25th May 2018

Privacy Policy


This policy sets out how Contax Law (Registration No. 10115721) uses and protects any information that you provide when using our website or any of our products and services.

Contax Law is committed to protecting your personal information in accordance with the EU General Data Protection Regulation (GDPR).


  1. The Data Controller

1.1  As defined in Article 4(7) of the GDPR a ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.2  Contax Law is the data controller for any personal information you supply to us in relation to enquiries about our services, applications to roles that we post and when registering as a client or candidate. Our full postal address is: –

Contax Law Limited

33 Cannon Street



Telephone Number: 02038 650196

Email Address: info@contaxlaw.com

What we collect

1.3 Contax Law may collect your personal data from information that you provide us with. Typically, this may include your name, current and previous employers, and details of your work, skills and experiences, education and qualifications. In addition, we may collect your address, date of birth, contact details, and e-mail address.

1.4 We collect your information through our correspondence with you, through your applications on LinkedIn, or from publicly available information online.

1.5 When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

1.6 If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

1.7 If you leave a comment on our site we may save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


  1. What we may use your information for 

2.1 We require this information to understand to be able to place you to the most suitable position according to your background and experience. Alternatively, we require this information to provide you with the most suitable candidates for your openings. We may use your personal information to contact you. In particular for the following reasons:

  • To maintain our database of contacts;
  • to contact you via email, SMS or phone, about vacancies that we believe you may be interested in, and to send information you have asked us to provide, or which we think may be useful to you;
  • to assess your data against vacancies which we believe may be suitable, and to keep you updated about the recruitment process;
  • to send your information to clients for potential jobs or to assess suitability for the role. We will obtain at minimum verbal consent before presenting your personal data to a client;
  • to fulfil contractual obligations with our clients;
  • to disclose to third parties where we have retained them to provide services that we, you or our client have requested including references, qualifications and criminal references checking services (as required), or verification of the details you have provided from third party sources; and
  • to trusted third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants and mailing houses.

2.2 We carry out some profiling in order to evaluate your interests in a specific career opportunity. We will evaluate the information that you have provided us with about your previous work experience in order to assess whether you are suitable for an opportunity. Under Article 6(1)(b) of the GDPR this profiling is carried out with a lawful basis. It is necessary to our performance of a contract with you, so that we can successfully put you forward for suitable roles.


  1. Third parties

3.1 We may disclose your personal information to certain third parties to the extent that this is reasonably necessary to carry out our business, for example:

  • Dillistone [Dillistone Systems Limited] is the customer relationship management (CRM) software provider through which we manage our contacts and documents in a secure fashion. They never cache data on local devices and their servers are located in the U.S.A. They are accredited to the US/EU Privacy Shield;
  • Sonovate [Sonovate Limited] is our dedicated third party vetting, billing agent. All of their data is stored within Microsoft UK & European data centres;
  • Microsoft [Microsoft Corporation] is our dedicated mail house. Microsoft is committed to being GDPR compliant across all of their cloud services when enforcement begins on May 25. Their data storage services are located in UK data centres;
  • Verifile [Verifile Limited]; and
  • Dropbox [Dropbox UK Online Ltd] is our dedicated storage service. All files stored on Dropbox are encrypted and kept in secure storage servers, which are located in data centers across the United States.

3.2 As defined by Article 4(8), a ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3.3. Visitor comments may be checked through an automated spam detection service.


  1. Sending Information Out of the EEA

4.1 The personal and sensitive personal information you provide us with may be sent to clients and third parties located outside the European Economic Area (EEA).

4.2 When we transfer your personal information outside the EEA we will take reasonable steps with the aim of ensuring your privacy rights continue to be protected.


  1. How long do we keep your information for?

5.1  In line with GDPR paragraph (39), we retain personal data for no longer than is necessary. What is necessary will depend on the circumstances of each case. We will ask you to confirm that you are happy for us to continue to hold your personal data every two years.

5.2 If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

5.3 For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.


  1. How is your information kept secure?

6.1 Electronically gathered data is stored securely on encrypted computers and third-party systems such as FileFinder and Dropbox.

6.2 Paper copies of documents containing personal data are stored in a locked filing cabinet in the Contax Law office which is only able to be accessed by authorised members of staff.

6.3 In line with GDPR paragraph (85), in the case of a personal data breach, Contax Law will notify the supervisory authority and data subject of this without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless we are able to demonstrate that the breach is unlikely to result in a risk to your rights and freedoms.


  1. Your rights to your information

7.1 You have the right to access your personal data and supplementary individuals. You should be aware of and able to verify the lawfulness of the processing activities.

To request a copy of your personal data please contact our Data Protection Officer, Nick Robbins, by sending a letter to:

Nick Robbins

33 Cannon Street



Alternatively, email info@contaxlaw.com

7.2 You have the right to request that we rectify or amend personal data because it is inaccurate or incomplete. We will do this within thirty days of receipt of your request.

7.3  You can request that we delete or remove your personal data as there is no compelling reason for its continued processing.

7.4  You can request to restrict, block, or otherwise suppress the processing of personal data. We are permitted to store personal data if it has been restricted, but we cannot process it further. We must retain enough data to ensure the right to restriction is respected in the future.

7.5  You can request that we provide you with your data so that you can reuse it for your own purposes or across different services. If you request, we must provide it in an easily transferrable format and send it directly to another company.

To request the transfer of your personal data please contact our Data Protection Officer, Nick Robbins by sending a letter to:

Nick Robbins

33 Cannon Street



Alternatively, email info@contaxlaw.com

7.8 You may object to data processing based on legitimate interest, to direct marketing, including profiling, and to processing data for statistics.

For more information on your rights please visit the ICO website http://ico.org.uk