Stevens & Bolton LLP is committed to safeguarding the privacy of your data whilst providing a personalised and valuable service.
CONTENTS
IMPORTANT NOTICE
HOW TO CONTACT US
CATEGORIES OF PERSONAL DATA WE COLLECT
HOW AND WHY WE USE YOUR PERSONAL DATA
COMMUNICATIONS ABOUT ADDITIONAL SERVICES
WHO RECEIVES YOUR PERSONAL DATA
TRANSFERRING YOUR PERSONAL DATA OUT OF THE UK
HOW LONG YOUR DATA WILL BE KEPT
LINKS TO OTHER WEBSITES
COOKIES AND ANALYTICS
RECRUITMENT
YOUR RIGHTS
INTELLECTUAL PROPERTY RIGHTS
1. IMPORTANT NOTICE
1.1 This is the Privacy Notice of Stevens & Bolton LLP (company number OC306955) whose registered office is at Wey House, Farnham Road, Guildford,
Surrey GU1 4YD (“we”, “us” or “our”). It sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
1.2 This Privacy Notice relates to personal information that identifies “you” meaning individuals who browse our website and individuals outside our
organisation with whom we interact. If you are our client, or our employee, contractor or otherwise engaged in work for us or applying to work for us, a
separate privacy notice applies to you.
1.3 We refer to the information we collect about you in this Privacy Notice as “personal data” and 3 sets out further detail of what this includes.
1.4 Please read this Privacy Notice to understand how we may use your personal data.
1.5 This Privacy Notice may vary from time to time so please check it regularly. We last updated the notice on 14 November 2022.
2. HOW TO CONTACT US
2.1 Data controller and contact details
2.1.1 For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold
about you in accordance with this Privacy Notice.
2.1.2 If you need to contact us in connection with our processing of your personal data, then our contact details are:
Individuals in the UK or outside the EEA
Data Protection Officer, Stevens & Bolton LLP, Wey House, Farnham Road, Guildford, Surrey, GU1 4YD
DPO@stevens-bolton.com
Telephone: 01483 302264
Individuals in the EEA
Our EU Representative is Pembroke Privacy Ltd., 3-4 Upper Pembroke Street, Dublin 2, Ireland
EURep@pembrokeprivacy.com
3. CATEGORIES OF PERSONAL DATA WE COLLECT
3.1 The categories of personal data about you that we may collect are:
3.1.1 personal data you provide to us in person, via our website or by telephone, including your name, address, email address and telephone number and
any other contact details you supply when completing a form on our website;
3.1.2 your professional online presence, for example, your LinkedIn profile;
3.1.3 personal data you provide when you apply for a job advertised or submit a speculative job application and/or your CV;
3.1.4 via our information technology (IT) systems, e.g.:
(a) door entry systems and reception logs;
(b) automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control
systems, communications systems and email.
3.1.5 personal data gathered using cookies; and
3.1.6 details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data.
3.2 We may also create personal data about you, for example, if you contact us by telephone we may make a written record of key details of the
conversation.
3.3 In addition, we may obtain certain special categories of your data (“Special Categories of Data”). The Special Categories of Data are: (i) personal data
revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data,
biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual
orientation.
4. HOW AND WHY WE USE YOUR PERSONAL DATA
4.1 Under data protection law, we can only use your personal data if we have a legal ground for doing so, e.g.
4.1.1 for the performance of our contract with you or to take steps at your request before entering into a contract;
4.1.2 to comply with our legal and regulatory obligations;
4.1.3 for our legitimate interests or those of a third party; or
4.1.4 where you have given us your consent.
4.2 A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and
interests.
4.3 The table below explains what we use (process) your personal data for and our reasons for doing so:
| How do we use your personal data? | The legal ground |
|---|---|
| Marketing our goods and services and sending legal updates to you. | For our legitimate interests i.e. to offer a high level of service to our clients. |
| To provide legal services to you, to facilitate payments and to manage the client relationship. | To perform our engagement contract with you or to take steps at your request before entering into an engagement contract, for our legitimate interests i.e., to ensure a high level of service to our clients and to comply with our legal and regulatory obligations. |
| Processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator or to identify and verify the identity of our clients and their beneficial owners including performing anti-moneylaundering checks. | To comply with our legal and regulatory obligations. |
| Processing necessary to safeguard the health of those at our premises and to follow public health guidance. | For our legitimate interests to maintain a safe environment at our premises |
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies. | To comply with our legal and regulatory obligations. |
| For operational reasons, such as improving efficiency, training and quality control. | For our legitimate interests i.e. to be as efficient as we can so we can deliver the best service for you at the best value. |
| Statistical analysis to help us manage our practice, e.g. in relation to our financial performance, client base, work type or other efficiency measures. | For our legitimate interests i.e. to be as efficient as we can so we can deliver the best service at the best value. |
| External audits and quality checks, e.g. external auditors of both our client files and our client account. | For our legitimate interests i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards; and to comply with our legal and regulatory obligations. |
4.4 Where we process Special Category Data, we will only do so with your explicit consent, where we need the information for the establishment, exercise or
defence of legal claims on your behalf, where you volunteer the information to us unprompted, where necessary in the interests of public health, or
otherwise in accordance with Article 9 of the UK GDPR.
5. COMMUNICATIONS ABOUT ADDITIONAL SERVICES
5.1 We may use your personal data to send you updates by email or by post about legal developments that may be of interest to you and/or information
about our services, including new services, or invitations to events we believe may be of interest to you.
5.2 We will either seek your express consent to send such communications to you, or we will rely on our legitimate interests in promoting our business and
building our relationship with you.
5.3 We will always treat your personal data with the utmost care and never sell it to other organisations for marketing purposes.
5.4 You have the right to opt out of receiving unprompted communications at any time by:
5.4.1 using the ‘unsubscribe’ link in emails; or
5.4.2 by clicking here to access the unsubscribe page on our website.
5.5 We may ask you to confirm or update your preferences if you instruct us to provide further services in the future, or if there are changes in the law,
regulation, or the structure of our business.
6. WHO RECEIVES YOUR PERSONAL DATA
6.1.1 external auditors, e.g. in relation to auditors of our files and our accounts;
6.1.2 external service suppliers, representatives and agents that we use to make our business more efficient, e.g. our online payment provider (Legl), typing services, marketing agencies, document collation or analysis suppliers;
6.1.3 legal and regulatory authorities with whom we have a legal obligation to share your data, e.g. HMRC, or to report any potential or actual breach of
applicable law or regulation;
6.1.4 third parties, government bodies and agencies for public health reasons;
6.1.5 law enforcement agencies, courts or other relevant party, for the establishment, exercise or defence of legal rights;
6.1.6 third parties for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
6.1.7 third parties who are considering or have decided to buy some or all of our assets or shares (including in the event of a reorganisation, dissolution or
liquidation).
6.2 We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We
also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
7. TRANSFERRING YOUR PERSONAL DATA OUT OF THE UK
7.1 In order to deliver services to you, it is sometimes necessary for us to share your personal data outside the UK including outside the European Economic
Area e.g.:
7.1.1 with our service providers located outside the UK;
7.1.2 if you are based outside the UK;
7.1.3 where there is an international dimension to the matter in which we are advising you.
7.2 These transfers are subject to special rules under data protection law.
7.3 Countries outside the UK do not have the same data protection laws as the UK. We will, however, ensure the transfer complies with data protection law
for example:
7.3.1 by ensuring we put in place safeguards such as standard data protection contractual clauses or binding corporate rules;
7.3.2 on the basis of adequacy where the country has in place an adequate level of protection; or
7.3.3 where other derogations apply or we have consent.
8. HOW LONG YOUR DATA WILL BE KEPT
8.1 We will keep your personal data after we have finished advising you or responding to a query from you. We will keep records if required to do so by law.
8.2 We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of
data. If you would like to know the retention period for a specific type of data please contact our Data Protection Officer whose details can be found
above.
9. LINKS TO OTHER WEBSITES
This policy only applies to Stevens & Bolton LLP. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We are not responsible for any use of your personal data that is made by unconnected third party websites.
10. COOKIES AND ANALYTICS
10.1 What is a cookie?
10.1.1 Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent
back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a
website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu for a
video about cookies visit www.google.com/policies/technologies/cookies/
10.1.2 Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user
experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
10.1.3 You can find out further information about the types of cookies used on this website, as well as how you can enable or disable them, by clicking here.
11. RECRUITMENT
If you apply for a vacancy via this website, you will be directed to a separate privacy notice.
12. YOUR RIGHTS
12.1 Subject to applicable law including relevant data protection laws, you may have a number of rights in connection with the processing of your personal data, including:
12.1.1 the right to request access to your personal data that we process or control;
12.1.2 the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
12.1.3 the right to request, on legitimate grounds as specified in law:
(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;
12.1.4 the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
12.1.5 the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
12.1.6 the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
12.2 If you would like to exercise any of the rights set out above, please:
12.2.1 email or write to our Data Protection Officer;
12.2.2 let us have enough information to identify you, (e.g. your full name and any reference number used in communications with us); and
12.2.3 let us know what right you wish to exercise and the information to which your request relates.
13. INTELLECTUAL PROPERTY RIGHTS
13.1 All intellectual property rights in or arising from our website, including all copyright belong to Stevens & Bolton LLP, unless otherwise stated. All rights are reserved.
This privacy notice was last amended in November 2022.