Stevens & Bolton LLP is committed to safeguarding the privacy of your data whilst providing a personalised and valuable service.
1. IMPORTANT NOTICE
1.1 This is the Privacy Notice of Stevens & Bolton LLP (company number OC306955) whose registered office is at Wey House, Farnham Road, Guildford, Surrey GU1 4YD “we”, “us” or “our”). It sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
1.2 This Privacy Notice relates to personal information that identifies “you” meaning individuals who browse our website and individuals outside our organisation with whom we interact. If you are our client, or our employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you.
1.4 Please read this Privacy Notice to understand how we may use your personal data.
1.5 This Privacy Notice may vary from time to time so please check it regularly. We last updated the notice on 25 May 2018.
2. HOW TO CONTACT US
2.1 Data controller and contact details
2.1.1 For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice.
Data Protection Officer, Stevens & Bolton LLP, Wey House, Farnham Road, Guilford, Surrey, GU1 4YD;
Telephone: 01483 302264.
3. CATEGORIES OF PERSONAL DATA WE COLLECT
3.1 The categories of personal data about you that we may collect are:
3.1.1 personal data you provide to us in person, via our website or by telephone, including your name, address, email address and telephone number and any other contact details you supply when completing a form on our website;
3.1.2 your professional online presence, for example, your LinkedIn profile;
3.1.3 personal data you provide when apply for a job advertised or submit a speculative job application and/or your CV;
3.1.4 via our information technology (IT) systems, eg:
(a) door entry systems and reception logs;
(b) automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems and email.
3.1.5 personal data gathered using cookies; and
3.1.6 details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data.
3.2 We may also create personal data about you, for example, if you contact us by telephone we may make a written record of key details of the conversation.
3.3 In addition, we may obtain certain special categories of your data (“Special Categories of Data”). The Special Categories of Data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
4. HOW AND WHY WE USE YOUR PERSONAL DATA
4.1 Under data protection law, we can only use your personal data if we have a legal ground for doing so, e.g.
4.1.1 for the performance of our contract with you or to take steps at your request before entering into a contract;
4.1.2 to comply with our legal and regulatory obligations;
4.1.3 for our legitimate interests or those of a third party; or
4.1.4 where you have given us your consent.
4.2 A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
4.3 The table below explains what we use (process) your personal data for and our reasons for doing so:
|How do we use your personal data?||The legal ground|
|To provide legal services to you.||To perform our engagement contract with you or to take steps at your request before entering into an engagement contract.|
|Processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator.||To comply with our legal and regulatory obligations.|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.||To comply with our legal and regulatory obligations.|
|For operational reasons, such as improving efficiency, training and quality control.||For our legitimate interests i.e. to be as efficient as we can so we can deliver the best service for you at the best value.|
|Statistical analysis to help us manage our practice, e.g. in relation to our financial performance, client base, work type or other efficiency measures.||For our legitimate interests i.e. to be as efficient as we can so we can deliver the best service at the best value.|
|External audits and quality checks, eg external auditors of both our client files and our client account.||For our legitimate interests i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards; and to comply with our legal and regulatory obligations.|
4.4 The above table does not apply to Special Category Data, which we will only process either with your explicit consent, where we need the information for the establishment, exercise or defence of legal claims on your behalf, or where you volunteer the information to us unprompted.
5. COMMUNICATIONS ABOUT ADDITIONAL SERVICES
5.1 We may use your personal data to send you updates by email or by post about legal developments that may be of interest to you and/or information about our services, including new services, or invitations to events we believe may be of interest to you.
5.2 We will seek your express consent to send such communications to you.
5.3 We will always treat your personal data with the utmost care and never sell it to other organisations for marketing purposes.
5.4 You have the right to opt out of receiving umprompted communications at any time by:
5.4.1 using the ‘unsubscribe’ link in emails; or
5.4.2 by clicking here to access the unsubscribe page on Our website.
5.5 We may ask you to confirm or update your preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
6. WHO RECEIVES YOUR PERSONAL DATA
6.1 We may share your personal data with:
6.1.1 external auditors, eg in relation to auditors of our files and our accounts;
6.1.2 external service suppliers, representatives and agents that we use to make our business more efficient, eg typing services, marketing agencies, document collation or analysis suppliers;
6.1.3 legal and regulatory authorities with whom we have a legal obligation to share your data, e.g. HMRC, or to report any potential or actual breach of applicable law or regulation;
6.1.4 law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
6.1.5 third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
6.2 We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
7. TRANSFERRING YOUR PERSONAL DATA OUT OF THE EEA
7.1 In order to deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA), e.g.:
7.1.1 with our service providers located outside the EEA;
7.1.2 if you are based outside the EEA;
7.1.3 where there is an international dimension to the matter in which we are advising you.
7.2 These transfers are subject to special rules under European and UK data protection law.
7.3 Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law either:
7.3.1 by ensuring we put in place standard data protection contractual clauses between us and the recipient of your data; or
7.3.2 on the basis of an adequacy decision namely:
(a) the Privacy Shield for transfers of data to the US; or
(b) the European Commission has decided that the relevant non-EEA country has in place an adequate level of protection.
8. HOW LONG YOUR DATA WILL BE KEPT
8.2 We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data. If you would like to know the retention period for a specific type of data please contact our Data Protection Officer whose details can be found above.
10. COOKIES & ANALYTICS
10.1 What is a cookie?
10.2 Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu for a video about cookies visit https://www.google.com/policies/technologies/cookies/
10.3 Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
10.4 The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide.
10.5 A list of all the cookie types used on this website by category is set out below.
10.6 Strictly necessary cookies - these cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for cannot be provided.
10.7 Performance cookies - these cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
10.8 Google Analytics - these cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. For further details visit: http://www.google.com/analytics/learn/privacy.html
10.9 Removal of cookies - you may refuse to accept cookies by activating the setting on your internet browser which allows you to refuse the setting of cookies. For more information about cookies including how to set your internet browser to reject cookies please go to www.allaboutcookies.org
10.10 To opt out of Google Analytics visit http://tools.google.com/dlpage/gaoptout
If you apply for a vacancy via this website, you will be directed to a separate privacy notice.
12. YOUR RIGHTS
12.1 Subject to applicable law including relevant data protection laws, you may have a number of rights in connection with the processing of your personal data, including:
12.1.1 the right to request access to your personal data that we process or control;
12.1.2 the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
12.1.3 the right to request, on legitimate grounds as specified in law:
(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;
12.1.4 the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
12.1.5 the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
12.1.6 the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
12.2 If you would like to exercise any of the rights set out above, please:
12.2.1 email or write to our Data Protection Officer;
12.2.3 let us know what right you wish to exercise and the information to which your request relates.
13. INTELLECTUAL PROPERTY RIGHTS
13.1 All intellectual property rights in or arising from our website, including all copyright belong to Stevens & Bolton LLP, unless otherwise stated. All rights are reserved.
This privacy notice was last amended in May 2018.