Your personal information is very important to us. We respect the information you share with us and in line with new data protection regulations, we have set out our policy on how we collect and manage that information.
The law in relation to data protection changed on the 25 May 2018 when the General Data Protection Regulation comes into force in the United Kingdom and across Europe.
We will publish any material changes to this policy in the future but we may need to ask you to agree to the changes or refresh your consent to us using your personal information.
Who we are and how you can contact us
Where we collect your personal information from
We may collect personal information about you in the following ways:
- data you give to us when you become a client of the firm and use our services, or when we work with you in connection with a particular service
- when you talk to us on the phone or in person
- when you use our website
- in emails or letters to us
Data we collect when you use our services
- payment and transaction data
- profile and usage data, including data we gather from the devices you use to connect to those services such as computers and mobile phones, and other internet tracking software.
Data from third parties we work with
- companies and individuals that introduce you to us
- public information sources, such as Companies House
- government and law enforcement agencies
Data we collect about you
We may collect, use, store and transfer many kinds of personal data about you which we have grouped together as follows:
- Identity data – name.
- Contact data – billing address, home address, email address or telephone numbers.
- Financial data – bank account details, via cheques (we do not have access to any payment card information).
- Transaction data – details about payments to and from you and other details of services you have purchased from us.
- Technical data – internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Usage data – information about how you use our website, products, and services.
- Open Data and Public Records – information about you that are in public records, such as Companies House or the Land Registry, and information that is openly available on the internet.
We may also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
How we use your personal information
Your privacy is protected by law.
We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. This includes when we share your information with third parties. The law says we must have one or more of the following legal bases:
To fulfil a contract we have with you; or when it is our legal duty; or when it is in our legitimate interest; or when you consent to it.
A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable.
We have set out in the table below the personal information which we may collect from you, how we may use it, and the legal basis (or bases) on which we rely when we use the personal information. If we are relying on our legitimate interests, we have set that out in the table below.
Failing to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
Who we share your personal information with
We may share your personal information with any of the following organisations, for the purposes of providing the services which you have requested from us:
- To our bankers to the extent necessary to comply with anti-money laundering and terrorist financing legislation.
- Third party organisations that provide applications/functionality, data processing or IT services to us. (For example, we use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. Process credit and debit card payments and refunds. These include providers of IT services, cloud-based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security, and storage services.)
You can find details of how these third parties use your personal information by looking at their privacy policies, all of which should be available on the relevant websites.
We request all organisations who we share your data with to respect the security of your personal data and to treat it in accordance with the law. We do not allow any of our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Third party links
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
Transferring your personal information outside the EEA
The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway.
We will never send your data outside the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
Transferring your personal information outside the EEA
How long do we keep your personal information
We will keep your personal information for as long as you are our client. After you stop being a client, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for one or more of the following reasons:
- to respond to any questions or complaints from you
- to maintain our records
- to comply with laws and rules applicable to us.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In respect of personal data which we receive and process in order to comply with our legal duties to prevent money laundering, accounting procedures with HMRC, and terrorist financing, we are required by law to retain such personal data for a period of seven years from the date upon which you cease to be our client.
Making a complaint
Please let us know if you are unhappy with how we have used your personal information by contacting us using the details set out in section 1 above. You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
You have certain rights which are set out in the law relating to your personal information. The most important rights are set out below.
Getting a copy of the information we hold
You can ask us for a copy of the personal information which we hold about you, by contacting us using the details set out in section 1 above. This is known as a data subject access request.
You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive, or excessive. In such circumstances we can charge a reasonable fee or refuse to comply with your request.
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month and, in that case, we will notify you and keep you updated.
Telling us if information we hold is incorrect
You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact us using the details set out in section 1 above if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.
Telling us if you want us to stop using your personal information
You have the right to object to our use of your personal information (known as the right to object); or ask us to delete the personal information (known as the right to erasure); or request the restriction of processing; or ask us to stop using it if there is no need for us to use it (known as the right to be forgotten).
There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights.
You can withdraw your consent to us using your personal information at any time. Please contact us using the details set out in section 1 above if you want to withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain products or services.
Where we rely on our legitimate interest
In cases where we are processing your personal data based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Request a transfer of data
You may ask us to transfer your personal information to a third party. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.