This Privacy Notice takes effect on 25 May 2018. It sets out the information summarised in the table of contents below:
- Who we are
- The categories of personal data we collect
- How that personal data is collected
- Our basis for processing your personal data and how we use that personal data
- Who we may share your data with
- Transfer and processing of your personal data outside the European Economic Area
- How long we will hold your personal data for
- Your rights
- Our communications, the Website and cookies
- Changes to this Privacy Notice
- How to contact us
1.1 Stapleton & Son, Solicitors (“Stapleton & Son”, “we” or "us") is a partnership which provides English law professional services in the UK to UK and overseas clients. The partners are James Alfred Buxton and Nicholas Peter Fluck.
1.2 We are:
(a) authorised and regulated by the Solicitors Regulation Authority under number 55746. Our office is at 1 Broad Street, Stamford, Lincolnshire PE9 1PD;
(b) responsible for the www.stapletons.com website (“Website”);
(c) for the purposes of the General Data Protection Regulation EU 2016/679 ("GDPR") and UK data protection, Nicholas Peter Fluck is the controller in respect of the processing described in this Privacy Notice; and
(d) registered with the UK Information Commissioner’s Office (Registration Number Z7880990).
2.1 We may collect the following categories of personal data about you:
(a) your name and contact information such as your home and / or business address, email address and telephone number;
(b) identity and biographical information including your nationality, date of birth, tax status, passport / national identity card details and country of domicile, your employment and employment history, job title and role, educational profile, interests and other information relevant to our provision of professional services;
(c) information in relation to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details and other information necessary for processing payments and for fraud prevention purposes;
(d) an understanding of your goals and objectives and other information provided to us in connection with our provision of professional services;
(e) information about our meetings with you, in particular at our offices; and / or
(f) limited usage data relating to your viewing and accessing of our email marketing materials, and your marketing preferences (see Section 9 (Our communications, the Website and cookies) below).
2.2 Our provision of professional services may also require us to process special category data (including data relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health and sexual life) and / or data relating to criminal convictions and offences (together “sensitive personal data”).
3.1 We may collect your personal data or you may provide it to us through various means including from information:
(a) you provide to us when you meet us;
(b) about you provided to us by your organisation, agents, advisers, intermediaries or custodians of your assets;
(c) provided to us by our clients;
(d) you communicate to us by telephone, post, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
(e) collected when you complete (or we complete on your behalf) client engagement formalities or register for an event;
(f) drawn from publicly available sources or from third parties, for example when we need to conduct background checks about you;
(g) collected via closed circuit television monitoring in our offices;
(h) collected when you view or access our email marketing materials (see section 9 (Our communications, the Website and cookies) below); and / or
(i) collected otherwise in the normal course of providing professional services.
4.1 How we use your personal data will depend on whether you are a client, a representative of a client, a business contact, someone whose personal data we necessarily process as part of our provision of professional services, or otherwise. We may process your personal data for the following purposes:
(a) providing a proposal to you or your organisation in relation to the professional services we offer and for client engagement purposes (including the carrying out of background checks);
(b) providing professional services to you and / or our clients (including legal research and advice, and associated advisory services);
(c) managing our relationship with you and / or our clients (including billing and financial management), for record-keeping purposes and more generally for the proper operation of Stapleton & Son;
(d) dealing with any complaints or feedback you may have;
(e) monitoring and improving the performance and effectiveness of our services, including by training our staff;
(f) any other purpose for which you provide us with your personal data;
(g) the purposes set out in Section 9 (Our communications, the Website and cookies) below;
(h) seeking advice on our rights and obligations, such as where we require our own legal advice, and to exercise and defend our legal rights;
(i) compliance with our legal and regulatory obligations, such as anti-money laundering laws (which may include the carrying out of background checks and retention of a record of such checks), data protection laws and tax reporting requirements, and / or to assist with investigations by police and / or other competent authorities (where such investigation complies with relevant law) and to comply with Court orders;
(j) safeguarding the security of our systems and communications; and / or
(k) for security purposes generally and to ensure the safety of our employees and visitors.
4.2 We may process your personal data for any of the purposes set out above where one (or more) of the following lawful processing grounds applies:
(a) the processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract with you;
(b) the processing is necessary for us to comply with our legal obligations;
(c) the processing is necessary for our legitimate interests (including the operation of Stapleton & Son, and the provisions of professional services) or those of any client or relevant third party, unless those legitimate interests are overridden by your interests or fundamental rights or freedoms; and / or
(d) you have consented to the processing in question.
4.3 Where we process sensitive personal data, other lawful processing grounds may apply, such as that the processing is necessary for the establishment, exercise or defence of legal claims (for example to protect and / or defend our property or rights, or those of our clients) or for reasons of substantial public interest; or where you have given us your explicit consent.
5.1 We may share your personal data with:
(a) your organisation;
(b) with our client in the particular matter;
(c) third parties we engage to assist in providing our professional services, such as lawyers (including barristers), other professional services firms, IT and other consultants, public relations advisers, translators and / or couriers;
(d) intermediaries to whom we introduce you;
(e) third party service providers who provide business services to us, such as shared service centres, and with providers of anti-money laundering services and background checks, for processing in accordance with our instructions;
(f) our own legal and professional services providers and insurers, where appropriate;
(g) third parties and their advisers in the event of the potential or actual sale or purchase of all or part of our business or assets (or any other business or assets), subject to appropriate obligations of confidentiality; and / or
(h) Courts and other authorities in connection with the enforcement or defence of legal rights and provision of our professional services.
6.1 Our provision of professional services may require us to transfer your personal data to countries outside the European Economic Area which may not provide the same level of data protection as within it.
6.2 We ensure that any such transfer meets the requirements of GDPR, for example because it is necessary for the provision of our professional services to you or for the establishment, exercise or defence of legal claims; or is otherwise subject to prescribed safeguards such as model clauses approved by the European Commission. More information is available from us upon request
7.1 We will retain your personal data for as long as is necessary to fulfil the purposes set out in this Privacy Notice.
7.2 In many cases this will mean that we shall retain your personal data for the same period as we retain your files or a copy of your files. Usually this will not be less than 6 years from the date that the relevant matter came to an end. In addition, we shall retain information obtained to meet our obligations under the anti-money laundering regulations for at least 5 years following the end of our business relationship with you.
7.3 Longer retention periods may be appropriate where, for example, specific legal or public interest archival reasons apply.
8.1 Under GDPR you have the right to:
(a) obtain access to, and copies of, the personal data we hold about you and information about how we process it;
(b) require us to correct any inaccuracies in the personal data we hold about you;
(c) require, in certain circumstances, erasure of your personal data;
(d) require us, in certain circumstances, to restrict our data processing activities;
(e) obtain from us the personal data you have provided to us in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
(f) object to our use of your personal data based on our legitimate interests, on grounds relating to your specific situation;
(g) withdraw your consent, where our use of your personal data is based on that consent; and
(h) complain to the Information Commissioner's Office, which can investigate compliance with data protection law and has enforcement powers, if you are not satisfied with how we are processing your personal data.
8.2 Please contact us in writing using the contact details below if you would like to action any of your rights above. You should note that these rights are not absolute, and we may be entitled (or required) to refuse requests where exceptions apply.
9.2 We use mailing list management / marketing software to manage how we contact you as set out above. This enables us to record and manage how we contact you, and to manage your preferences and bookings for our events. It also enables us (as set out in any such email) to review whether emails are opened or forwarded, and whether briefing links are clicked. This data helps us to ensure our mailing list remains up to date; it also provides us with some basic information about your interests and to personalise our communications with you.
We may update this Privacy Notice in line with changes to how we process personal data. We will publish any new version of the Privacy Notice on the Website and, where appropriate, will provide you with a copy.