PRIVACY POLICY

Summary

  • We keep to a minimum the information we hold about you
  • We use your data to provide our services to you, respond to your enquiries, manage our relationship with you, meet our legal obligations, and improve our website
  • We delete your data when it is no longer needed for these things
  • Generally, we do not give your information to third parties, but there are some exceptions
  • You have lots of privacy rights
  • We take security seriously
  • We do not use cookies on our website
  • We are happy to answer your questions about any of this

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

You have lots of rights in respect of our processing of your personal data. The relevant rights are:

  • get access to your personal data and information about our processing of it
  • in some circumstances, restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
  • object to our processing for strategy planning purposes

If you want to exercise any of these rights, please just contact us .

You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK’s Information Commissioner’s Office.

As a general principle, we will not transfer your personal data to third parties without your permission.There are three exceptions to this:

  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. We’ve never done this, but we want to keep this option open to us.
  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate.
  • As solicitors, we have professional duties, including to co-operate with the ICO, the Solicitors Regulation Authority, as well as to report suspicious transactions or money laundering. We will always try to minimise any sharing of your personal data.

We use practice management software called ActionStep which stores all of our data in Europe (using AWS) and uses best practice security systems to keep our (and your) data safe.

Clients

As our client, we will hold the following information about you:

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your matters or enquiries, including communications with you
  • Billing and payment information

References to the basis of processing (e.g. “(Basis: Art. 6(f).)”) are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Giving you legal advice

We use the information we hold about you and your business to give you the best legal advice we can.

We also use your information to bill you and keep track of payments that you make.

(Basis: Art. 6(b): this is necessary to deliver the service to you).

ID checks

We will have done an ID check on you before you become a client. If you do not instruct us for a while, we may need to do another ID check. We will do what we can to make this as painless as possible. If you would prefer not to provide these information, we will not be able to act for you.We retain identity verification information for as long as you are our client, and then five years.

(Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations).

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

We will keep your data for as long as you are our client plus seven years.

Prospective clients

If you contact us, we will hold the following information about you:

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your enquiries, including communications with you

References to the basis of processing (e.g. “(Basis: Art. 6(f).)”) are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Giving you legal advice

If you get in touch looking for legal advice, we will do some research to understand more about you and what you do. Usually, this means reading up on your products or services, how you position yourself in the market, what you display on your public facing websites and social media presence, and so on. This helps us work out how best we can help you, and if we’re really the right people for the job.(Basis: Art. 6(b): this is necessary to deliver the service to you.)

ID checks

The law requires that, in some situations, we must know who you are before we can give you legal advice. Stephenson Law’s approach to this is to check the identity of all clients. We will do what we can to make this as painless as possible. If you would prefer not to provide these information, we will not be able to act for you.Any personal data received from you for this purpose will be processed only for the purposes of preventing money laundering, unless we have your consent to process it for another purpose.

We retain identity verification information for as long as you are our client and then five years, or else five years from the point you decide you do not want to become a client.

(Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

Dealing with enquiries

If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.(Basis: Art. 6(b): we need to use your details to follow up with you. Art. 6(f): business planning is a legitimate thing for us to do, and keeps us relevant and hopefully more in tune with your needs.)

We will keep your data for as long as we are communicating with you plus 6 months.

Site Visitors

We generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access. Our website does not use cookies or other similar technologies.

References to the basis of processing (e.g. “(Basis: Art. 6(f).)”) are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Technical data

We use the logs from our servers to assist in our firm’s security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate thing for a business to do.)

We will keep your data for 6 months.