This Policy may change from time to time and, if it does, the most up to date version will be available on our website and becomes effective immediately.
Who are we?
Stapletons Solicitors Limited is a limited liability company incorporated in England and Wales and is a ‘controller’ under the General Data Protection Regulation and the Data Protection Act 2018.
In the UK the supervisory authority for data protection is the Information Commissioner’s Office (ICO). We are registered with the Information Commissioner’s Office under registration number ZA298868.
Whose data do we hold?
We may hold data about the following people:
- Customers and clients
- Suppliers and service providers
- Advisers, consultants and other professional experts
- Complainants and enquirers
What data will we collect?
We will only collect information from you that is relevant to the matter that we are dealing with. In particular we may collect the following information from you which are defined as ‘personal data’:
- Personal details e.g. full name, correspondence address, date of birth etc
- Family, lifestyle and social circumstances
- Financial details
- Business activities of the person whose details we are processing
- Details of your interaction with us via telephone or in person e.g. notes from our conversations with you, details of any complaints or comments you make etc
- Copies of documents you provide to prove your age or identity where the law requires this (including your passport and driver’s licence). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
We may also collect information that is referred to as being in a ‘special category’. This could include:
- Physical or mental health detail
- Racial or ethnic origin
- Religious beliefs or other beliefs of a similar nature
- Criminal convictions
- Sexual orientation
What is a cookie?
A cookie, also known as a web cookie, or browser cookie, is a data file that is stored on your computer or mobile phone by a web browser, which can collect data such as what buttons have been clicked on, how much time has been spent on a web page, and other actions you may have carried out. Cookies also have the ability to remember actions and record preferences which allow certain pages to be served in a particular way.
Some examples of cookies come in the form of session cookies, which expire as soon as the user leaves the website. Other cookies, such as third party cookies, are set from different websites, like Google, and can be present on your device for months or up to a few years.
Specifically, we use
- Google Analytics cookies. These cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
- Atlas cookies. These cookies are used to collect information about the marketing activity and the sales driven from this activity. The information is used to compile reports and to help improve the site and marketing activity. The cookies collect information in an anonymous form, including the number of clicks to the site from marketing activity, where the clicks have come from and the number of sales.
Management of cookies
If you have decided that you don’t want cookies placed on your device, you can alter your web browser settings so that it alerts you when cookies are sent to it, or you can reject cookies altogether. You can also remove cookies that have already been placed.
However, if you wish to restrict or block web browser cookies which are placed on your computer or mobile device, then you can do this through your browser settings in the Help section, located in your browser menu. Here it will explain clearly what to do.
Most web browsers allow easy management of cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visitwww.allaboutcookies.org.
Website usage data
With or without cookies, our website keeps track of usage data, such as the source address that the page request is coming from (i.e. your IP address, domain name), date and time of the page request, the referring website (if any) and other parameters in the URL (e.g. search criteria). We use this data to better understand how our website is used. This information is stored in log files and is used for aggregated and statistical reporting but is not attributed to you as an individual.
Basis for processing
The basis on which we process your personal data is one or more of the following:
- It is necessary for the performance of our contract with you
- It is necessary for us to comply with a legal obligation
- It is in our legitimate interests to do so
- You have given your consent (this can be withdrawn at any time by advising our
Data Protection Officer)
How will we use your data?
Current data protection regulations require us to advise you that your particulars are held on our systems. We use the information you provide primarily for the provision of legal services to you and for related purposes including:
- Provision of legal services including advising and acting on behalf of clients
- Updating and enhancing client records
- Analysis to help us manage our practice
- Statutory returns
- Legal and regulatory compliance
- In case you require any further information from your file at a later date
- In order for us to check for any possible conflict when opening another matter
- Promotion of our goods and services
- Provision of education and training to customers and clients
- Maintaining accounts and records
- Supporting and managing staff
Our use of this information is subject to your instructions, current data protection regulations and our duty of confidentiality.
Who will we share your information with?
Under our Code of Conduct there are very strict rules about who we can share your information with and this will normally be limited to other people who will assist with your matter. This may include:
- Medical Experts
- Private investigators
- Expert witnesses
- Healthcare professionals, social and welfare organizations
- Courts and Tribunals
- Estate Agents
- Mortgage Advisors
- Banks and Building Societies
- Educators and examining bodies
- Trade associates and professional bodies
- Suppliers and service provides
- Ombudsman and regulatory authorities
- Financial organizations
- Debt collection and tracing agencies
- Central Government
Where you authorise us we may also disclose your information to your family, associates or representatives and we may also disclose your information to debt collection agencies if you do not pay our bills.
How long will we keep your information for?
- We will normally keep your information throughout the period of time that we do work for you and afterwards for a period of six years as we are required to do by law and also by the regulations that apply to us.
- In some cases (for example where we have prepared a Will for you) we may retain your information for a longer period and we will advise you of this at the time
- More information is set out in our Terms of Business which is available on request from our data protection officer.
Transfers to third countries
- We may from time to time transfer your personal data to a country outside of the European Economic Area (EEA).
- Normally this will be necessary for the performance of your contract with us or for the exercise or defense of legal claims on your behalf
- Sometimes we may transfer for other reasons and we will ensure that appropriate safeguards are in place at all times
- We have procedures in place to ensure that any transfers made will be in full compliance with all aspects of the Data Protection Act and treated as if it were being processed inside of the EEA.
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
- We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures
- Access to your personal data which is held electronically is password protected
- In the event of a personal data breach we have in place procedures to ensure that he effects of such a breach are minimised and shall liaise with the ICO and with you as appropriate.
- More information is available from the data protection officer
What rights do you have?
You have the following rights under the GDPR:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Rights concerning automated decision-making and profiling
Right to access
- You have a right to see the information we hold about you including where and how we store personal information
- To access this you need to provide a request in writing to our data protection officer, together with proof of identity
- We will usually process your request free of charge and within 30 days however we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex
Right to erasure
- You have a right to ask us to erase your personal data in certain cases (detail may be found in Article 17 of the GDPR)
- We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims
- To exercise your right to erasure please contact our data protection officer
Who can complain?
- If you are unhappy about how we are using your information or how we have responded to your request then initially you should contact the Data Protection Officer Sibel Kiazim of Stapletons Solicitors, 263 Green Lanes, Palmers Green, London, N13 4XE
- If your complaint remains unresolved then you can contact the Information Commissioner’s Office, details available at www.ico.org.uk.