personal data under this Privacy Notice is:

Kennedys
20 Fenchurch Street, London, EC3M 3BY, United Kingdom
Telephone: +44 20 7667 9667
Email: dataprotection@kennedyslaw.com
Website: www.kennedyslaw.com/en/

Contact details for each individual Kennedys Group entity are listed on our website.

Any Kennedys Group entity that is not established in the EU appoints as its EU representative:

Kennedys
Second Floor, Bloodstone Building, Sir John Rogerson’s Quay, Dublin 2, D02 KF24, Ireland
Telephone: +353 1 878 0055
Email: dataprotection@kennedyslaw.com
Website: www.kennedyslaw.com/en/

PROCESSORS

eArcu Limited may process your personal data on our behalf, for the purposes of your application, if your application is uploaded to their application tracking system by you directly or by a recruitment agency.  The application tracking system provides a platform from which we can review and consider applications.

We have consented to eArcu Limited’s use of the following sub-processors, to enable them to provide the application tracking system to us:

  • Rackspace Technology (to host and store data)
  • Amazon Web Services (to host and store video interviews)
  • Cloud Direct (for data backup storage)
  • Twilio Inc. (to provide SMS transmission functions)

Sterling Ltd, who carry out background checks on our behalf, and Credas Technologies Ltd, who process a candidate’s right to work data, may also process your data for the purposes of recruitment.

All processors, sub-processors and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow any processors to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

DATA PROTECTION PRINCIPLES

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

HOW WE MAY PROCESS YOUR PERSONAL DATA

Types of personal data collected

In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:

  • The information you have provided to us or to a recruitment agency in your curriculum vitae and covering letter (and other supporting documents) or the information you have provided on our application form, including name, title, address, telephone number(s), personal email address, IP address, date of birth, gender, employment history, qualifications, and financial data.
  • Any information you provide to us during an interview.

We may also collect, store and use the following types of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

How is your personal information collected?

We may collect personal information about candidates from the following sources:

  • You, the candidate.
  • Recruitment agencies, who may use eArcu Limited, as discussed under ‘Processors’
  • Sterling Ltd, a background check provider, through which we may collect the following categories of data: name, address, date of birth, criminal records, financial/credit history, references/employment history and adverse media searches (from publicly accessible sources). Sterling Ltd is a global background screening provider who may utilise various third party providers as part of their global operations – these will be confirmed to candidates when signing up to the Sterling portal. No checks can take place without explicit candidate consent.
  • Credas Technologies Ltd, who we use to process right to work checks for UK based candidates

How we will use the information about you

We will use the personal information we collect about you to:

  • Assess your skills, qualifications, and suitability for the role.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

Legal justification for processing your data

It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint someone to that role. 

We also need to process your personal information to decide whether to enter into a contract of employment with you.

Kennedys will only rely on legitimate interests to process personal data where:

  • the processing is necessary for the purposes of those legitimate interests; and
  • those legitimate interests are not overridden by your interests or fundamental rights and freedoms.

Having received your CV and covering letter or your application form, we will process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will undertake background screening as part of our candidate onboarding procedures. This will vary by jurisdiction but may include taking up references, carrying out criminal record checks, credit checks, adverse media searches, verifying education and professional credentials, conducting regulatory status checks and verifying  your right to work status before confirming your appointment.

When you applied for this role, you may have also provided consent to us processing your personal information for the purposes of the recruitment exercise. You have the right to withdraw your consent for processing for that purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely.

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

How we use particularly sensitive personal information

  • We will use information about any disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting. These responses are submitted directly via eArcu and not accessible to the Kennedys Recruitment Team or hiring managers. This data is stored securely and is only used for monitoring and reporting purposes (which is done on an anonymous and aggregated basis).

Information about criminal convictions

We may process information about criminal convictions in certain jurisdictions as part of our background screening processes

We may collect information about your criminal convictions history if we would like to offer you the role (conditional on checks and any other conditions, such as references, being satisfactory). We may carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular:

  • We are legally required by the Solicitors Regulation Authority to carry out criminal record checks for all candidates being admitted as solicitors, compliance officers for legal practice, compliance officers for financial affairs and beneficial owners or managers.
  • The roles of barrister (in England and Wales), advocate (in Scotland) and solicitor are ones which are listed on the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (SI 1975/1023) so are eligible for a standard check from the Disclosure and Barring Service.

We may also collect this information to comply with regulatory requirements in non UK jurisdictions as appropriate.

We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

AUTOMATED DECISION-MAKING

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

TRANSFERS

We may transfer your personal data overseas.

The information systems of Kennedys Group are hosted on central servers located in the United Kingdom and Singapore. Any personal data that we store on our systems will be transferred to one of those locations.

Many of Kennedys Group’s information systems, including our HR systems, are accessible by Kennedys offices around the world. This means your personal data may be accessed by Kennedys’ personnel overseas.

When a candidate applies for a role in another country, we may need to transfer details about the candidate, including personal data, to a Kennedys office in that country.

For the purposes of the GDPR, the European Commission (EC) issues adequacy decisions on the data privacy laws of non-EU countries. The majority of countries to which Kennedys may transfer personal data are not covered by an EC adequacy decision. However, many of them do have local data privacy laws which are similar to the GDPR.

All Kennedys Group entities worldwide will treat your personal data in accordance with this Privacy Notice and their local data privacy law. All Kennedys’ offices outside the EU have entered into an agreement that requires them to treat all personal data transferred to them from Kennedys’ EU offices in accordance with the GDPR.

In addition, Kennedys adopts the following safeguards when transferring personal data overseas:

  • Kennedys will always make such transfers in accordance with the requirements of the data privacy laws of your home country;
  • Kennedys will require that any overseas third party to which it discloses your personal data to:

(a) only use that personal data for the purposes for which it was disclosed

(b) use all technical and organisational measures which are reasonable in the circumstances to secure that personal data

(c) delete that personal data when it is no longer required

(d) treat that personal data in accordance with this Privacy Notice and their local data privacy law.

  • Kennedys technology and control mechanisms are designed and monitored by Kennedys in the UK and are internally assessed for compliance against our Security Policy and ISO27001 standards by an IT Security Manager. A six-monthly assessment of the processes and controls is also carried out by external auditors, who provide certification against ISO27001.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

We will retain your personal information in line with the following retention periods:

  • Unsuccessful candidates’ application data for all vacancies will be retained on our applicant tracking system (eArcu) for 12 months from the date their recruitment process is concluded
  • Successful candidates’ application data will be retained on our applicant tracking system (eArcu) for 24 months from the date their recruitment process is concluded. This data will also form part of their personnel file and will usually be retained for 7 years’ after the end of the partnership, employment or contractor relationship in line with our standard HR retention periods for employees

We retain unsuccessful candidates’ personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.

If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.

YOUR RIGHTS

If you are located in the EU or the UK, under certain circumstances by law you have the right to:

  • Request accessto your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correctionof the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasureof your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processingof your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processingof your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transferof your personal information to another party.
  • Withdraw consent if we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.

For more information about these rights, visit the Information Commissioner’s Office website

To make a request pursuant to these rights, contact Kennedys’ Data Protection Officer for the United Kingdom/Europe (details below).

If you are not located in the EU or the UK, you may still have rights in relation to your personal data under your local data privacy law. Many countries provide data subjects with a right to seek access to any personal data we hold about you, and to request correction of that data if it is incorrect.  To make a request pursuant to these rights, contact Kennedys’ Data Protection Officer for your region (details below).

DATA PROTECTION OFFICER CONTACT DETAILS

If you have any questions about this Privacy Notice or about our personal data processing practices, or if you wish to exercise any of your rights as a data subject, you may contact Kennedys’ Data Protection Officer for your region at dataprotection@kennedyslaw.com or as follows:

United Kingdom & European Union

Asia-Pacific & Middle East

Andrew Coates
Regional Data Protection Officer
Kennedys
20 Fenchurch Street
London EC3M 3BY, United Kingdom
Telephone: +44 20 7667 9063
Email: andrew.coates@kennedyslaw.com

Nicholas Blackmore
Regional Data Protection Officer
Kennedys
Level 9, 360 Elizabeth Street
Melbourne VIC 3000, Australia
Telephone: +613 9498 6699
Email: nicholas.blackmore@kennedyslaw.com

 

North America

 

South America

Joshua A. Mooney
Regional Data Protection Officer
Kennedys
1600 Market Street, Suite 1410 Philadelphia, Pennsylvania 19103, USA
Telephone: +1 267 479 6706
Email: Joshua.Mooney@kennedyslaw.com

Javier Vijil
Regional Data Protection Officer
Kennedys
1395 Brickell Avenue, Suite 610
Miami, 33131
Telephone: +1 305 371 1111
Email: Javier.Vijil@kennedyslaw.com

LEAD SUPERVISORY AUTHORITY CONTACT DETAILS

If you have a complaint about our personal data processing practices, you should first contact Kennedys’ Data Protection Officer for your region. If you are not satisfied with our response, you have the right to lodge your complaint with the following supervisory authority:

United Kingdom (UK GDPR)

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: +44 (0) 303 123 1113
Email: casework@rco.org.uk
Website: https://ico.org.uk

European Union (GDPR)

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland
Telephone: +353 578 684 800
Website: https://www.dataprotection.ie/

If you are located outside the EU or the UK, you may also contact your local data protection authority. Kennedys’ Data Protection Officer for your region can provide contact details.